Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 very unresponsive


  • This topic is locked This topic is locked
31 replies to this topic

#1 Eddie123

Eddie123

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 28 August 2010 - 12:06 PM

Hi.
I am at a total loss here.
My PC has suddenly gone SLOW

I have ran every anti virus and malware you can think of in safe mode.
Done a check disk
Defragged.

Stuck.

My problems are....
1. slow or hanging shut down or boot.
2. Windows Mail is very slow to respond on start up. ( hanging on signing in)
3. Internet slow. Using google chrome I get "resolving host" at bottom of page and takes a while to load
Internet Explorer just hangs and doesnt seem to want to load anything.

(no indication I have internet problem as I`m using this PC to send this)

4. Installing and Uninstalling programs takes forever and seem to hang
5. Went through the Windows 7 start up repair, but it found no problems.
6. Have Microsoft security essentials updating but the progress bar is hardly moving.
7. Microsoft Update behaving same as above.
8. If I do a Windows repair on the DVD it gives me 2 options. Online or not. If I go Online it will just hang like the options above.
9. Tried sfc /scannow and get Windows Resource Protection could not start the repair service.
I googled this and the service reuired is running.
10. ff to work now, but will run my scans again while I`m away.

Good one this isn`t it?

Hope someone can help.


Ian Edwards


PS
Just tried my scans
I`ve ran virus checkers in safe mode.
Norton Internet security found nothing.
Super Anti Spyware Found nothing.
Malware found nothing.
TDSSKiller found "I:\Windows\system32\Drivers\sptd.sys - quarantined


I have attached DDS.txt




----------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by Eddie at 17:16:18.46 on 28/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.2288 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

I:\Windows\system32\wininit.exe
I:\Windows\system32\lsm.exe
I:\Windows\system32\svchost.exe -k DcomLaunch
I:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
I:\Windows\system32\nvvsvc.exe
I:\Windows\system32\svchost.exe -k RPCSS
I:\Program Files\Microsoft Security Essentials\MsMpEng.exe
I:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
I:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
I:\Windows\system32\svchost.exe -k netsvcs
I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
I:\Windows\system32\svchost.exe -k LocalService
I:\Windows\system32\nvvsvc.exe
I:\Windows\system32\svchost.exe -k NetworkService
I:\Windows\System32\spoolsv.exe
I:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
I:\Windows\system32\svchost.exe -k apphost
I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\Windows\system32\svchost.exe -k bthsvcs
I:\Windows\system32\taskhost.exe
I:\Windows\system32\Dwm.exe
I:\Windows\Explorer.EXE
I:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
I:\Program Files (x86)\Google\Update\GoogleUpdate.exe
I:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
I:\Program Files (x86)\Google\Update\GoogleUpdate.exe
I:\Windows\vVX3000.exe
I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
I:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
I:\Program Files\Microsoft Security Essentials\msseces.exe
I:\Windows\SOUNDMAN.EXE
I:\Program Files\Windows Sidebar\sidebar.exe
I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
I:\Windows\runservice.exe
I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
I:\Program Files\Microsoft LifeCam\MSCamS64.exe
I:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
I:\Program Files\nHancer\nHancerService.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
I:\Program Files (x86)\SkyTicker\SkyTicker.exe
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
I:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
I:\Windows\SysWOW64\CtHelper.exe
I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
I:\Windows\system32\svchost.exe -k imgsvc
I:\Windows\system32\svchost.exe -k iissvcs
I:\Windows\System32\svchost.exe -k WerSvcGroup
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
I:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
I:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\Program Files (x86)\iTunes\iTunesHelper.exe
I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
I:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
I:\Windows\system32\SearchIndexer.exe
I:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
I:\Windows\system32\SearchProtocolHost.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
I:\Windows\system32\svchost.exe -k SDRSVC
I:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
I:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
I:\Windows\system32\conhost.exe
I:\Windows\servicing\TrustedInstaller.exe
I:\Windows\system32\taskeng.exe
I:\Program Files (x86)\Google\Update\GoogleUpdate.exe
I:\Windows\system32\taskeng.exe
I:\Users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Windows\system32\SearchFilterHost.exe
I:\Users\Eddie\Desktop\dds (1).scr
I:\Windows\system32\conhost.exe
I:\Windows\system32\conhost.exe
I:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - i:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - i:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - i:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - i:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - i:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - i:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - i:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - i:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - i:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] i:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [nHancer] "i:\program files\nhancer\nHancer.exe" /tray
uRun: [Steam] "i:\program files (x86)\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] i:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [LifeCam] "i:\program files (x86)\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "i:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [nmctxth] "i:\program files (x86)\common files\pure networks shared\platform\nmctxth.exe"
mRun: [amd_dc_opt] i:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NokiaMServer] i:\program files (x86)\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [TrueImageMonitor.exe] i:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Adobe Reader Speed Launcher] "i:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "i:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "i:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "i:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] i:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "i:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "i:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [DevconDefaultDB] i:\windows\system32\READREG /SILENT /FAIL=1
dRun: [Nokia.PCSync] i:\program files (x86)\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [SpybotSD TeaTimer] i:\program files (x86)\spybot - search & destroy\TeaTimer.exe
dRun: [SUPERAntiSpyware] i:\program files\superantispyware\SUPERAntiSpyware.exe
StartupFolder: i:\users\eddie\appdata\roaming\micros~1\windows\startm~1\programs\startup\skytic~1.lnk - i:\program files (x86)\skyticker\SkyTicker.exe
StartupFolder: i:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - i:\program files (x86)\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: i:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~2.lnk - i:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - i:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - i:\progra~2\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - i:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - i:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~2\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - i:\progra~2\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40416.7021296296
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - i:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - i:\program files (x86)\common files\pure networks shared\platform\puresp4.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - i:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [VX3000] i:\windows\vVX3000.exe
mRun-x64: [Linksys Wireless Manager] "i:\program files (x86)\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [Acronis Scheduler2 Service] "i:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [MSSE] "i:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun-x64: [SoundMan] SOUNDMAN.EXE
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - i:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "i:\program files (x86)\fiddler2\Fiddler.exe"

================= FIREFOX ===================

FF - ProfilePath - i:\users\eddie\appdata\roaming\mozilla\firefox\profiles\duar4z01.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - component: i:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: i:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: i:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: i:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: i:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: i:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: i:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: i:\users\eddie\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: i:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;i:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-5-26 433200]
R0 SymEFA;Symantec Extended File Attributes;i:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-5-26 221232]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);i:\windows\system32\drivers\tdrpm258.sys [2010-3-29 1477728]
R1 BHDrvx64;BHDrvx64;i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-10 945200]
R1 ccHP;Symantec Hash Provider;i:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-5-26 615040]
R1 IDSVia64;IDSVia64;i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100823.002\IDSviA64.sys [2010-8-25 463408]
R1 MpFilter;Microsoft Malware Protection Driver;i:\windows\system32\drivers\MpFilter.sys [2009-12-2 173984]
R1 SASDIFSV;SASDIFSV;i:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;i:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;i:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-5-26 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;i:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-5-26 451120]
R1 vwififlt;Virtual WiFi Filter Driver;i:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R3 afcdp;afcdp;i:\windows\system32\drivers\afcdp.sys [2010-3-29 251488]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-20 132656]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;i:\windows\system32\drivers\netr28x.sys [2009-6-10 620544]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;i:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;i:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S3 bthav;Bluetooth AV Profile;i:\windows\system32\drivers\bthav.sys [2008-7-10 40448]
S3 BthAvrcp;Bluetooth AVRCP Profile;i:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 btwl2cap;Bluetooth L2CAP Service;i:\windows\system32\drivers\btwl2cap.sys [2010-7-2 35104]
S3 MEMSWEEP2;MEMSWEEP2;i:\windows\system32\AEA3.tmp [2010-1-19 6144]
S3 MpNWMon;Microsoft Malware Protection Network Driver;i:\windows\system32\drivers\MpNWMon.sys [2009-12-2 40832]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;i:\windows\system32\drivers\netr7364.sys [2009-6-10 707072]
S3 nmwcdcx64;Nokia USB Generic;i:\windows\system32\drivers\ccdcmbox64.sys [2010-2-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent;i:\windows\system32\drivers\ccdcmbx64.sys [2010-2-26 19456]
S3 PRODIGY;PRODIGY;i:\windows\system32\drivers\prodigy.sys [2010-7-11 32377]
S3 RivaTuner64;RivaTuner64;i:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 USBAAPL64;Apple Mobile USB Driver;i:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-08-28 12:59:18 20 ----a-w- i:\users\eddie\defogger_reenable
2010-08-27 21:08:23 0 d-----w- i:\programdata\Yahoo! Companion
2010-08-27 18:45:12 0 d-----w- I:\sh4ldr
2010-08-27 18:45:12 0 d-----w- i:\program files (x86)\Enigma Software Group
2010-08-27 18:24:18 0 d-----w- i:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-26 23:51:10 0 d-----w- i:\program files (x86)\WindowsUpdate
2010-08-26 11:03:20 0 d-----w- I:\TDSSKiller_Quarantine
2010-08-26 10:33:44 0 d-----w- i:\programdata\PCPitstopDat
2010-08-26 10:27:26 0 d-----w- i:\program files (x86)\PCPitstop
2010-08-26 10:06:54 0 d-----w- i:\programdata\PCPitstop
2010-08-26 07:51:41 4958588 ----a-w- i:\windows\{00000001-00000000-00000006-00001102-00000004-20021102}.BAK
2010-08-19 22:33:49 0 d-----w- i:\users\eddie\DoctorWeb
2010-08-18 22:27:23 0 d-----w- i:\program files (x86)\Fiddler2
2010-08-17 20:10:59 0 d-----w- i:\windows\system32\%LocalAppData%
2010-08-17 19:17:29 0 d-sh--w- i:\users\eddie\%APPDATA%
2010-08-16 21:59:30 0 dc-h--w- i:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-16 21:50:55 0 d-----w- i:\programdata\!SASCORE
2010-08-16 21:50:54 0 d-----w- i:\program files\SUPERAntiSpyware
2010-08-16 21:45:07 0 d-----w- i:\program files (x86)\Spyware Doctor
2010-08-16 21:45:07 0 d-----w- i:\program files (x86)\common files\PC Tools
2010-08-16 21:39:01 0 d-----w- i:\programdata\Spybot - Search & Destroy
2010-08-16 21:39:01 0 d-----w- i:\program files (x86)\Spybot - Search & Destroy
2010-08-12 00:07:12 0 d-----w- i:\programdata\PC Suite
2010-08-12 00:06:52 0 d-----w- i:\program files (x86)\common files\PCSuite
2010-08-11 23:55:29 25600 ----a-w- i:\windows\system32\drivers\pccsmcfdx64.sys
2010-08-11 23:55:17 0 d-----w- i:\program files (x86)\PC Connectivity Solution
2010-08-11 09:32:27 463360 ----a-w- i:\windows\system32\drivers\srv.sys
2010-08-11 09:32:27 404992 ----a-w- i:\windows\system32\drivers\srv2.sys
2010-08-11 09:32:27 162304 ----a-w- i:\windows\system32\drivers\srvnet.sys
2010-08-11 09:32:25 340992 ----a-w- i:\windows\system32\schannel.dll
2010-08-11 09:32:25 224256 ----a-w- i:\windows\syswow64\schannel.dll
2010-08-11 09:32:04 1896832 ----a-w- i:\windows\system32\drivers\tcpip.sys
2010-08-11 09:32:03 5507968 ----a-w- i:\windows\system32\ntoskrnl.exe
2010-08-11 09:32:02 3955080 ----a-w- i:\windows\syswow64\ntkrnlpa.exe
2010-08-11 09:32:02 3899784 ----a-w- i:\windows\syswow64\ntoskrnl.exe
2010-08-11 00:34:03 65128 ----a-w- i:\windows\system32\OpenCL.dll
2010-08-11 00:34:03 56936 ----a-w- i:\windows\syswow64\OpenCL.dll
2010-08-11 00:34:03 13187176 ----a-w- i:\windows\system32\drivers\nvlddmkm.sys
2010-08-11 00:34:03 11240 ----a-w- i:\windows\system32\drivers\nvBridge.kmd
2010-08-11 00:34:01 5107816 ----a-w- i:\windows\syswow64\nvwgf2um.dll
2010-08-11 00:34:01 382568 ----a-w- i:\windows\system32\nvdecodemft.dll
2010-08-11 00:34:01 314984 ----a-w- i:\windows\syswow64\nvdecodemft.dll
2010-08-11 00:34:01 19114088 ----a-w- i:\windows\system32\nvoglv64.dll
2010-08-11 00:34:01 14092904 ----a-w- i:\windows\syswow64\nvoglv32.dll
2010-08-11 00:33:58 3089512 ----a-w- i:\windows\system32\nvcuvid.dll
2010-08-11 00:33:58 2892904 ----a-w- i:\windows\syswow64\nvcuvid.dll
2010-08-11 00:33:58 12471400 ----a-w- i:\windows\system32\nvd3dumx.dll
2010-08-11 00:33:56 2761832 ----a-w- i:\windows\system32\nvcuvenc.dll
2010-08-11 00:33:56 2506344 ----a-w- i:\windows\syswow64\nvcuvenc.dll
2010-08-11 00:33:55 6116968 ----a-w- i:\windows\system32\nvcuda.dll
2010-08-11 00:33:55 4553832 ----a-w- i:\windows\syswow64\nvcuda.dll
2010-08-11 00:33:55 10267240 ----a-w- i:\windows\syswow64\nvcompiler.dll
2010-08-11 00:33:53 260712 ----a-w- i:\windows\system32\nvcod1922.dll
2010-08-11 00:33:53 260712 ----a-w- i:\windows\system32\nvcod.dll
2010-08-11 00:33:53 1625192 ----a-w- i:\windows\syswow64\nvapi.dll
2010-08-11 00:33:53 14513768 ----a-w- i:\windows\system32\nvcompiler.dll
2010-08-10 04:15:58 94208 ----a-w- i:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- i:\windows\syswow64\QuickTime.qts
2010-08-04 20:05:23 12867584 ----a-w- i:\windows\syswow64\shell32.dll
2010-07-31 11:58:27 126976 ----a-w- i:\windows\lcmmfu.cpl
2010-07-31 11:58:26 1377 --sha-w- i:\windows\syswow64\mmf.sys
2010-07-31 11:58:23 48640 ----a-w- i:\windows\mmfs.dll
2010-07-31 11:58:23 2560 ----a-w- i:\windows\Runservice.exe
2010-07-31 11:45:51 0 d-----w- i:\program files (x86)\Battlefront

==================== Find3M ====================

2010-08-08 19:46:02 286720 ----a-w- i:\windows\iun506.exe
2010-07-29 06:30:34 82944 ----a-w- i:\windows\syswow64\iccvid.dll
2010-07-15 15:37:36 153376 ----a-w- i:\windows\syswow64\javaws.exe
2010-07-15 15:37:36 145184 ----a-w- i:\windows\syswow64\javaw.exe
2010-07-15 15:37:36 145184 ----a-w- i:\windows\syswow64\java.exe
2010-07-15 15:37:35 423656 ----a-w- i:\windows\syswow64\deployJava1.dll
2010-07-11 21:51:57 0 ---ha-w- i:\windows\system32\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2010-07-09 22:38:00 9818728 ----a-w- i:\windows\syswow64\nvd3dum.dll
2010-07-09 22:38:00 7002216 ----a-w- i:\windows\system32\nvwgf2umx.dll
2010-07-09 22:38:00 2037864 ----a-w- i:\windows\system32\nvapi64.dll
2010-07-09 17:09:41 0 ---ha-w- i:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-09 15:27:02 159336 ----a-w- i:\windows\system32\nvvsvc.exe
2010-07-09 15:27:02 1585256 ----a-w- i:\windows\system32\nvsvc64.dll
2010-07-09 15:27:02 15314024 ----a-w- i:\windows\system32\nvcpl.dll
2010-07-09 15:27:02 116328 ----a-w- i:\windows\system32\nvmctray.dll
2010-07-07 12:46:54 660072 ----a-w- i:\windows\system32\NVUNINST.EXE
2010-06-30 07:13:46 1192960 ----a-w- i:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- i:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- i:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- i:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- i:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- i:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- i:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- i:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- i:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- i:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- i:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- i:\windows\syswow64\msfeedssync.exe
2010-06-19 22:55:51 319488 ----a-w- i:\windows\HideWin.exe
2010-06-19 06:53:18 52224 ----a-w- i:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- i:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- i:\windows\system32\win32k.sys
2010-06-12 13:27:01 70630 ----a-w- i:\windows\War3Unin.dat
2010-06-12 13:26:13 2829 ----a-w- i:\windows\War3Unin.pif
2010-06-12 13:26:13 139264 ----a-w- i:\windows\War3Unin.exe
2010-06-08 06:02:06 1233920 ----a-w- i:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- i:\windows\system32\msxml3.dll
2010-06-07 23:58:00 3184744 ----a-w- i:\windows\system32\nvencodemft.dll
2010-06-07 23:58:00 2890856 ----a-w- i:\windows\syswow64\nvencodemft.dll
2010-06-07 23:58:00 255592 ----a-w- i:\windows\system32\nvcod1921.dll
2010-06-07 16:20:58 61032 ----a-w- i:\windows\system32\nvshext.dll
2010-06-03 11:25:53 278 ----a-w- I:\98c78b08fd97909.dat
2010-06-01 17:37:48 270208 ------w- i:\windows\system32\MpSigStub.exe
2009-07-14 05:37:38 31548 ----a-w- i:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- i:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- i:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- i:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- i:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- i:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- i:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- i:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- i:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- i:\windows\inf\perflib\0000\perfc.dat
2009-12-03 14:32:04 90 --sh--w- i:\windows\cnerolf.bin
2010-01-09 15:37:23 90 --sh--w- i:\windows\cnerolf.dat
2009-06-10 20:44:08 9633792 --sha-r- i:\windows\fonts\StaticCache.dat
2010-01-21 19:28:55 16384 --sha-w- i:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-26 16:33:12 16384 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-26 16:33:12 32768 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-26 16:33:12 16384 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 15:54:47 245760 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-14 11:44:43 32768 --sha-w- i:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011420100115\index.dat
2010-01-15 11:22:08 32768 --sha-w- i:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011520100116\index.dat
2009-07-14 01:39:53 398848 --sha-w- i:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- i:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:27:04.07 ===============


Tried Gamer and gor error on start up.....I:\Windows\system32\config\system: the system cannot find the file specified.

Hope this helps somebody.Attached File  Attach.txt   21.3KB   8 downloads

Does this mean anything also?

catchme - notepad


detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error


Eddie

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 28 August 2010 - 09:57 PM.

my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 04 September 2010 - 06:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 05 September 2010 - 04:46 AM

Hi.
Many thanks for your reply.
I have done the steps you have asked for.
GMER gave me an error....I:\Windows|system32\config\system: The system cannot find the file specified.

My other PC problems are....

1. Shut downs just hang on logging off.
2. Cant update on Microsoft update. page just hangs with no error messages. Have left it over night to no avail.
3. Internet runs but problems are when clicking the "E" icon for internet explorer. The browser opens, but there is quite a delay before a page opens.
4. When opening Microsoft Live mail the application starts, but again there is a considerable delay before the emails are downloaded.
5. My internet Icon on bottom right of screen has a "!" on it. Says it cant identify active network.

here is a ping

Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

I:\Users\Eddie>ping google.com

Pinging google.com [173.194.37.104] with 32 bytes of data:
Reply from 173.194.37.104: bytes=32 time=33ms TTL=57
Reply from 173.194.37.104: bytes=32 time=33ms TTL=57
Reply from 173.194.37.104: bytes=32 time=35ms TTL=57
Reply from 173.194.37.104: bytes=32 time=33ms TTL=57

Ping statistics for 173.194.37.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 35ms, Average = 33ms

I:\Users\Eddie>

Hope you can help

Eddie


DDS (Ver_10-03-17.01) - NTFSX64
Run by Eddie at 10:20:53.56 on 05/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4094.1532 [GMT 1:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

I:\Windows\system32\wininit.exe
I:\Windows\system32\lsm.exe
I:\Windows\system32\svchost.exe -k DcomLaunch
I:\Windows\system32\nvvsvc.exe
I:\Windows\system32\svchost.exe -k RPCSS
I:\Program Files\Microsoft Security Essentials\MsMpEng.exe
I:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
I:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
I:\Windows\system32\svchost.exe -k netsvcs
I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
I:\Windows\system32\svchost.exe -k LocalService
I:\Windows\system32\nvvsvc.exe
I:\Windows\system32\svchost.exe -k NetworkService
I:\Windows\System32\spoolsv.exe
I:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
I:\Windows\system32\taskhost.exe
I:\Windows\system32\svchost.exe -k apphost
I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\Windows\Explorer.EXE
I:\Windows\system32\svchost.exe -k bthsvcs
I:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
I:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
I:\Windows\system32\Dwm.exe
I:\Windows\runservice.exe
I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
I:\Program Files\Microsoft LifeCam\MSCamS64.exe
I:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
I:\Program Files\nHancer\nHancerService.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
I:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
I:\Windows\system32\svchost.exe -k imgsvc
I:\Windows\system32\svchost.exe -k iissvcs
I:\Windows\System32\svchost.exe -k WerSvcGroup
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
I:\Windows\system32\SearchIndexer.exe
I:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
I:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
I:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
I:\Windows\vVX3000.exe
I:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
I:\Program Files\Microsoft Security Essentials\msseces.exe
I:\Windows\SOUNDMAN.EXE
I:\Program Files\Windows Sidebar\sidebar.exe
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
I:\Program Files (x86)\SkyTicker\SkyTicker.exe
I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
I:\Windows\SysWOW64\CtHelper.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
I:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\Program Files (x86)\iTunes\iTunesHelper.exe
I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
I:\Windows\system32\Wat\WatAdminSvc.exe
I:\Windows\system32\svchost.exe -k SDRSVC
I:\Windows\servicing\TrustedInstaller.exe
I:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
I:\Windows\system32\vssvc.exe
I:\Windows\System32\svchost.exe -k swprv
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
I:\Windows\system32\wbem\wmiprvse.exe
I:\Windows\system32\SearchProtocolHost.exe
I:\Windows\system32\SearchFilterHost.exe
I:\Windows\system32\DllHost.exe
I:\Windows\system32\DllHost.exe
I:\Users\Eddie\Desktop\dds.scr
I:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - i:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - i:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - i:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - i:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - i:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - i:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - i:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - i:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] i:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [nHancer] "i:\program files\nhancer\nHancer.exe" /tray
uRun: [Steam] "i:\program files (x86)\steam\Steam.exe" -silent
mRun: [LifeCam] "i:\program files (x86)\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "i:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [nmctxth] "i:\program files (x86)\common files\pure networks shared\platform\nmctxth.exe"
mRun: [amd_dc_opt] i:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NokiaMServer] i:\program files (x86)\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [TrueImageMonitor.exe] i:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Adobe Reader Speed Launcher] "i:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "i:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "i:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "i:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] i:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "i:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "i:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [DevconDefaultDB] i:\windows\system32\READREG /SILENT /FAIL=1
dRun: [Nokia.PCSync] i:\program files (x86)\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [SpybotSD TeaTimer] i:\program files (x86)\spybot - search & destroy\TeaTimer.exe
dRun: [SUPERAntiSpyware] i:\program files\superantispyware\SUPERAntiSpyware.exe
StartupFolder: i:\users\eddie\appdata\roaming\micros~1\windows\startm~1\programs\startup\skytic~1.lnk - i:\program files (x86)\skyticker\SkyTicker.exe
StartupFolder: i:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - i:\program files (x86)\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: i:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~2.lnk - i:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - i:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - i:\progra~2\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - i:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - i:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~2\mif5ba~1\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40416.7021296296
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - i:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - i:\program files (x86)\common files\pure networks shared\platform\puresp4.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - i:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [VX3000] i:\windows\vVX3000.exe
mRun-x64: [Linksys Wireless Manager] "i:\program files (x86)\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [Acronis Scheduler2 Service] "i:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [MSSE] "i:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun-x64: [SoundMan] SOUNDMAN.EXE
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - i:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "i:\program files (x86)\fiddler2\Fiddler.exe"

================= FIREFOX ===================

FF - ProfilePath - i:\users\eddie\appdata\roaming\mozilla\firefox\profiles\duar4z01.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - component: i:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: i:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: i:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: i:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: i:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: i:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: i:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: i:\users\eddie\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: i:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
i:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
i:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
i:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;i:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-5-26 433200]
R0 SymEFA;Symantec Extended File Attributes;i:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-5-26 221232]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);i:\windows\system32\drivers\tdrpm258.sys [2010-3-29 1477728]
R1 BHDrvx64;BHDrvx64;i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-10 945200]
R1 ccHP;Symantec Hash Provider;i:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-5-26 615040]
R1 IDSVia64;IDSVia64;i:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100901.003\IDSviA64.sys [2010-9-3 463408]
R1 MpFilter;Microsoft Malware Protection Driver;i:\windows\system32\drivers\MpFilter.sys [2009-12-2 173984]
R1 SASDIFSV;SASDIFSV;i:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;i:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;i:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-5-26 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;i:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-5-26 451120]
R1 vwififlt;Virtual WiFi Filter Driver;i:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R3 afcdp;afcdp;i:\windows\system32\drivers\afcdp.sys [2010-3-29 251488]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-20 132656]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;i:\windows\system32\drivers\netr28x.sys [2009-6-10 620544]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;i:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;i:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S3 bthav;Bluetooth AV Profile;i:\windows\system32\drivers\bthav.sys [2008-7-10 40448]
S3 BthAvrcp;Bluetooth AVRCP Profile;i:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 btwl2cap;Bluetooth L2CAP Service;i:\windows\system32\drivers\btwl2cap.sys [2010-7-2 35104]
S3 MEMSWEEP2;MEMSWEEP2;i:\windows\system32\AEA3.tmp [2010-1-19 6144]
S3 MpNWMon;Microsoft Malware Protection Network Driver;i:\windows\system32\drivers\MpNWMon.sys [2009-12-2 40832]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;i:\windows\system32\drivers\netr7364.sys [2009-6-10 707072]
S3 nmwcdcx64;Nokia USB Generic;i:\windows\system32\drivers\ccdcmbox64.sys [2010-2-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent;i:\windows\system32\drivers\ccdcmbx64.sys [2010-2-26 19456]
S3 PRODIGY;PRODIGY;i:\windows\system32\drivers\prodigy.sys [2010-7-11 32377]
S3 RivaTuner64;RivaTuner64;i:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 USBAAPL64;Apple Mobile USB Driver;i:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-09-02 15:04:54 0 d-----w- i:\program files (x86)\ESET
2010-08-29 11:59:28 0 d-sh--w- i:\windows\syswow64\%APPDATA%
2010-08-28 12:59:18 20 ----a-w- i:\users\eddie\defogger_reenable
2010-08-27 21:08:23 0 d-----w- i:\programdata\Yahoo! Companion
2010-08-27 18:45:12 0 d-----w- i:\program files (x86)\Enigma Software Group
2010-08-27 18:24:18 0 d-----w- i:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-26 23:51:10 0 d-----w- i:\program files (x86)\WindowsUpdate
2010-08-26 11:03:20 0 d-----w- I:\TDSSKiller_Quarantine
2010-08-26 10:33:44 0 d-----w- i:\programdata\PCPitstopDat
2010-08-26 10:27:26 0 d-----w- i:\program files (x86)\PCPitstop
2010-08-26 10:06:54 0 d-----w- i:\programdata\PCPitstop
2010-08-26 07:51:41 4958588 ----a-w- i:\windows\{00000001-00000000-00000006-00001102-00000004-20021102}.BAK
2010-08-19 22:33:49 0 d-----w- i:\users\eddie\DoctorWeb
2010-08-18 22:27:23 0 d-----w- i:\program files (x86)\Fiddler2
2010-08-17 20:10:59 0 d-----w- i:\windows\system32\%LocalAppData%
2010-08-17 19:17:29 0 d-sh--w- i:\users\eddie\%APPDATA%
2010-08-16 21:59:30 0 dc-h--w- i:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-16 21:50:55 0 d-----w- i:\programdata\!SASCORE
2010-08-16 21:50:54 0 d-----w- i:\program files\SUPERAntiSpyware
2010-08-16 21:45:07 0 d-----w- i:\program files (x86)\Spyware Doctor
2010-08-16 21:45:07 0 d-----w- i:\program files (x86)\common files\PC Tools
2010-08-16 21:39:01 0 d-----w- i:\programdata\Spybot - Search & Destroy
2010-08-16 21:39:01 0 d-----w- i:\program files (x86)\Spybot - Search & Destroy
2010-08-12 00:07:12 0 d-----w- i:\programdata\PC Suite
2010-08-12 00:06:52 0 d-----w- i:\program files (x86)\common files\PCSuite
2010-08-11 23:55:29 25600 ----a-w- i:\windows\system32\drivers\pccsmcfdx64.sys
2010-08-11 23:55:17 0 d-----w- i:\program files (x86)\PC Connectivity Solution
2010-08-11 09:32:27 463360 ----a-w- i:\windows\system32\drivers\srv.sys
2010-08-11 09:32:27 404992 ----a-w- i:\windows\system32\drivers\srv2.sys
2010-08-11 09:32:27 162304 ----a-w- i:\windows\system32\drivers\srvnet.sys
2010-08-11 09:32:25 340992 ----a-w- i:\windows\system32\schannel.dll
2010-08-11 09:32:25 224256 ----a-w- i:\windows\syswow64\schannel.dll
2010-08-11 09:32:04 1896832 ----a-w- i:\windows\system32\drivers\tcpip.sys
2010-08-11 09:32:03 5507968 ----a-w- i:\windows\system32\ntoskrnl.exe
2010-08-11 09:32:02 3955080 ----a-w- i:\windows\syswow64\ntkrnlpa.exe
2010-08-11 09:32:02 3899784 ----a-w- i:\windows\syswow64\ntoskrnl.exe
2010-08-11 00:34:03 65128 ----a-w- i:\windows\system32\OpenCL.dll
2010-08-11 00:34:03 56936 ----a-w- i:\windows\syswow64\OpenCL.dll
2010-08-11 00:34:03 13187176 ----a-w- i:\windows\system32\drivers\nvlddmkm.sys
2010-08-11 00:34:03 11240 ----a-w- i:\windows\system32\drivers\nvBridge.kmd
2010-08-11 00:34:01 5107816 ----a-w- i:\windows\syswow64\nvwgf2um.dll
2010-08-11 00:34:01 382568 ----a-w- i:\windows\system32\nvdecodemft.dll
2010-08-11 00:34:01 314984 ----a-w- i:\windows\syswow64\nvdecodemft.dll
2010-08-11 00:34:01 19114088 ----a-w- i:\windows\system32\nvoglv64.dll
2010-08-11 00:34:01 14092904 ----a-w- i:\windows\syswow64\nvoglv32.dll
2010-08-11 00:33:58 3089512 ----a-w- i:\windows\system32\nvcuvid.dll
2010-08-11 00:33:58 2892904 ----a-w- i:\windows\syswow64\nvcuvid.dll
2010-08-11 00:33:58 12471400 ----a-w- i:\windows\system32\nvd3dumx.dll
2010-08-11 00:33:56 2761832 ----a-w- i:\windows\system32\nvcuvenc.dll
2010-08-11 00:33:56 2506344 ----a-w- i:\windows\syswow64\nvcuvenc.dll
2010-08-11 00:33:55 6116968 ----a-w- i:\windows\system32\nvcuda.dll
2010-08-11 00:33:55 4553832 ----a-w- i:\windows\syswow64\nvcuda.dll
2010-08-11 00:33:55 10267240 ----a-w- i:\windows\syswow64\nvcompiler.dll
2010-08-11 00:33:53 260712 ----a-w- i:\windows\system32\nvcod1922.dll
2010-08-11 00:33:53 260712 ----a-w- i:\windows\system32\nvcod.dll
2010-08-11 00:33:53 1625192 ----a-w- i:\windows\syswow64\nvapi.dll
2010-08-11 00:33:53 14513768 ----a-w- i:\windows\system32\nvcompiler.dll
2010-08-10 04:15:58 94208 ----a-w- i:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- i:\windows\syswow64\QuickTime.qts

==================== Find3M ====================

2010-08-08 19:46:02 286720 ----a-w- i:\windows\iun506.exe
2010-07-31 11:58:23 48640 ----a-w- i:\windows\mmfs.dll
2010-07-31 11:58:23 2560 ----a-w- i:\windows\Runservice.exe
2010-07-29 06:30:34 82944 ----a-w- i:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- i:\windows\syswow64\shell32.dll
2010-07-15 15:37:36 153376 ----a-w- i:\windows\syswow64\javaws.exe
2010-07-15 15:37:36 145184 ----a-w- i:\windows\syswow64\javaw.exe
2010-07-15 15:37:36 145184 ----a-w- i:\windows\syswow64\java.exe
2010-07-15 15:37:35 423656 ----a-w- i:\windows\syswow64\deployJava1.dll
2010-07-11 21:51:57 0 ---ha-w- i:\windows\system32\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2010-07-09 22:38:00 9818728 ----a-w- i:\windows\syswow64\nvd3dum.dll
2010-07-09 22:38:00 7002216 ----a-w- i:\windows\system32\nvwgf2umx.dll
2010-07-09 22:38:00 2037864 ----a-w- i:\windows\system32\nvapi64.dll
2010-07-09 17:09:41 0 ---ha-w- i:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-09 15:27:02 159336 ----a-w- i:\windows\system32\nvvsvc.exe
2010-07-09 15:27:02 1585256 ----a-w- i:\windows\system32\nvsvc64.dll
2010-07-09 15:27:02 15314024 ----a-w- i:\windows\system32\nvcpl.dll
2010-07-09 15:27:02 116328 ----a-w- i:\windows\system32\nvmctray.dll
2010-07-07 12:46:54 660072 ----a-w- i:\windows\system32\NVUNINST.EXE
2010-06-30 07:13:46 1192960 ----a-w- i:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- i:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- i:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- i:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- i:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- i:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- i:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- i:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- i:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- i:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- i:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- i:\windows\syswow64\msfeedssync.exe
2010-06-19 22:55:51 319488 ----a-w- i:\windows\HideWin.exe
2010-06-19 06:53:18 52224 ----a-w- i:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- i:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- i:\windows\system32\win32k.sys
2010-06-12 13:27:01 70630 ----a-w- i:\windows\War3Unin.dat
2010-06-12 13:26:13 2829 ----a-w- i:\windows\War3Unin.pif
2010-06-12 13:26:13 139264 ----a-w- i:\windows\War3Unin.exe
2010-06-08 06:02:06 1233920 ----a-w- i:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- i:\windows\system32\msxml3.dll
2010-06-07 23:58:00 3184744 ----a-w- i:\windows\system32\nvencodemft.dll
2010-06-07 23:58:00 2890856 ----a-w- i:\windows\syswow64\nvencodemft.dll
2010-06-07 23:58:00 255592 ----a-w- i:\windows\system32\nvcod1921.dll
2010-06-07 16:20:58 61032 ----a-w- i:\windows\system32\nvshext.dll
2009-07-14 05:37:38 31548 ----a-w- i:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- i:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- i:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- i:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- i:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- i:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- i:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- i:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- i:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- i:\windows\inf\perflib\0000\perfc.dat
2009-12-03 14:32:04 90 --sh--w- i:\windows\cnerolf.bin
2010-01-09 15:37:23 90 --sh--w- i:\windows\cnerolf.dat
2009-06-10 20:44:08 9633792 --sha-r- i:\windows\fonts\StaticCache.dat
2010-01-21 19:28:55 16384 --sha-w- i:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-26 16:33:12 16384 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-26 16:33:12 32768 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-26 16:33:12 16384 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 15:54:47 245760 --sha-w- i:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-14 11:44:43 32768 --sha-w- i:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011420100115\index.dat
2010-01-15 11:22:08 32768 --sha-w- i:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011520100116\index.dat
2009-07-14 01:39:53 398848 --sha-w- i:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- i:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:21:46.96 ===============

Attached Files


Edited by Eddie123, 05 September 2010 - 05:07 AM.

my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 05 September 2010 - 08:02 AM

Hello Eddie123,

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 05 September 2010 - 12:35 PM

Hi mate.
Thank you for your reply.

Eddie
my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#6 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 06 September 2010 - 04:54 PM

Got this today.
Does this help.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Logical Drives Mask: 0x000017fd

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000064`56f05400 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000001f`ff588800 (NTFS)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00008800 (NTFS)
\\.\M: --> \\.\PhysicalDrive2 at offset 0x000000b6`dee78200 (NTFS)

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive3 Unknown MBR code
SHA1: 1D0AF8EBFEAC1AA1E63D68E5F81D92DBAD014A81
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
152 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Also

Had a message to say my edition of windows may not be genuine.
I have to download a file for Windows Activation update.
It downloaded ok but stalls on installing.


Eddie
my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 08 September 2010 - 09:17 AM

Hello Eddie123,

Please do not install any programs or run any tools except those that are asked for until we are finished.

Step 1.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy
Step 2.

I notice that you do not have any System Restore Points. Did you delete them intentionally? I need you to create a new restore point.
  • To configure System Restore.
  • Right click on My Computer or Computer and select Properties.
  • In the left hand side of the properties window, click on the link System protection.
  • This will open the System Protection Tab
  • In the System Protection Tab make sure System Protection is turned on for the disk Win 7 is installed on.
  • If Protection is turned off, click on Configure
  • Under Restore Settings tick the button next to what you would like to be able to restore
  • Make sure that the button next to Turn off system protection is not ticked
  • Back at the bottom of the System Protection tab click the Create button to create a new system restore point
Here is a tutorial with images.

Step 3.

I notice that you have two antivirus programs installed. Microsoft Security Essentials and Norton Internet Security.
You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

I suggest you uninstall one of the antivirus programs via Add/Remove Programs.

Step 4.

I see you have CCleaner installed. This is an excellent program but includes a registry cleaner utility.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Please do not use the Registry Cleaner option in CCleaner.

More information about registry cleaners can be found at Miekiemoes Blog

Step 5.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    /md5start
    sptd.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
Step 6.

I need to take a closer look at your MBR (Master Boot Record):
  • Please download mbr.exe and save it to C:\windows <- (Important!).
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    CODE
    @ECHO OFF
    CD "%~DP0"
    MBR -c 0 1 backup_mbr.zip
    DEL %0

  • Save this as mbrlook.bat. Choose to "Save type as - All Files" and save it to your Desktop.
    It should look like this:
  • Double click the mbrlook.bat to run it.
  • A file named mbr.zip will be created on your desktop. Please attach that to your next reply.
Step 8.

We Need to Diagnose a Possible Problem with WGA
  1. Please download MGADiag and save it to your desktop.
  2. Double click the icon on your desktop.
  3. Push
  4. Push
  5. Go to Start -> Run and type in "Notepad"
  6. Go to Edit -> Paste in notepad.
  7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  8. Copy and paste that log here.
QUOTE
TDSSKiller found "I:\Windows\system32\Drivers\sptd.sys - quarantined

I would like to see the reports from TDSSKiller.

If the TDSSKiller report is not on your desktop it can also be found in your root directory, (In your case it should be in the I:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Next navigate to I:\TDSSKiller_Quarantine

Please copy and paste the contents of those files here.

In your next reply let me know about System Restore and include the following:

OTL.txt <-- Will be opened
Extra.txt<--Will be minimized
mbr.zip
MGADiag Report
TDSSKiller.[Version]_[Date]_[Time]_log.txt
TDSSKiller_Quarantine

PW

#8 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 08 September 2010 - 06:14 PM

Hi Many thanks for getting back to me.
I`m working my way down the list.

1. I`ve tried to uninstall Microsoft Security essentials, but it was just hanging. So I went to Microsoft help page, and it shows the Reg key to delete to remove it.
I have done that and the prog is no longer in Add / remove progs, or starts up.

2. Have done what you asked for spybot.

3. Couldnt create a restore point. It is now turned on for the windows 7 drive. Have included a screeny of the desktop.

4.

OTL logfile created on: 9/8/2010 11:24:51 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = I:\Users\Eddie\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 186.31 Gb Total Space | 76.92 Gb Free Space | 41.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 330.12 Gb Total Space | 284.83 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive G: | 127.99 Gb Total Space | 79.82 Gb Free Space | 62.37% Space Free | Partition Type: NTFS
Drive H: | 104.89 Gb Total Space | 53.53 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
Drive I: | 401.36 Gb Total Space | 240.39 Gb Free Space | 59.89% Space Free | Partition Type: NTFS
Drive K: | 152.66 Gb Total Space | 42.45 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive M: | 200.03 Gb Total Space | 195.93 Gb Free Space | 97.95% Space Free | Partition Type: NTFS

Computer Name: EDDIE-PC
Current User Name: Eddie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/31 12:58:23 | 000,002,560 | ---- | M] () -- I:\Windows\Runservice.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 01:47:48 | 001,531,904 | ---- | M] (Nokia) -- I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/03/29 00:49:15 | 002,480,048 | ---- | M] (Acronis) -- I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/17 16:41:00 | 000,673,096 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/03/16 19:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/02/24 16:54:00 | 002,721,120 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/11/09 04:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/31 03:49:40 | 000,361,568 | ---- | M] (Acronis) -- I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/10/31 03:48:52 | 005,106,808 | ---- | M] (Acronis) -- I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/06/30 22:24:46 | 000,762,224 | ---- | M] (Microsoft Corporation) -- I:\Windows\vVX3000.exe
PRC - [2009/04/14 15:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- I:\Windows\SOUNDMAN.EXE
PRC - [2009/04/03 18:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2009/02/14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- I:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/07/24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/04/09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- I:\Windows\SysWOW64\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- I:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- I:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/02 17:44:30 | 000,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- I:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/25 12:40:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/26 15:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- I:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 15:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- I:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/17 17:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- I:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- I:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/14 02:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- I:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV:64bit: - [2007/03/11 14:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- I:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2010/09/07 01:18:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/31 12:58:23 | 000,002,560 | ---- | M] () [Auto | Running] -- I:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- I:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/12 10:45:36 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/29 00:49:15 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/26 03:17:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/26 02:55:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/01/04 15:08:46 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- I:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/12/11 14:32:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/31 03:50:50 | 000,894,080 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/02/14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- I:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- I:\Windows\SysNative\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\618F.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/05/06 05:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/06 05:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 06:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 04:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 03:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 03:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/08 12:47:44 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/04/07 10:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/29 00:49:17 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- I:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/03/29 00:49:14 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/03/29 00:49:09 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/03/29 00:49:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/03/23 17:39:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/07 21:15:45 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/26 01:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/02 19:33:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- I:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/15 04:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/28 21:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 22:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/19 11:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 10:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/19 03:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009/06/17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- I:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/10 18:20:40 | 000,040,448 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\bthav.sys -- (bthav)
DRV:64bit: - [2008/01/19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007/04/12 09:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/04/10 07:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/04/10 05:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007/04/10 05:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007/04/10 05:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007/04/10 05:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/04/10 05:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/04/10 05:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/04/10 05:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/04/10 05:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/04/10 05:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 05:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 05:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 05:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 05:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 05:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/04/10 05:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 05:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/04/10 05:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/04/10 05:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2006/08/29 15:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\prodigy.sys -- (PRODIGY)
DRV:64bit: - [2005/07/26 08:07:48 | 000,599,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\nvapu64.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV:64bit: - [2005/07/26 08:07:40 | 000,090,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\nvax64.sys -- (nvax) Service for NVIDIA® nForce™
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/08/10 02:11:04 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/07/14 14:10:21 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100908.002\EX64.SYS -- (NAVEX15)
DRV - [2010/07/14 14:10:20 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100908.002\ENG64.SYS -- (NAVENG)
DRV - [2010/05/28 20:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100901.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 04:23:56 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 04:23:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- I:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/03/20 12:26:27 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- I:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/06/01 11:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/03/07 21:15:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: I:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/12 00:33:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: I:\Program Files (x86)\Mozilla Firefox\components [2010/08/17 23:36:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: I:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/27 18:57:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: I:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/12 00:33:23 | 000,000,000 | ---D | M]

[2010/08/17 23:38:12 | 000,000,000 | ---D | M] -- I:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2010/08/17 23:38:12 | 000,000,000 | ---D | M] -- I:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\duar4z01.default\extensions
[2010/08/17 23:36:42 | 000,000,000 | ---D | M] -- I:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/27 19:45:29 | 000,000,824 | ---- | M]) - I:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] I:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4:64bit: - HKLM..\Run: [SoundMan] I:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX3000] I:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] I:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] I:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] I:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AsioThk32Reg] I:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] I:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] I:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] I:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NokiaMServer] I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PWRISOVM.EXE] I:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] I:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] I:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKU\.DEFAULT..\Run: [SpybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] I:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] I:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKU\S-1-5-18..\Run: [SpybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-18..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2527311835-514280460-1218292114-1001..\Run: [nHancer] I:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKU\S-1-5-21-2527311835-514280460-1218292114-1001..\Run: [Steam] I:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] I:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] I:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: I:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyTicker.lnk = I:\Program Files (x86)\SkyTicker\SkyTicker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @I:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @I:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - I:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - I:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @I:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @I:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...0416.7021296296 (Update Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - I:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - I:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/24 23:45:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/27 19:45:29 | 000,000,000 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bddc9c4e-df71-11de-86f7-00e098fdb45f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 23:19:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
[2010/09/08 22:54:13 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2010/09/08 02:11:59 | 000,447,792 | ---- | C] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\FixitCenter_Run.exe
[2010/09/07 10:16:54 | 000,000,000 | ---D | C] -- I:\d6fb42867908c61b325ed1151e325d
[2010/09/07 09:35:43 | 000,018,816 | ---- | C] (Sophos Plc) -- I:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/09/07 03:17:14 | 000,000,000 | ---D | C] -- I:\394f6ee7909ac5329f51
[2010/09/06 23:26:01 | 000,000,000 | ---D | C] -- I:\7fdf1eca57fff0464beb5801a7b23005
[2010/09/06 23:06:12 | 000,000,000 | ---D | C] -- I:\dc6bc477495eb64319f8d09698
[2010/09/06 22:58:11 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- I:\Users\Eddie\Desktop\RegCureSetup_CB.exe
[2010/09/06 22:02:48 | 000,000,000 | ---D | C] -- I:\9d053d0e50d805ef484a69a3d086
[2010/09/06 22:01:28 | 000,159,144 | ---- | C] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\WindowsActivationUpdate.exe
[2010/09/02 16:04:54 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\ESET
[2010/08/29 12:59:28 | 000,000,000 | -HSD | C] -- I:\Windows\SysWow64\%APPDATA%
[2010/08/27 22:08:23 | 000,000,000 | ---D | C] -- I:\ProgramData\Yahoo! Companion
[2010/08/27 19:45:12 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Enigma Software Group
[2010/08/27 19:24:18 | 000,000,000 | ---D | C] -- I:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010/08/27 00:51:10 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WindowsUpdate
[2010/08/27 00:24:08 | 000,000,000 | ---D | C] -- I:\Windows\Sun
[2010/08/26 12:03:20 | 000,000,000 | ---D | C] -- I:\TDSSKiller_Quarantine
[2010/08/26 11:33:44 | 000,000,000 | ---D | C] -- I:\ProgramData\PCPitstopDat
[2010/08/26 11:27:26 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\PCPitstop
[2010/08/26 11:06:54 | 000,000,000 | ---D | C] -- I:\ProgramData\PCPitstop
[2010/08/19 23:33:49 | 000,000,000 | ---D | C] -- I:\Users\Eddie\DoctorWeb
[2010/08/18 23:27:23 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Fiddler2
[2010/08/17 23:37:22 | 000,000,000 | ---D | C] -- I:\Users\Eddie\AppData\Roaming\Mozilla
[2010/08/17 23:37:22 | 000,000,000 | ---D | C] -- I:\Users\Eddie\AppData\Local\Mozilla
[2010/08/17 23:36:34 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Mozilla Firefox
[2010/08/17 21:10:59 | 000,000,000 | ---D | C] -- I:\Windows\SysNative\%LocalAppData%
[2010/08/17 20:17:29 | 000,000,000 | -HSD | C] -- I:\Users\Eddie\%APPDATA%
[2010/08/16 22:59:30 | 000,000,000 | -H-D | C] -- I:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/16 22:58:04 | 128,750,008 | ---- | C] (Lavasoft ) -- I:\Users\Eddie\Desktop\Ad-AwareInstall.exe
[2010/08/16 22:50:55 | 000,000,000 | ---D | C] -- I:\ProgramData\!SASCORE
[2010/08/16 22:50:54 | 000,000,000 | ---D | C] -- I:\Program Files\SUPERAntiSpyware
[2010/08/16 22:45:07 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spyware Doctor
[2010/08/16 22:45:07 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\PC Tools
[2010/08/16 22:39:01 | 000,000,000 | ---D | C] -- I:\ProgramData\Spybot - Search & Destroy
[2010/08/16 22:39:01 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/16 22:37:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 17:00:47 | 000,000,000 | ---D | C] -- I:\Users\Eddie\Desktop\New folder (2)
[2010/08/15 22:43:38 | 003,429,232 | ---- | C] ( ) -- I:\Users\Eddie\Desktop\BinverseSetup_1.20.exe
[2010/08/15 01:24:16 | 066,023,424 | ---- | C] (Phoenix Simulation Software) -- I:\Users\Eddie\Desktop\PSS-B777.gau
[2010/08/14 10:38:53 | 000,000,000 | ---D | C] -- I:\Users\Eddie\Desktop\Resource
[2010/08/12 01:07:12 | 000,000,000 | ---D | C] -- I:\Users\Eddie\AppData\Roaming\PC Suite
[2010/08/12 01:07:12 | 000,000,000 | ---D | C] -- I:\ProgramData\PC Suite
[2010/08/12 01:06:52 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\PCSuite
[2010/08/12 00:55:29 | 000,025,600 | ---- | C] (Nokia) -- I:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010/08/12 00:55:17 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\PC Connectivity Solution
[2010/08/11 10:32:03 | 005,507,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 10:32:02 | 003,955,080 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/11 10:32:02 | 003,899,784 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntoskrnl.exe
[2010/08/11 10:31:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysNative\iepeers.dll
[2010/08/11 10:31:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iepeers.dll
[2010/08/11 10:31:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysNative\ieui.dll
[2010/08/11 10:31:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2010/08/11 10:31:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 10:31:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysNative\msfeedssync.exe
[2010/08/11 10:31:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysNative\rtutils.dll
[2010/08/11 10:31:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\rtutils.dll
[2010/08/11 10:31:43 | 000,082,944 | ---- | C] (Radius Inc.) -- I:\Windows\SysWow64\iccvid.dll
[2010/08/11 01:34:03 | 000,065,128 | ---- | C] (Khronos Group) -- I:\Windows\SysNative\OpenCL.dll
[2010/08/11 01:34:03 | 000,056,936 | ---- | C] (Khronos Group) -- I:\Windows\SysWow64\OpenCL.dll
[2010/08/11 01:34:03 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\drivers\nvBridge.kmd
[2010/08/11 01:34:01 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvoglv64.dll
[2010/08/11 01:34:01 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvoglv32.dll
[2010/08/11 01:34:01 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvwgf2um.dll
[2010/08/11 01:34:01 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvdecodemft.dll
[2010/08/11 01:34:01 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvdecodemft.dll
[2010/08/11 01:33:58 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvd3dumx.dll
[2010/08/11 01:33:58 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcuvid.dll
[2010/08/11 01:33:58 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvcuvid.dll
[2010/08/11 01:33:56 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcuvenc.dll
[2010/08/11 01:33:56 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvcuvenc.dll
[2010/08/11 01:33:55 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvcompiler.dll
[2010/08/11 01:33:55 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcuda.dll
[2010/08/11 01:33:55 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvcuda.dll
[2010/08/11 01:33:53 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcompiler.dll
[2010/08/11 01:33:53 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysWow64\nvapi.dll
[2010/08/11 01:33:53 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcod1922.dll
[2010/08/11 01:33:53 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- I:\Windows\SysNative\nvcod.dll
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- I:\Windows\SysWow64\a3d.dll
[6 I:\Windows\SysNative\*.tmp files -> I:\Windows\SysNative\*.tmp -> ]
[3 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[2 I:\*.tmp files -> I:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/08 23:25:36 | 006,291,456 | ---- | M] () -- I:\Users\Eddie\ntuser.dat
[2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
[2010/09/08 23:18:50 | 000,017,440 | -H-- | M] () -- I:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 23:18:50 | 000,017,440 | -H-- | M] () -- I:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 23:13:18 | 000,001,377 | -HS- | M] () -- I:\Windows\SysWow64\mmf.sys
[2010/09/08 23:12:58 | 000,000,890 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 23:12:40 | 000,000,006 | -H-- | M] () -- I:\Windows\tasks\SA.DAT
[2010/09/08 23:12:22 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2010/09/08 23:12:10 | 3220,037,632 | -HS- | M] () -- I:\hiberfil.sys
[2010/09/08 23:08:45 | 004,144,693 | -H-- | M] () -- I:\Users\Eddie\AppData\Local\IconCache.db
[2010/09/08 23:08:24 | 000,469,337 | ---- | M] () -- I:\Users\Eddie\Desktop\desktop.jpg
[2010/09/08 22:57:00 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 22:36:02 | 000,000,906 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001UA.job
[2010/09/08 02:11:47 | 000,447,792 | ---- | M] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\FixitCenter_Run.exe
[2010/09/07 20:35:00 | 000,000,854 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001Core.job
[2010/09/07 10:43:55 | 000,001,302 | ---- | M] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/07 10:43:54 | 000,001,278 | ---- | M] () -- I:\Users\Eddie\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 01:06:54 | 000,147,456 | ---- | M] () -- I:\Users\Eddie\Desktop\catchme (1).exe
[2010/09/06 23:06:10 | 001,414,933 | ---- | M] () -- I:\Users\Eddie\Desktop\Windows6.1-KB971033-x64.MSU
[2010/09/06 22:58:16 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- I:\Users\Eddie\Desktop\RegCureSetup_CB.exe
[2010/09/06 22:01:19 | 000,159,144 | ---- | M] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\WindowsActivationUpdate.exe
[2010/09/04 07:49:59 | 000,001,981 | ---- | M] () -- I:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/01 23:28:20 | 004,958,588 | ---- | M] () -- I:\Windows\{00000001-00000000-00000006-00001102-00000004-20021102}.CDF
[2010/08/29 12:34:20 | 000,012,288 | ---- | M] () -- I:\Windows\SysNative\umstartup.etl
[2010/08/28 13:59:18 | 000,000,020 | ---- | M] () -- I:\Users\Eddie\defogger_reenable
[2010/08/27 22:08:02 | 000,001,027 | ---- | M] () -- I:\Users\Eddie\Desktop\CCleaner.lnk
[2010/08/27 19:45:29 | 000,000,000 | ---- | M] () -- I:\autoexec.bat
[2010/08/27 18:57:51 | 000,001,865 | ---- | M] () -- I:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/27 01:23:41 | 000,001,908 | ---- | M] () -- I:\Windows\diagwrn.xml
[2010/08/27 01:23:41 | 000,001,908 | ---- | M] () -- I:\Windows\diagerr.xml
[2010/08/27 01:22:22 | 000,004,672 | ---- | M] () -- I:\Users\Eddie\Desktop\Windows Compatibility Report.htm
[2010/08/25 22:48:01 | 000,000,127 | ---- | M] () -- I:\Users\Eddie\Desktop\Perform a clean startup to determine whether background programs are interfering with your game or program.url
[2010/08/19 22:45:00 | 000,852,052 | ---- | M] () -- I:\Windows\SysNative\PerfStringBackup.INI
[2010/08/19 22:45:00 | 000,720,390 | ---- | M] () -- I:\Windows\SysNative\perfh009.dat
[2010/08/19 22:45:00 | 000,143,272 | ---- | M] () -- I:\Windows\SysNative\perfc009.dat
[2010/08/19 22:24:58 | 000,007,618 | ---- | M] () -- I:\Users\Eddie\AppData\Local\Resmon.ResmonCfg
[2010/08/19 16:49:04 | 000,000,460 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100819_164853.reg
[2010/08/17 23:36:55 | 000,001,983 | ---- | M] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/17 23:36:54 | 000,001,959 | ---- | M] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 22:58:31 | 128,750,008 | ---- | M] (Lavasoft ) -- I:\Users\Eddie\Desktop\Ad-AwareInstall.exe
[2010/08/16 22:37:07 | 000,001,029 | ---- | M] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 20:50:04 | 000,001,764 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100816_204959.reg
[2010/08/16 20:18:57 | 002,101,817 | ---- | M] () -- I:\Users\Eddie\Desktop\ICRTool.exe
[2010/08/16 20:17:08 | 000,000,136 | ---- | M] () -- I:\Users\Eddie\Desktop\winsockfix.bat
[2010/08/16 20:09:55 | 048,405,200 | ---- | M] () -- I:\Users\Eddie\Desktop\drweb-cureit.exe
[2010/08/15 22:43:48 | 003,429,232 | ---- | M] ( ) -- I:\Users\Eddie\Desktop\BinverseSetup_1.20.exe
[2010/08/15 18:59:29 | 001,187,419 | ---- | M] () -- I:\Users\Eddie\Desktop\texture.baZC.zip
[2010/08/14 10:38:00 | 002,845,757 | ---- | M] () -- I:\Users\Eddie\Desktop\installer_resource_hacker_3_4_0_79_English.exe
[2010/08/14 01:26:42 | 000,034,240 | ---- | M] () -- I:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,034,240 | ---- | M] () -- I:\Windows\SysNative\BMXState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,030,528 | ---- | M] () -- I:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,030,528 | ---- | M] () -- I:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,011,564 | ---- | M] () -- I:\Windows\SysNative\DVCState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/12 10:59:03 | 000,012,731 | ---- | M] () -- I:\Users\Eddie\Desktop\Ticket Confirmation.eml
[2010/08/12 01:15:32 | 063,540,411 | R--- | M] () -- I:\Users\Eddie\Desktop\2010-08-12 N79.nbu
[2010/08/12 01:14:38 | 000,002,150 | ---- | M] () -- I:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010/08/12 01:06:54 | 000,002,058 | ---- | M] () -- I:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/12 00:18:46 | 000,109,202 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100812_001834.reg
[2010/08/12 00:09:43 | 000,000,182 | ---- | M] () -- I:\Users\Eddie\Desktop\Nokia Support Discussions - Re OVI suite won't install - Nokia Support Discussions.url
[2010/08/11 22:51:47 | 000,038,776 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100811_225139.reg
[2010/08/11 22:03:17 | 003,045,000 | ---- | M] () -- I:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts
[6 I:\Windows\SysNative\*.tmp files -> I:\Windows\SysNative\*.tmp -> ]
[3 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[2 I:\*.tmp files -> I:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 23:08:19 | 000,469,337 | ---- | C] () -- I:\Users\Eddie\Desktop\desktop.jpg
[2010/09/07 10:43:54 | 000,001,302 | ---- | C] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/07 10:43:54 | 000,001,278 | ---- | C] () -- I:\Users\Eddie\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 01:07:13 | 000,147,456 | ---- | C] () -- I:\Users\Eddie\Desktop\catchme (1).exe
[2010/09/06 22:10:42 | 001,414,933 | ---- | C] () -- I:\Users\Eddie\Desktop\Windows6.1-KB971033-x64.MSU
[2010/08/28 13:59:18 | 000,000,020 | ---- | C] () -- I:\Users\Eddie\defogger_reenable
[2010/08/27 19:45:29 | 000,000,000 | ---- | C] () -- I:\autoexec.bat
[2010/08/27 18:57:50 | 000,001,865 | ---- | C] () -- I:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/27 01:22:23 | 000,004,672 | ---- | C] () -- I:\Users\Eddie\Desktop\Windows Compatibility Report.htm
[2010/08/25 22:48:01 | 000,000,127 | ---- | C] () -- I:\Users\Eddie\Desktop\Perform a clean startup to determine whether background programs are interfering with your game or program.url
[2010/08/19 16:48:58 | 000,000,460 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100819_164853.reg
[2010/08/17 23:36:54 | 000,001,983 | ---- | C] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/17 23:36:54 | 000,001,959 | ---- | C] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 22:50:55 | 000,001,981 | ---- | C] () -- I:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/16 22:37:07 | 000,001,029 | ---- | C] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 20:50:02 | 000,001,764 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100816_204959.reg
[2010/08/16 20:18:43 | 002,101,817 | ---- | C] () -- I:\Users\Eddie\Desktop\ICRTool.exe
[2010/08/16 20:17:08 | 000,000,136 | ---- | C] () -- I:\Users\Eddie\Desktop\winsockfix.bat
[2010/08/16 20:09:51 | 048,405,200 | ---- | C] () -- I:\Users\Eddie\Desktop\drweb-cureit.exe
[2010/08/15 18:59:16 | 001,187,419 | ---- | C] () -- I:\Users\Eddie\Desktop\texture.baZC.zip
[2010/08/14 10:37:57 | 002,845,757 | ---- | C] () -- I:\Users\Eddie\Desktop\installer_resource_hacker_3_4_0_79_English.exe
[2010/08/12 10:59:03 | 000,012,731 | ---- | C] () -- I:\Users\Eddie\Desktop\Ticket Confirmation.eml
[2010/08/12 01:14:38 | 000,002,150 | ---- | C] () -- I:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010/08/12 01:10:55 | 063,540,411 | R--- | C] () -- I:\Users\Eddie\Desktop\2010-08-12 N79.nbu
[2010/08/12 01:06:54 | 000,002,058 | ---- | C] () -- I:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/12 00:18:37 | 000,109,202 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100812_001834.reg
[2010/08/12 00:09:43 | 000,000,182 | ---- | C] () -- I:\Users\Eddie\Desktop\Nokia Support Discussions - Re OVI suite won't install - Nokia Support Discussions.url
[2010/08/11 22:51:45 | 000,038,776 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100811_225139.reg
[2010/08/08 21:41:21 | 000,003,584 | ---- | C] () -- I:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 12:58:26 | 000,001,377 | -HS- | C] () -- I:\Windows\SysWow64\mmf.sys
[2010/07/31 12:58:23 | 000,048,640 | ---- | C] () -- I:\Windows\mmfs.dll
[2010/07/08 17:32:08 | 000,184,320 | ---- | C] () -- I:\Windows\SysWow64\dbcmdb32.dll
[2010/07/08 17:32:08 | 000,141,824 | ---- | C] () -- I:\Windows\SysWow64\dbcjpg32.dll
[2010/07/08 17:32:08 | 000,135,168 | ---- | C] () -- I:\Windows\SysWow64\DBCMEM32.DLL
[2010/07/08 17:32:08 | 000,073,728 | ---- | C] () -- I:\Windows\SysWow64\dbcgeo32.dll
[2010/07/08 17:32:07 | 000,204,800 | ---- | C] () -- I:\Windows\SysWow64\DBCDBF32.DLL
[2010/07/02 19:06:34 | 000,861,662 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 18:59:18 | 000,000,000 | ---- | C] () -- I:\ProgramData\LauncherAccess.dt
[2010/07/02 11:04:35 | 000,005,632 | ---- | C] () -- I:\Windows\SysWow64\drivers\StarOpen.sys
[2010/06/19 23:55:54 | 000,154,144 | ---- | C] () -- I:\Windows\SysWow64\RTLCPAPI.dll
[2010/03/12 00:27:50 | 000,000,072 | ---- | C] () -- I:\Windows\SysWow64\epDPE.ini
[2010/03/12 00:27:17 | 000,000,022 | ---- | C] () -- I:\Windows\SysWow64\PICSDK.ini
[2010/03/12 00:26:21 | 000,000,025 | ---- | C] () -- I:\Windows\CDE P242580EF.ini
[2010/03/05 14:00:27 | 000,002,950 | ---- | C] () -- I:\Windows\uninstall_NewSpanishAirports.ini
[2010/01/30 11:26:43 | 000,000,303 | ---- | C] () -- I:\Windows\RFP.ini
[2010/01/30 10:18:30 | 000,000,060 | ---- | C] () -- I:\Windows\Vmax_742.ini
[2010/01/20 12:03:16 | 000,000,036 | ---- | C] () -- I:\Users\Eddie\AppData\Local\housecall.guid.cache
[2010/01/14 01:23:15 | 000,000,194 | ---- | C] () -- I:\ProgramData\DriverTool.log
[2010/01/14 00:46:07 | 000,162,304 | ---- | C] () -- I:\Windows\SysWow64\ztvunrar36.dll
[2010/01/14 00:46:07 | 000,153,088 | ---- | C] () -- I:\Windows\SysWow64\UNRAR3.dll
[2010/01/14 00:46:07 | 000,077,312 | ---- | C] () -- I:\Windows\SysWow64\ztvunace26.dll
[2010/01/14 00:46:07 | 000,075,264 | ---- | C] () -- I:\Windows\SysWow64\unacev2.dll
[2010/01/10 13:51:49 | 000,003,072 | ---- | C] () -- I:\Windows\SysWow64\flt1chk3.dll
[2010/01/10 13:28:31 | 000,061,965 | ---- | C] () -- I:\Windows\uninstall_Wonderful Madeira.ini
[2010/01/10 13:25:15 | 000,000,708 | ---- | C] () -- I:\Windows\uninstall_Menorca.ini
[2009/12/11 15:27:09 | 000,007,618 | ---- | C] () -- I:\Users\Eddie\AppData\Local\Resmon.ResmonCfg
[2009/12/08 21:05:41 | 000,327,168 | ---- | C] () -- I:\Windows\SysWow64\cutil32.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 18:24:18 | 000,015,498 | ---- | C] () -- I:\Windows\VX3000.ini
[2009/06/23 13:29:48 | 000,000,054 | ---- | C] () -- I:\Windows\SysWow64\ctzapxx.ini
[2008/01/24 02:49:14 | 000,098,304 | ---- | C] () -- I:\Windows\SysWow64\fs2cchk4.dll
[2008/01/16 01:15:58 | 000,053,248 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- I:\Windows\SysWow64\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- I:\Windows\SysWow64\instwdm.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- I:\Windows\SysWow64\CTBurst.dll
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- I:\Windows\SysWow64\kill.ini
[2006/06/29 16:24:43 | 000,318,014 | ---- | C] () -- I:\Windows\SysWow64\flt1chk4.dll
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- I:\Windows\SysWow64\ctmmactl.dll
[2005/01/15 00:51:21 | 000,000,151 | ---- | C] () -- I:\Windows\swfl5.ini
[2004/07/11 20:41:52 | 000,094,208 | ---- | C] () -- I:\Windows\SysWow64\vbpng.dll

========== Custom Scans ==========



< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 845 bytes -> I:\Users\Eddie\Desktop\Ticket Confirmation.eml:OECustomProperty
@Alternate Data Stream - 150 bytes -> I:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> I:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:A1D5C6AA
@Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:CB0AACC9
< End of report >



OTL Extras logfile created on: 9/8/2010 11:24:51 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = I:\Users\Eddie\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 186.31 Gb Total Space | 76.92 Gb Free Space | 41.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 330.12 Gb Total Space | 284.83 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive G: | 127.99 Gb Total Space | 79.82 Gb Free Space | 62.37% Space Free | Partition Type: NTFS
Drive H: | 104.89 Gb Total Space | 53.53 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
Drive I: | 401.36 Gb Total Space | 240.39 Gb Free Space | 59.89% Space Free | Partition Type: NTFS
Drive K: | 152.66 Gb Total Space | 42.45 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive M: | 200.03 Gb Total Space | 195.93 Gb Free Space | 97.95% Space Free | Partition Type: NTFS

Computer Name: EDDIE-PC
Current User Name: Eddie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- I:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- "I:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "I:\Windows\System32\rundll32.exe" "I:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- I:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "I:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "I:\Windows\System32\rundll32.exe" "I:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- I:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A9B8BE97-CE22-465F-AEFE-66AFC05F4FAB}" = nHancer
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"Explorer Suite_is1" = Explorer Suite III
"F6DC63F2DBAE55EF9988A79DF50F3AF52275237C" = Windows Driver Package - SafeNet, Inc. USB (03/09/2006 7.3.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Linksys Wireless Manager" = Linksys Wireless Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Audio Driver" = NVIDIA Audio Driver
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731039C0-BF5A-4D86-9935-615D655307B8}-FS2004" = aerosoft's - New Spanish Airports - FS2004
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8852753D-9E27-41F6-9A20-1D4E02B013FC}" = Nokia Download!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B301C054-45C9-CDA3-27A4-E478D7A34E8F}" = Sky Ticker
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9363145-9671-11BB-3E2E-C804D976375F}" = Chief Architect X1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F293A032-EB67-4ADC-8646-F1AA7F9E0143}" = Aerosoft's - Luxembourg Airports
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB56079B-7D0C-4D1D-864A-09BA159CC31B}" = Active Sky Evolution
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"50N Boeing 737 Family Base Pack 1.0.0" = 50N Boeing 737 Family Base Pack 1.0.0
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airbus Volume 1 Upgrade for FS2004" = Airbus Volume 1 Upgrade for FS2004
"Airbus Volume 1 Upgrade for FSX" = Airbus Volume 1 Upgrade for FSX
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Console
"B752PRO_FS9" = '757-200 Captain' Pro Pack
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DC++" = DC++ 0.762
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FlightSim Manager" = FlightSim Manager
"FS2Crew Start Center April 2009" = FS2Crew Start Center April 2009
"FS2Crew: Wilco-Feelthere Airbus Special Edition" = FS2Crew: Wilco-Feelthere Airbus Special Edition
"FS2Crew: Wilco-Feelthere Airbus Special Edition Service Update 2" = FS2Crew: Wilco-Feelthere Airbus Special Edition Service Update 2
"FSBuild 2" = FSBuild 2
"FSWater_10" = FS Water
"FSWidgets Electronic Flight Bag for FS2004_is1" = FSWidgets - EFB2004
"Ground Environment Professional" = Ground Environment Professional
"IvAp_is1" = IvAp v1.4.2 b2411
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"nHancer" = nHancer
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PC Matic_is1" = PC Matic 1.0.0.24
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"PIC 737 Call" = PIC 737 Call 1.2
"PIC 737X Call" = PIC 737X Call 1.2
"Piper_Warrior_1.0" = Australian Simulation Piper Warrior v1.0
"PSS - Boeing 757 Pro. v1.3" = PSS - Boeing 757 Pro. v1.3
"Ready for Pushback V2 Cargo Loader" = Ready for Pushback V2 Cargo Loader
"Ready for Pushback V2 Combi Loader" = Ready for Pushback V2 Combi Loader
"Ready for Pushback V2 Takeoff Calculator" = Ready for Pushback V2 Takeoff Calculator
"Ready for Pushback V2_10 Full Version" = Ready for Pushback V2_10 Full Version
"Remove Empty Directories" = Remove Empty Directories 2.1
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Silent Hunter 5_is1" = Silent Hunter 5
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SquawkBox" = SquawkBox
"Steam App 10680" = Aliens vs Predator
"Theatre of War 2: Africa 1943_is1" = Theatre of War 2
"TOPCAT" = TOPCAT 2.66 - Take-Off and Landing Performance Calculation Tool
"TSS Airbus IAE-V2500 New Gen sound" = TSS Airbus IAE-V2500 New Gen sound
"TSS BOEING 747 RR SOUND FSX" = TSS BOEING 747 RR SOUND FSX
"UK2000 City" = Remove UK2000 City files
"UK2000 Manchester Xtreme FS2004" = UK2000 Manchester Xtreme FS2004 Uninstall
"Visual Flight London" = Visual Flight London
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.sky.com.skyticker.C3A7B9F41647BC5F0EE1B970EEE9837B4B9B49F1.1" = Sky Ticker
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2527311835-514280460-1218292114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"737 Pilot in Command" = 737 Pilot in Command
"737 Pilot in Command (FSX)" = 737 Pilot in Command (FSX)
"Airbus Series Vol.1 (FS X)" = Airbus Series Vol.1 (FS X)
"Airbus Series Vol.1 (FS2004)" = Airbus Series Vol.1 (FS2004)
"Airbus Series Vol.1 Deluxe Upgrade (FS2004)" = Airbus Series Vol.1 Deluxe Upgrade (FS2004)
"Airbus Series Vol.1 Deluxe Upgrade (FSX)" = Airbus Series Vol.1 Deluxe Upgrade (FSX)
"Airline Pack E-170 FS9/FSX (version 1.1)" = Airline Pack E-170 FS9/FSX (version 1.1)
"Airline Pack E-190 FS9/FSX (version 1.1)" = Airline Pack E-190 FS9/FSX (version 1.1)
"E-Jets Series (FS2004)" = E-Jets Series (FS2004)
"FOC - V 1.2.8 Special Edition" = FOC - V 1.2.8 Special Edition
"Google Chrome" = Google Chrome
"Instalación Boeing 737-200 Advanced v6.6 PRO" = Instalación Boeing 737-200 Advanced v6.6 PRO
"Level-D 767-300 for FSX" = Level-D 767-300 for FSX
"Ultimate Airliners - Super 80 Professional" = Ultimate Airliners - Super 80 Professional
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/03/2010 01:38:58 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 05:12:34 | Computer Name = Eddie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "i:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "i:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 19/03/2010 05:12:57 | Computer Name = Eddie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "i:\program files (x86)\Nokia\nokia
pc suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/03/2010 10:03:40 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 10:03:45 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 10:11:11 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 10:11:11 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 10:11:16 | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ONENOTEM.EXE, version: 12.0.6413.1000,
time stamp: 0x4902cd64 Faulting module name: msi.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a5bda99 Exception code: 0xc0000005 Fault offset: 0x721a42ff Faulting
process id: 0xbc8 Faulting application start time: 0x01cac76ddc8a7b8a Faulting application
path: I:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE Faulting module
path: msi.dll Report Id: 47bb4a36-3361-11df-a7f9-000129d149b4

Error - 19/03/2010 10:13:04 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error - 19/03/2010 10:13:06 | Computer Name = Eddie-PC | Source = RapiMgr | ID = 2
Description = Failed to start the Windows Mobile-based device connectivity service
due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

[ Media Center Events ]
Error - 28/03/2010 16:25:30 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 21:25:27 - Error connecting to the internet. 21:25:27 - Unable
to contact server..

Error - 22/04/2010 17:16:36 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 22:16:28 - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 26/04/2010 11:33:04 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 16:33:03 - Error connecting to the internet. 16:33:04 - Unable
to contact server..

Error - 26/04/2010 11:33:12 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 16:33:09 - Error connecting to the internet. 16:33:09 - Unable
to contact server..

Error - 26/04/2010 12:33:17 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 17:33:17 - Error connecting to the internet. 17:33:17 - Unable
to contact server..

Error - 26/04/2010 12:33:23 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 17:33:22 - Error connecting to the internet. 17:33:22 - Unable
to contact server..

Error - 07/06/2010 11:53:58 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 16:53:57 - Error connecting to the internet. 16:53:57 - Unable
to contact server..

Error - 18/07/2010 18:30:55 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 23:30:55 - Error connecting to the internet. 23:30:55 - Unable
to contact server..

Error - 18/07/2010 18:31:07 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 23:31:01 - Error connecting to the internet. 23:31:01 - Unable
to contact server..

Error - 17/08/2010 13:00:27 | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
Description = 18:00:27 - Error connecting to the internet. 18:00:27 - Unable
to contact server..

[ System Events ]
Error - 08/09/2010 18:17:53 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Mobile-2003-based device connectivity service depends
on the Windows Mobile-based device connectivity service which failed to start because
of the following error: %%0

Error - 08/09/2010 18:17:53 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Mobile-based device connectivity service terminated with
service-specific error %%-2147024891.

Error - 08/09/2010 18:17:57 | Computer Name = Eddie-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 08/09/2010 18:19:19 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7022
Description = The IPsec Policy Agent service hung on starting.

Error - 08/09/2010 18:19:29 | Computer Name = Eddie-PC | Source = DCOM | ID = 10005
Description =

Error - 08/09/2010 18:19:29 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7022
Description = The SSDP Discovery service hung on starting.

Error - 08/09/2010 18:19:29 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1070

Error - 08/09/2010 18:21:01 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7022
Description = The SSDP Discovery service hung on starting.

Error - 08/09/2010 18:21:01 | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1070

Error - 08/09/2010 18:21:30 | Computer Name = Eddie-PC | Source = DCOM | ID = 10010
Description =


< End of report >


Followed your instructions for MBR check.
I put mbr.exe into I:\Windows ( where my Windows 7 is installed ).
Made the mbrlook.bat file and ran it.
It then dissapeared and got no ZIP file on desktop.



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
Windows Product Key Hash: MIxYqACXLtRH7LxWH1DuijiMXBo=
Windows Product ID: 00426-956-0220154-85615
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {7FF49451-6A46-4362-AA74-796F079CE2F7}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7FF49451-6A46-4362-AA74-796F079CE2F7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-MRQ2Y</PKey><PID>00426-956-0220154-85615</PID><PIDType>5</PIDType><SID>S-1-5-21-2527311835-514280460-1218292114</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20050623000000.000000+000</Date></BIOS><HWID>C1BB3607018400F6</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65607</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-956-022015-00-2057-7600.0000-1552010
Installation ID: 001275722995381776719646076845532626157945271084878206
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MRQ2Y
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 09/09/2010 00:05:32

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4A2
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:4:2010 19:38
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAAACAAAAAwABAAEA6GG41BYptiPQ8ZBgyh4Ahzr0ZiYFvOhe6Cz24QJa2iI=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Nvidia AWRDACPI
FACP Nvidia AWRDACPI
SRAT AMD HAMMER
SSDT PTLTD POWERNOW
MCFG Nvidia AWRDACPI
SLIC HPQOEM SLIC-MPC



.0441 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/26 12:01:31.0441 ================================================================================
2010/08/26 12:01:31.0441 SystemInfo:
2010/08/26 12:01:31.0441
2010/08/26 12:01:31.0441 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/26 12:01:31.0441 Product type: Workstation
2010/08/26 12:01:31.0441 ComputerName: EDDIE-PC
2010/08/26 12:01:31.0444 UserName: Eddie
2010/08/26 12:01:31.0444 Windows directory: I:\Windows
2010/08/26 12:01:31.0444 System windows directory: I:\Windows
2010/08/26 12:01:31.0444 Running under WOW64
2010/08/26 12:01:31.0444 Processor architecture: Intel x64
2010/08/26 12:01:31.0444 Number of processors: 2
2010/08/26 12:01:31.0444 Page size: 0x1000
2010/08/26 12:01:31.0444 Boot type: Normal boot
2010/08/26 12:01:31.0444 ================================================================================
2010/08/26 12:01:31.0445 Utility is running under WOW64, functionality is limited.
2010/08/26 12:01:32.0073 Initialize success
2010/08/26 12:01:33.0785 ================================================================================
2010/08/26 12:01:33.0785 Scan started
2010/08/26 12:01:33.0785 Mode: Manual;
2010/08/26 12:01:33.0785 ================================================================================
2010/08/26 12:01:34.0330 1394ohci (1b00662092f9f9568b995902f0cc40d5) I:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/26 12:01:34.0395 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) I:\Windows\system32\DRIVERS\ACPI.sys
2010/08/26 12:01:34.0426 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) I:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/26 12:01:34.0600 adfs (2f0683fd2df1d92e891caca14b45a8c1) I:\Windows\system32\drivers\adfs.sys
2010/08/26 12:01:34.0735 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) I:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/26 12:01:34.0808 adpahci (597f78224ee9224ea1a13d6350ced962) I:\Windows\system32\DRIVERS\adpahci.sys
2010/08/26 12:01:34.0903 adpu320 (e109549c90f62fb570b9540c4b148e54) I:\Windows\system32\DRIVERS\adpu320.sys
2010/08/26 12:01:35.0031 afcdp (1ee367dec27e3ce00657f5bb71f5f7a7) I:\Windows\system32\DRIVERS\afcdp.sys
2010/08/26 12:01:35.0171 AFD (b9384e03479d2506bc924c16a3db87bc) I:\Windows\system32\drivers\afd.sys
2010/08/26 12:01:35.0208 agp440 (608c14dba7299d8cb6ed035a68a15799) I:\Windows\system32\DRIVERS\agp440.sys
2010/08/26 12:01:35.0399 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) I:\Windows\system32\drivers\RTKVAC64.SYS
2010/08/26 12:01:35.0541 aliide (5812713a477a3ad7363c7438ca2ee038) I:\Windows\system32\DRIVERS\aliide.sys
2010/08/26 12:01:35.0871 amdide (1ff8b4431c353ce385c875f194924c0c) I:\Windows\system32\DRIVERS\amdide.sys
2010/08/26 12:01:35.0933 AmdK8 (7024f087cff1833a806193ef9d22cda9) I:\Windows\system32\DRIVERS\amdk8.sys
2010/08/26 12:01:36.0034 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) I:\Windows\system32\DRIVERS\amdppm.sys
2010/08/26 12:01:36.0077 amdsata (7a4b413614c055935567cf88a9734d38) I:\Windows\system32\DRIVERS\amdsata.sys
2010/08/26 12:01:36.0181 amdsbs (f67f933e79241ed32ff46a4f29b5120b) I:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/26 12:01:36.0210 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) I:\Windows\system32\DRIVERS\amdxata.sys
2010/08/26 12:01:36.0345 AppID (42fd751b27fa0e9c69bb39f39e409594) I:\Windows\system32\drivers\appid.sys
2010/08/26 12:01:36.0437 arc (c484f8ceb1717c540242531db7845c4e) I:\Windows\system32\DRIVERS\arc.sys
2010/08/26 12:01:36.0535 arcsas (019af6924aefe7839f61c830227fe79c) I:\Windows\system32\DRIVERS\arcsas.sys
2010/08/26 12:01:36.0618 AsyncMac (769765ce2cc62867468cea93969b2242) I:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/26 12:01:36.0703 atapi (02062c0b390b7729edc9e69c680a6f3c) I:\Windows\system32\DRIVERS\atapi.sys
2010/08/26 12:01:36.0786 b06bdrv (3e5b191307609f7514148c6832bb0842) I:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/26 12:01:36.0828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) I:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/26 12:01:36.0958 BCM43XX (9e84a931dbee0292e38ed672f6293a99) I:\Windows\system32\DRIVERS\bcmwl664.sys
2010/08/26 12:01:37.0138 Beep (16a47ce2decc9b099349a5f840654746) I:\Windows\system32\drivers\Beep.sys
2010/08/26 12:01:37.0333 BHDrvx64 (95da658498248d5832aa240850706150) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
2010/08/26 12:01:37.0460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) I:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/26 12:01:37.0500 bowser (91ce0d3dc57dd377e690a2d324022b08) I:\Windows\system32\DRIVERS\bowser.sys
2010/08/26 12:01:37.0554 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) I:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/26 12:01:37.0601 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) I:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/26 12:01:37.0696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) I:\Windows\System32\Drivers\Brserid.sys
2010/08/26 12:01:37.0738 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) I:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/26 12:01:37.0779 BrUsbMdm (b79968002c277e869cf38bd22cd61524) I:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/26 12:01:37.0865 BrUsbSer (a87528880231c54e75ea7a44943b38bf) I:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/26 12:01:37.0921 bthav (0b2ee8b36081c1039ea3d20b952a8ddc) I:\Windows\system32\drivers\bthav.sys
2010/08/26 12:01:38.0033 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) I:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/26 12:01:38.0083 BthEnum (cf98190a94f62e405c8cb255018b2315) I:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/26 12:01:38.0194 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) I:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/26 12:01:38.0249 BthPan (02dd601b708dd0667e1331fa8518e9ff) I:\Windows\system32\DRIVERS\bthpan.sys
2010/08/26 12:01:38.0354 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) I:\Windows\system32\Drivers\BTHport.sys
2010/08/26 12:01:38.0427 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) I:\Windows\system32\Drivers\BTHUSB.sys
2010/08/26 12:01:38.0544 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) I:\Windows\system32\drivers\btwaudio.sys
2010/08/26 12:01:38.0625 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) I:\Windows\system32\DRIVERS\btwavdt.sys
2010/08/26 12:01:38.0747 btwl2cap (6149301dc3f81d6f9667a3fbac410975) I:\Windows\system32\DRIVERS\btwl2cap.sys
2010/08/26 12:01:38.0822 btwrchid (28e105ad3b79f440bf94780f507bf66a) I:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/26 12:01:38.0970 ccHP (da66e851e76766d2c84502fe682ab175) I:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
2010/08/26 12:01:39.0084 cdfs (b8bd2bb284668c84865658c77574381a) I:\Windows\system32\DRIVERS\cdfs.sys
2010/08/26 12:01:39.0217 cdrom (83d2d75e1efb81b3450c18131443f7db) I:\Windows\system32\DRIVERS\cdrom.sys
2010/08/26 12:01:39.0270 circlass (d7cd5c4e1b71fa62050515314cfb52cf) I:\Windows\system32\DRIVERS\circlass.sys
2010/08/26 12:01:39.0393 CLFS (fe1ec06f2253f691fe36217c592a0206) I:\Windows\system32\CLFS.sys
2010/08/26 12:01:39.0510 CmBatt (0840155d0bddf1190f84a663c284bd33) I:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/26 12:01:39.0590 cmdide (e19d3f095812725d88f9001985b94edd) I:\Windows\system32\DRIVERS\cmdide.sys
2010/08/26 12:01:39.0645 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) I:\Windows\system32\Drivers\cng.sys
2010/08/26 12:01:39.0789 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) I:\Windows\system32\COMMONFX.DLL
2010/08/26 12:01:39.0929 Compbatt (102de219c3f61415f964c88e9085ad14) I:\Windows\system32\DRIVERS\compbatt.sys
2010/08/26 12:01:40.0000 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) I:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/26 12:01:40.0340 crcdisk (1c827878a998c18847245fe1f34ee597) I:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/26 12:01:40.0553 CSC (4a6173c2279b498cd8f57cae504564cb) I:\Windows\system32\drivers\csc.sys
2010/08/26 12:01:40.0623 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) I:\Windows\system32\CT20XUT.DLL
2010/08/26 12:01:40.0747 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) I:\Windows\system32\drivers\ctac32k.sys
2010/08/26 12:01:40.0839 ctaud2k (7321bd704cc3b34b78f8574e64258f39) I:\Windows\system32\drivers\ctaud2k.sys
2010/08/26 12:01:41.0017 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) I:\Windows\system32\CTAUDFX.DLL
2010/08/26 12:01:41.0191 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) I:\Windows\system32\CTEAPSFX.DLL
2010/08/26 12:01:41.0283 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) I:\Windows\system32\CTEDSPFX.DLL
2010/08/26 12:01:41.0325 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) I:\Windows\system32\CTEDSPIO.DLL
2010/08/26 12:01:41.0374 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) I:\Windows\system32\CTEDSPSY.DLL
2010/08/26 12:01:41.0516 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) I:\Windows\system32\CTERFXFX.DLL
2010/08/26 12:01:41.0702 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) I:\Windows\system32\CTEXFIFX.DLL
2010/08/26 12:01:41.0805 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) I:\Windows\system32\CTHWIUT.DLL
2010/08/26 12:01:41.0868 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) I:\Windows\system32\drivers\ctprxy2k.sys
2010/08/26 12:01:42.0014 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) I:\Windows\system32\CTSBLFX.DLL
2010/08/26 12:01:42.0172 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) I:\Windows\system32\drivers\ctsfm2k.sys
2010/08/26 12:01:42.0292 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) I:\Windows\system32\drivers\DefragFS.sys
2010/08/26 12:01:42.0421 DfsC (3f1dc527070acb87e40afe46ef6da749) I:\Windows\system32\Drivers\dfsc.sys
2010/08/26 12:01:42.0487 discache (13096b05847ec78f0977f2c0f79e9ab3) I:\Windows\system32\drivers\discache.sys
2010/08/26 12:01:42.0514 Disk (9819eee8b5ea3784ec4af3b137a5244c) I:\Windows\system32\DRIVERS\disk.sys
2010/08/26 12:01:42.0649 drmkaud (9b19f34400d24df84c858a421c205754) I:\Windows\system32\drivers\drmkaud.sys
2010/08/26 12:01:42.0717 DXGKrnl (ebce0b0924835f635f620d19f0529dce) I:\Windows\System32\drivers\dxgkrnl.sys
2010/08/26 12:01:42.0873 ebdrv (dc5d737f51be844d8c82c695eb17372f) I:\Windows\system32\DRIVERS\evbda.sys
2010/08/26 12:01:43.0055 eeCtrl (066108ae4c35835081598827a1a7d08d) I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/08/26 12:01:43.0166 elxstor (0e5da5369a0fcaea12456dd852545184) I:\Windows\system32\DRIVERS\elxstor.sys
2010/08/26 12:01:43.0241 emupia (1e2f860d9521fb73566c85cd17d58291) I:\Windows\system32\drivers\emupia2k.sys
2010/08/26 12:01:43.0352 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/26 12:01:43.0431 ErrDev (34a3c54752046e79a126e15c51db409b) I:\Windows\system32\DRIVERS\errdev.sys
2010/08/26 12:01:43.0780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) I:\Windows\system32\drivers\exfat.sys
2010/08/26 12:01:43.0885 fastfat (0adc83218b66a6db380c330836f3e36d) I:\Windows\system32\drivers\fastfat.sys
2010/08/26 12:01:43.0988 fdc (d765d19cd8ef61f650c384f62fac00ab) I:\Windows\system32\DRIVERS\fdc.sys
2010/08/26 12:01:44.0056 FileInfo (655661be46b5f5f3fd454e2c3095b930) I:\Windows\system32\drivers\fileinfo.sys
2010/08/26 12:01:44.0166 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) I:\Windows\system32\drivers\filetrace.sys
2010/08/26 12:01:44.0309 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) I:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/26 12:01:44.0351 FltMgr (f7866af72abbaf84b1fa5aa195378c59) I:\Windows\system32\drivers\fltmgr.sys
2010/08/26 12:01:44.0407 FsDepends (d43703496149971890703b4b1b723eac) I:\Windows\system32\drivers\FsDepends.sys
2010/08/26 12:01:44.0524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) I:\Windows\system32\drivers\Fs_Rec.sys
2010/08/26 12:01:44.0601 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) I:\Windows\system32\DRIVERS\fvevol.sys
2010/08/26 12:01:44.0635 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) I:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/26 12:01:44.0750 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) I:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/26 12:01:44.0899 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) I:\Windows\system32\drivers\ha10kx2k.sys
2010/08/26 12:01:45.0032 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) I:\Windows\system32\drivers\hap16v2k.sys
2010/08/26 12:01:45.0087 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) I:\Windows\system32\drivers\hap17v2k.sys
2010/08/26 12:01:45.0218 hcw85cir (f2523ef6460fc42405b12248338ab2f0) I:\Windows\system32\drivers\hcw85cir.sys
2010/08/26 12:01:45.0277 HDAudBus (0a49913402747a0b67de940fb42cbdbb) I:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/26 12:01:45.0312 HidBatt (78e86380454a7b10a5eb255dc44a355f) I:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/26 12:01:45.0380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) I:\Windows\system32\DRIVERS\hidbth.sys
2010/08/26 12:01:45.0449 HidIr (0a77d29f311b88cfae3b13f9c1a73825) I:\Windows\system32\DRIVERS\hidir.sys
2010/08/26 12:01:45.0546 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) I:\Windows\system32\DRIVERS\hidusb.sys
2010/08/26 12:01:45.0630 HpSAMD (0886d440058f203eba0e1825e4355914) I:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/26 12:01:45.0691 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) I:\Windows\system32\drivers\HTTP.sys
2010/08/26 12:01:45.0770 hwpolicy (f17766a19145f111856378df337a5d79) I:\Windows\system32\drivers\hwpolicy.sys
2010/08/26 12:01:45.0817 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) I:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/26 12:01:45.0924 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) I:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/26 12:01:46.0135 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100823.002\IDSvia64.sys
2010/08/26 12:01:46.0216 iirsp (5c18831c61933628f5bb0ea2675b9d21) I:\Windows\system32\DRIVERS\iirsp.sys
2010/08/26 12:01:46.0297 intelide (f00f20e70c6ec3aa366910083a0518aa) I:\Windows\system32\DRIVERS\intelide.sys
2010/08/26 12:01:46.0377 intelppm (ada036632c664caa754079041cf1f8c1) I:\Windows\system32\DRIVERS\intelppm.sys
2010/08/26 12:01:46.0450 IpFilterDriver (722dd294df62483cecaae6e094b4d695) I:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/26 12:01:46.0540 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) I:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/26 12:01:46.0605 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) I:\Windows\system32\drivers\ipnat.sys
2010/08/26 12:01:46.0733 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) I:\Windows\system32\DRIVERS\irda.sys
2010/08/26 12:01:46.0793 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) I:\Windows\system32\drivers\irenum.sys
2010/08/26 12:01:46.0885 irsir (d2ca12736624ba636f8357dc3ef0757e) I:\Windows\system32\DRIVERS\irsir.sys
2010/08/26 12:01:46.0954 isapnp (2f7b28dc3e1183e5eb418df55c204f38) I:\Windows\system32\DRIVERS\isapnp.sys
2010/08/26 12:01:47.0026 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) I:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/26 12:01:47.0154 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) I:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/26 12:01:47.0184 kbdhid (6def98f8541e1b5dceb2c822a11f7323) I:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/26 12:01:47.0316 KSecDD (e8b6fcc9c83535c67f835d407620bd27) I:\Windows\system32\Drivers\ksecdd.sys
2010/08/26 12:01:47.0452 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) I:\Windows\system32\Drivers\ksecpkg.sys
2010/08/26 12:01:47.0502 ksthunk (6869281e78cb31a43e969f06b57347c4) I:\Windows\system32\drivers\ksthunk.sys
2010/08/26 12:01:47.0675 lltdio (1538831cf8ad2979a04c423779465827) I:\Windows\system32\DRIVERS\lltdio.sys
2010/08/26 12:01:47.0765 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) I:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/26 12:01:47.0793 LSI_SAS (1047184a9fdc8bdbff857175875ee810) I:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/26 12:01:47.0828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) I:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/26 12:01:47.0922 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) I:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/26 12:01:47.0989 luafv (43d0f98e1d56ccddb0d5254cff7b356e) I:\Windows\system32\drivers\luafv.sys
2010/08/26 12:01:48.0078 megasas (a55805f747c6edb6a9080d7c633bd0f4) I:\Windows\system32\DRIVERS\megasas.sys
2010/08/26 12:01:48.0151 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) I:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/26 12:01:48.0246 MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) I:\Windows\system32\AEA3.tmp
2010/08/26 12:01:48.0450 Modem (800ba92f7010378b09f9ed9270f07137) I:\Windows\system32\drivers\modem.sys
2010/08/26 12:01:48.0505 monitor (b03d591dc7da45ece20b3b467e6aadaa) I:\Windows\system32\DRIVERS\monitor.sys
2010/08/26 12:01:48.0591 mouclass (7d27ea49f3c1f687d357e77a470aea99) I:\Windows\system32\DRIVERS\mouclass.sys
2010/08/26 12:01:48.0657 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) I:\Windows\system32\DRIVERS\mouhid.sys
2010/08/26 12:01:48.0690 mountmgr (791af66c4d0e7c90a3646066386fb571) I:\Windows\system32\drivers\mountmgr.sys
2010/08/26 12:01:48.0798 MpFilter (c4d8c3031c7cd5884ca856b15307e997) I:\Windows\system32\DRIVERS\MpFilter.sys
2010/08/26 12:01:48.0881 mpio (609d1d87649ecc19796f4d76d4c15cea) I:\Windows\system32\DRIVERS\mpio.sys
2010/08/26 12:01:48.0979 MpNWMon (a768f58c55d3f303e686a7646348aec3) I:\Windows\system32\DRIVERS\MpNWMon.sys
2010/08/26 12:01:49.0127 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) I:\Windows\system32\drivers\mpsdrv.sys
2010/08/26 12:01:49.0196 MRxDAV (30524261bb51d96d6fcbac20c810183c) I:\Windows\system32\drivers\mrxdav.sys
2010/08/26 12:01:49.0327 mrxsmb (767a4c3bcf9410c286ced15a2db17108) I:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/26 12:01:49.0458 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) I:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/26 12:01:49.0519 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) I:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/26 12:01:49.0601 msahci (5c37497276e3b3a5488b23a326a754b7) I:\Windows\system32\DRIVERS\msahci.sys
2010/08/26 12:01:49.0677 msdsm (8d27b597229aed79430fb9db3bcbfbd0) I:\Windows\system32\DRIVERS\msdsm.sys
2010/08/26 12:01:49.0802 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) I:\Windows\system32\drivers\Msfs.sys
2010/08/26 12:01:49.0854 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) I:\Windows\System32\drivers\mshidkmdf.sys
2010/08/26 12:01:49.0951 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) I:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/26 12:01:50.0011 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) I:\Windows\system32\drivers\MSKSSRV.sys
2010/08/26 12:01:50.0119 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) I:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/26 12:01:50.0171 MSPQM (4ed981241db27c3383d72092b618a1d0) I:\Windows\system32\drivers\MSPQM.sys
2010/08/26 12:01:50.0271 MsRPC (89cb141aa8616d8c6a4610fa26c60964) I:\Windows\system32\drivers\MsRPC.sys
2010/08/26 12:01:50.0337 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) I:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/26 12:01:50.0422 MSTEE (2e66f9ecb30b4221a318c92ac2250779) I:\Windows\system32\drivers\MSTEE.sys
2010/08/26 12:01:50.0483 MTConfig (7ea404308934e675bffde8edf0757bcd) I:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/26 12:01:50.0593 MTsensor (03b7145c889603537e9ffeabb1ad1089) I:\Windows\system32\DRIVERS\ASACPI.sys
2010/08/26 12:01:50.0731 Mup (f9a18612fd3526fe473c1bda678d61c8) I:\Windows\system32\Drivers\mup.sys
2010/08/26 12:01:50.0883 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) I:\Windows\system32\DRIVERS\nwifi.sys
2010/08/26 12:01:51.0020 NAVENG (a507b7d1c5f957a1aab98794eb377654) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100825.040\ENG64.SYS
2010/08/26 12:01:51.0092 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100825.040\EX64.SYS
2010/08/26 12:01:51.0238 NDIS (cad515dbd07d082bb317d9928ce8962c) I:\Windows\system32\drivers\ndis.sys
2010/08/26 12:01:51.0300 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) I:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/26 12:01:51.0399 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) I:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/26 12:01:51.0462 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) I:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/26 12:01:51.0541 NdisWan (557dfab9ca1fcb036ac77564c010dad3) I:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/26 12:01:51.0620 NDProxy (659b74fb74b86228d6338d643cd3e3cf) I:\Windows\system32\drivers\NDProxy.sys
2010/08/26 12:01:51.0687 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) I:\Windows\system32\DRIVERS\netbios.sys
2010/08/26 12:01:51.0765 NetBT (9162b273a44ab9dce5b44362731d062a) I:\Windows\system32\DRIVERS\netbt.sys
2010/08/26 12:01:51.0950 netr28x (b72bb9496a126fcfc7fc5945ded9b411) I:\Windows\system32\DRIVERS\netr28x.sys
2010/08/26 12:01:52.0014 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) I:\Windows\system32\DRIVERS\netr7364.sys
2010/08/26 12:01:52.0145 nfrd960 (77889813be4d166cdab78ddba990da92) I:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/26 12:01:52.0329 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) I:\Windows\system32\drivers\ccdcmbox64.sys
2010/08/26 12:01:52.0456 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) I:\Windows\system32\drivers\ccdcmbx64.sys
2010/08/26 12:01:52.0578 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) I:\Windows\system32\drivers\Npfs.sys
2010/08/26 12:01:52.0623 nsiproxy (e7f5ae18af4168178a642a9247c63001) I:\Windows\system32\drivers\nsiproxy.sys
2010/08/26 12:01:52.0767 Ntfs (356698a13c4630d5b31c37378d469196) I:\Windows\system32\drivers\Ntfs.sys
2010/08/26 12:01:52.0926 Null (9899284589f75fa8724ff3d16aed75c1) I:\Windows\system32\drivers\Null.sys
2010/08/26 12:01:52.0989 nvax (7a0b94076988c8903e4e2991b6cdb3a1) I:\Windows\system32\drivers\nvax64.sys
2010/08/26 12:01:53.0083 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) I:\Windows\system32\DRIVERS\nvm62x64.sys
2010/08/26 12:01:53.0424 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) I:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/26 12:01:53.0730 nvnforce (fa0ee88baa69f46e10d06bcf4bb17a82) I:\Windows\system32\drivers\nvapu64.sys
2010/08/26 12:01:53.0787 nvraid (3e38712941e9bb4ddbee00affe3fed3d) I:\Windows\system32\DRIVERS\nvraid.sys
2010/08/26 12:01:53.0894 nvstor (477dc4d6deb99be37084c9ac6d013da1) I:\Windows\system32\DRIVERS\nvstor.sys
2010/08/26 12:01:53.0946 nvstor64 (581286807b5832503fd700a3217b589f) I:\Windows\system32\DRIVERS\nvstor64.sys
2010/08/26 12:01:54.0049 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) I:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/26 12:01:54.0122 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) I:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/26 12:01:54.0250 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) I:\Windows\system32\drivers\ctoss2k.sys
2010/08/26 12:01:54.0404 Parport (0086431c29c35be1dbc43f52cc273887) I:\Windows\system32\DRIVERS\parport.sys
2010/08/26 12:01:54.0469 partmgr (7daa117143316c4a1537e074a5a9eaf0) I:\Windows\system32\drivers\partmgr.sys
2010/08/26 12:01:54.0581 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) I:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2010/08/26 12:01:54.0702 pci (f36f6504009f2fb0dfd1b17a116ad74b) I:\Windows\system32\DRIVERS\pci.sys
2010/08/26 12:01:54.0725 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) I:\Windows\system32\DRIVERS\pciide.sys
2010/08/26 12:01:54.0794 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) I:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/26 12:01:54.0917 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) I:\Windows\system32\drivers\pcw.sys
2010/08/26 12:01:55.0106 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) I:\Windows\system32\drivers\peauth.sys
2010/08/26 12:01:55.0295 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) I:\Windows\system32\DRIVERS\pnarp.sys
2010/08/26 12:01:55.0379 PptpMiniport (27cc19e81ba5e3403c48302127bda717) I:\Windows\system32\DRIVERS\raspptp.sys
2010/08/26 12:01:55.0428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) I:\Windows\system32\DRIVERS\processr.sys
2010/08/26 12:01:55.0541 PRODIGY (65937a34c9a5741e3030a86905400d91) I:\Windows\system32\Drivers\PRODIGY.SYS
2010/08/26 12:01:55.0704 Psched (ee992183bd8eaefd9973f352e587a299) I:\Windows\system32\DRIVERS\pacer.sys
2010/08/26 12:01:55.0758 purendis (9a68a89f10f283a23afee2a1bfe4bffb) I:\Windows\system32\DRIVERS\purendis.sys
2010/08/26 12:01:55.0877 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) I:\Windows\system32\DRIVERS\ql2300.sys
2010/08/26 12:01:56.0009 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) I:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/26 12:01:56.0050 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) I:\Windows\system32\drivers\qwavedrv.sys
2010/08/26 12:01:56.0181 RasAcd (5a0da8ad5762fa2d91678a8a01311704) I:\Windows\system32\DRIVERS\rasacd.sys
2010/08/26 12:01:56.0255 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) I:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/26 12:01:56.0348 Rasl2tp (87a6e852a22991580d6d39adc4790463) I:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/26 12:01:56.0430 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) I:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/26 12:01:56.0501 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) I:\Windows\system32\DRIVERS\rassstp.sys
2010/08/26 12:01:56.0553 rdbss (3bac8142102c15d59a87757c1d41dce5) I:\Windows\system32\DRIVERS\rdbss.sys
2010/08/26 12:01:56.0653 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) I:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/26 12:01:56.0685 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) I:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/26 12:01:56.0729 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) I:\Windows\system32\drivers\rdpdr.sys
2010/08/26 12:01:56.0842 RDPENCDD (bb5971a4f00659529a5c44831af22365) I:\Windows\system32\drivers\rdpencdd.sys
2010/08/26 12:01:56.0875 RDPREFMP (216f3fa57533d98e1f74ded70113177a) I:\Windows\system32\drivers\rdprefmp.sys
2010/08/26 12:01:56.0906 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) I:\Windows\system32\drivers\RDPWD.sys
2010/08/26 12:01:57.0060 rdyboost (634b9a2181d98f15941236886164ec8b) I:\Windows\system32\drivers\rdyboost.sys
2010/08/26 12:01:57.0216 RFCOMM (3dd798846e2c28102b922c56e71b7932) I:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/26 12:01:57.0299 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) I:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2010/08/26 12:01:57.0388 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) I:\Windows\system32\Drivers\RootMdm.sys
2010/08/26 12:01:57.0477 rspndr (ddc86e4f8e7456261e637e3552e804ff) I:\Windows\system32\DRIVERS\rspndr.sys
2010/08/26 12:01:57.0578 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) I:\Windows\system32\DRIVERS\RTL8187Se.sys
2010/08/26 12:01:57.0690 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) I:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/26 12:01:57.0804 SASDIFSV (99df79c258b3342b6c8a5f802998de56) I:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/08/26 12:01:57.0853 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) I:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/08/26 12:01:57.0952 sbp2port (e3bbb89983daf5622c1d50cf49f28227) I:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/26 12:01:58.0093 SCDEmu (07237c66e05da6778e9f3cb67fa00736) I:\Windows\system32\drivers\SCDEmu.sys
2010/08/26 12:01:58.0134 scfilter (c94da20c7e3ba1dca269bc8460d98387) I:\Windows\system32\DRIVERS\scfilter.sys
2010/08/26 12:01:58.0317 secdrv (3ea8a16169c26afbeb544e0e48421186) I:\Windows\system32\drivers\secdrv.sys
2010/08/26 12:01:58.0404 Serenum (cb624c0035412af0debec78c41f5ca1b) I:\Windows\system32\DRIVERS\serenum.sys
2010/08/26 12:01:58.0498 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) I:\Windows\system32\DRIVERS\serial.sys
2010/08/26 12:01:58.0533 sermouse (1c545a7d0691cc4a027396535691c3e3) I:\Windows\system32\DRIVERS\sermouse.sys
2010/08/26 12:01:58.0708 sffdisk (a554811bcd09279536440c964ae35bbf) I:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/26 12:01:58.0752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) I:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/26 12:01:58.0778 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) I:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/26 12:01:58.0814 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) I:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/26 12:01:58.0926 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) I:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/26 12:01:58.0980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) I:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/26 12:01:59.0070 Smb (548260a7b8654e024dc30bf8a7c5baa4) I:\Windows\system32\DRIVERS\smb.sys
2010/08/26 12:01:59.0206 snapman (27ba49f89468fddae6c2b311c53bce3a) I:\Windows\system32\DRIVERS\snapman.sys
2010/08/26 12:01:59.0389 spldr (b9e31e5cacdfe584f34f730a677803f9) I:\Windows\system32\drivers\spldr.sys
2010/08/26 12:01:59.0525 sptd (602884696850c86434530790b110e8eb) I:\Windows\system32\Drivers\sptd.sys
2010/08/26 12:01:59.0526 Suspicious file (NoAccess): I:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/08/26 12:01:59.0544 sptd - detected Locked file (1)
2010/08/26 12:01:59.0672 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) I:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
2010/08/26 12:01:59.0813 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) I:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
2010/08/26 12:01:59.0952 srv (43067a65522eaec33d31a12d6fa8e3f4) I:\Windows\system32\DRIVERS\srv.sys
2010/08/26 12:02:00.0014 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) I:\Windows\system32\DRIVERS\srv2.sys
2010/08/26 12:02:00.0115 srvnet (fbd09635227a8026c0f7790f604343c6) I:\Windows\system32\DRIVERS\srvnet.sys
2010/08/26 12:02:00.0392 stexstor (f3817967ed533d08327dc73bc4d5542a) I:\Windows\system32\DRIVERS\stexstor.sys
2010/08/26 12:02:00.0452 storflt (ffd7a6f15b14234b5b0e5d49e7961895) I:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/26 12:02:00.0496 storvsc (8fccbefc5c440b3c23454656e551b09a) I:\Windows\system32\DRIVERS\storvsc.sys
2010/08/26 12:02:00.0574 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) I:\Windows\system32\DRIVERS\swenum.sys
2010/08/26 12:02:00.0665 SymDS (659b227a72b76115975a6a9491b2fe1f) I:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
2010/08/26 12:02:00.0846 SymEFA (42c952d131eff724a9959bb6d78c1b63) I:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
2010/08/26 12:02:00.0968 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) I:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/08/26 12:02:01.0044 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) I:\Windows\system32\DRIVERS\SymIMv.sys
2010/08/26 12:02:01.0177 SymIRON (f57588546e738db1583981d8f44e9bc2) I:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
2010/08/26 12:02:01.0347 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) I:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
2010/08/26 12:02:01.0526 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) I:\Windows\system32\drivers\tcpip.sys
2010/08/26 12:02:01.0709 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) I:\Windows\system32\DRIVERS\tcpip.sys
2010/08/26 12:02:01.0824 tcpipreg (76d078af6f587b162d50210f761eb9ed) I:\Windows\system32\drivers\tcpipreg.sys
2010/08/26 12:02:01.0865 TDPIPE (3371d21011695b16333a3934340c4e7c) I:\Windows\system32\drivers\tdpipe.sys
2010/08/26 12:02:02.0003 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) I:\Windows\system32\DRIVERS\tdrpm258.sys
2010/08/26 12:02:02.0163 TDTCP (e4245bda3190a582d55ed09e137401a9) I:\Windows\system32\drivers\tdtcp.sys
2010/08/26 12:02:02.0256 tdx (079125c4b17b01fcaeebce0bcb290c0f) I:\Windows\system32\DRIVERS\tdx.sys
2010/08/26 12:02:02.0325 TermDD (c448651339196c0e869a355171875522) I:\Windows\system32\DRIVERS\termdd.sys
2010/08/26 12:02:02.0406 timounter (2c1caf5563548a15515eab07d2a069c6) I:\Windows\system32\DRIVERS\timntr.sys
2010/08/26 12:02:02.0544 tosporte (8021f63311797085949fa387f7c83583) I:\Windows\system32\DRIVERS\tosporte.sys
2010/08/26 12:02:02.0609 tosrfbd (3fa1857f4a99af19d1f4106697793e0e) I:\Windows\system32\DRIVERS\tosrfbd.sys
2010/08/26 12:02:02.0707 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) I:\Windows\system32\Drivers\tosrfbnp.sys
2010/08/26 12:02:02.0763 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) I:\Windows\system32\Drivers\tosrfcom.sys
2010/08/26 12:02:02.0804 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) I:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/08/26 12:02:02.0890 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) I:\Windows\system32\DRIVERS\tosrfnds.sys
2010/08/26 12:02:02.0967 TosRfSnd (2254bc85fa003686d6bc2f76e54a60ae) I:\Windows\system32\drivers\tosrfsnd.sys
2010/08/26 12:02:03.0070 Tosrfusb (6248b8ad1d0e9d7cdeba37b843c9bf33) I:\Windows\system32\DRIVERS\tosrfusb.sys
2010/08/26 12:02:03.0163 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) I:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/26 12:02:03.0255 tunnel (3836171a2cdf3af8ef10856db9835a70) I:\Windows\system32\DRIVERS\tunnel.sys
2010/08/26 12:02:03.0316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) I:\Windows\system32\DRIVERS\uagp35.sys
2010/08/26 12:02:03.0424 udfs (d47baead86c65d4f4069d7ce0a4edceb) I:\Windows\system32\DRIVERS\udfs.sys
2010/08/26 12:02:03.0520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) I:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/26 12:02:03.0606 umbus (eab6c35e62b1b0db0d1b48b671d3a117) I:\Windows\system32\DRIVERS\umbus.sys
2010/08/26 12:02:03.0659 UmPass (b2e8e8cb557b156da5493bbddcc1474d) I:\Windows\system32\DRIVERS\umpass.sys
2010/08/26 12:02:03.0787 upperdev (bcd611d240604ceee7f90805361fab50) I:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2010/08/26 12:02:03.0857 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) I:\Windows\system32\Drivers\usbaapl64.sys
2010/08/26 12:02:03.0972 usbaudio (77b01bc848298223a95d4ec23e1785a1) I:\Windows\system32\drivers\usbaudio.sys
2010/08/26 12:02:04.0112 usbccgp (b26afb54a534d634523c4fb66765b026) I:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/26 12:02:04.0157 usbcir (af0892a803fdda7492f595368e3b68e7) I:\Windows\system32\DRIVERS\usbcir.sys
2010/08/26 12:02:04.0270 usbehci (df9f9afc9aaabd8ed47975d44e38169a) I:\Windows\system32\DRIVERS\usbehci.sys
2010/08/26 12:02:04.0345 usbhub (372a91bc3c6603080a793880b0873785) I:\Windows\system32\DRIVERS\usbhub.sys
2010/08/26 12:02:04.0421 usbohci (58e546bbaf87664fc57e0f6081e4f609) I:\Windows\system32\DRIVERS\usbohci.sys
2010/08/26 12:02:04.0493 usbprint (73188f58fb384e75c4063d29413cee3d) I:\Windows\system32\DRIVERS\usbprint.sys
2010/08/26 12:02:04.0614 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) I:\Windows\system32\DRIVERS\usbscan.sys
2010/08/26 12:02:04.0731 usbser (0f0c72a657c622286013788b886968ad) I:\Windows\system32\drivers\usbser.sys
2010/08/26 12:02:04.0776 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) I:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2010/08/26 12:02:04.0890 USBSTOR (080d3820da6c046be82fc8b45a893e83) I:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/26 12:02:04.0950 usbuhci (81fb2216d3a60d1284455d511797db3d) I:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/26 12:02:05.0079 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) I:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/26 12:02:05.0114 vga (da4da3f5e02943c2dc8c6ed875de68dd) I:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/26 12:02:05.0179 VgaSave (53e92a310193cb3c03bea963de7d9cfc) I:\Windows\System32\drivers\vga.sys
2010/08/26 12:02:05.0264 vhdmp (c82e748660f62a242b2dfac1442f22a4) I:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/26 12:02:05.0323 viaide (e5689d93ffe4e5d66c0178761240dd54) I:\Windows\system32\DRIVERS\viaide.sys
2010/08/26 12:02:05.0356 vmbus (1501699d7eda984abc4155a7da5738d1) I:\Windows\system32\DRIVERS\vmbus.sys
2010/08/26 12:02:05.0443 VMBusHID (ae10c35761889e65a6f7176937c5592c) I:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/26 12:02:05.0502 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) I:\Windows\system32\DRIVERS\volmgr.sys
2010/08/26 12:02:05.0537 volmgrx (99b0cbb569ca79acaed8c91461d765fb) I:\Windows\system32\drivers\volmgrx.sys
2010/08/26 12:02:05.0619 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) I:\Windows\system32\DRIVERS\volsnap.sys
2010/08/26 12:02:05.0706 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) I:\Windows\system32\DRIVERS\vpchbus.sys
2010/08/26 12:02:05.0794 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) I:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/08/26 12:02:05.0861 vpcusb (31924e31bc315773e6d149b157db46d5) I:\Windows\system32\DRIVERS\vpcusb.sys
2010/08/26 12:02:05.0948 vpcvmm (c5b651e52540e6f46da66574c74b4898) I:\Windows\system32\drivers\vpcvmm.sys
2010/08/26 12:02:06.0003 vsmraid (5e2016ea6ebaca03c04feac5f330d997) I:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/26 12:02:06.0109 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) I:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/26 12:02:06.0191 vwififlt (6a3d66263414ff0d6fa754c646612f3f) I:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/26 12:02:06.0254 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) I:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/26 12:02:06.0363 VX3000 (e13b31e0ada64cf1513d993f436ca39d) I:\Windows\system32\DRIVERS\VX3000.sys
2010/08/26 12:02:06.0521 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) I:\Windows\system32\DRIVERS\wacompen.sys
2010/08/26 12:02:06.0555 WANARP (47ca49400643effd3f1c9a27e1d69324) I:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 12:02:06.0596 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) I:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 12:02:06.0783 Wd (72889e16ff12ba0f235467d6091b17dc) I:\Windows\system32\DRIVERS\wd.sys
2010/08/26 12:02:06.0856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) I:\Windows\system32\drivers\Wdf01000.sys
2010/08/26 12:02:06.0995 WfpLwf (611b23304bf067451a9fdee01fbdd725) I:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/26 12:02:07.0040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) I:\Windows\system32\drivers\wimmount.sys
2010/08/26 12:02:07.0230 WinUsb (817eaff5d38674edd7713b9dfb8e9791) I:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/26 12:02:07.0364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) I:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/26 12:02:07.0471 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) I:\Windows\system32\drivers\ws2ifsl.sys
2010/08/26 12:02:07.0633 WudfPf (7cadc74271dd6461c452c271b30bd378) I:\Windows\system32\drivers\WudfPf.sys
2010/08/26 12:02:07.0686 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) I:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/26 12:02:07.0828 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) I:\Windows\system32\DRIVERS\yk62x64.sys
2010/08/26 12:02:08.0065 ================================================================================
2010/08/26 12:02:08.0065 Scan finished
2010/08/26 12:02:08.0065 ================================================================================
2010/08/26 12:02:08.0083 Detected object count: 1
2010/08/26 12:02:16.0724 Locked file(sptd) - User select action: Skip
2010/08/26 12:02:23.0021 ================================================================================
2010/08/26 12:02:23.0022 Scan started
2010/08/26 12:02:23.0022 Mode: Manual;
2010/08/26 12:02:23.0022 ================================================================================
2010/08/26 12:02:23.0425 1394ohci (1b00662092f9f9568b995902f0cc40d5) I:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/26 12:02:23.0473 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) I:\Windows\system32\DRIVERS\ACPI.sys
2010/08/26 12:02:23.0513 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) I:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/26 12:02:23.0646 adfs (2f0683fd2df1d92e891caca14b45a8c1) I:\Windows\system32\drivers\adfs.sys
2010/08/26 12:02:23.0739 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) I:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/26 12:02:23.0821 adpahci (597f78224ee9224ea1a13d6350ced962) I:\Windows\system32\DRIVERS\adpahci.sys
2010/08/26 12:02:23.0881 adpu320 (e109549c90f62fb570b9540c4b148e54) I:\Windows\system32\DRIVERS\adpu320.sys
2010/08/26 12:02:23.0944 afcdp (1ee367dec27e3ce00657f5bb71f5f7a7) I:\Windows\system32\DRIVERS\afcdp.sys
2010/08/26 12:02:24.0067 AFD (b9384e03479d2506bc924c16a3db87bc) I:\Windows\system32\drivers\afd.sys
2010/08/26 12:02:24.0113 agp440 (608c14dba7299d8cb6ed035a68a15799) I:\Windows\system32\DRIVERS\agp440.sys
2010/08/26 12:02:24.0227 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) I:\Windows\system32\drivers\RTKVAC64.SYS
2010/08/26 12:02:24.0344 aliide (5812713a477a3ad7363c7438ca2ee038) I:\Windows\system32\DRIVERS\aliide.sys
2010/08/26 12:02:24.0650 amdide (1ff8b4431c353ce385c875f194924c0c) I:\Windows\system32\DRIVERS\amdide.sys
2010/08/26 12:02:24.0720 AmdK8 (7024f087cff1833a806193ef9d22cda9) I:\Windows\system32\DRIVERS\amdk8.sys
2010/08/26 12:02:24.0813 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) I:\Windows\system32\DRIVERS\amdppm.sys
2010/08/26 12:02:24.0839 amdsata (7a4b413614c055935567cf88a9734d38) I:\Windows\system32\DRIVERS\amdsata.sys
2010/08/26 12:02:24.0884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) I:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/26 12:02:24.0973 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) I:\Windows\system32\DRIVERS\amdxata.sys
2010/08/26 12:02:25.0033 AppID (42fd751b27fa0e9c69bb39f39e409594) I:\Windows\system32\drivers\appid.sys
2010/08/26 12:02:25.0174 arc (c484f8ceb1717c540242531db7845c4e) I:\Windows\system32\DRIVERS\arc.sys
2010/08/26 12:02:25.0206 arcsas (019af6924aefe7839f61c830227fe79c) I:\Windows\system32\DRIVERS\arcsas.sys
2010/08/26 12:02:25.0346 AsyncMac (769765ce2cc62867468cea93969b2242) I:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/26 12:02:25.0382 atapi (02062c0b390b7729edc9e69c680a6f3c) I:\Windows\system32\DRIVERS\atapi.sys
2010/08/26 12:02:25.0498 b06bdrv (3e5b191307609f7514148c6832bb0842) I:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/26 12:02:25.0540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) I:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/26 12:02:25.0621 BCM43XX (9e84a931dbee0292e38ed672f6293a99) I:\Windows\system32\DRIVERS\bcmwl664.sys
2010/08/26 12:02:25.0750 Beep (16a47ce2decc9b099349a5f840654746) I:\Windows\system32\drivers\Beep.sys
2010/08/26 12:02:25.0938 BHDrvx64 (95da658498248d5832aa240850706150) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
2010/08/26 12:02:26.0056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) I:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/26 12:02:26.0095 bowser (91ce0d3dc57dd377e690a2d324022b08) I:\Windows\system32\DRIVERS\bowser.sys
2010/08/26 12:02:26.0132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) I:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/26 12:02:26.0205 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) I:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/26 12:02:26.0250 Brserid (43bea8d483bf1870f018e2d02e06a5bd) I:\Windows\System32\Drivers\Brserid.sys
2010/08/26 12:02:26.0292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) I:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/26 12:02:26.0316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) I:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/26 12:02:26.0394 BrUsbSer (a87528880231c54e75ea7a44943b38bf) I:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/26 12:02:26.0450 bthav (0b2ee8b36081c1039ea3d20b952a8ddc) I:\Windows\system32\drivers\bthav.sys
2010/08/26 12:02:26.0553 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) I:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/26 12:02:26.0628 BthEnum (cf98190a94f62e405c8cb255018b2315) I:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/26 12:02:26.0740 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) I:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/26 12:02:26.0811 BthPan (02dd601b708dd0667e1331fa8518e9ff) I:\Windows\system32\DRIVERS\bthpan.sys
2010/08/26 12:02:26.0849 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) I:\Windows\system32\Drivers\BTHport.sys
2010/08/26 12:02:26.0964 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) I:\Windows\system32\Drivers\BTHUSB.sys
2010/08/26 12:02:27.0031 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) I:\Windows\system32\drivers\btwaudio.sys
2010/08/26 12:02:27.0112 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) I:\Windows\system32\DRIVERS\btwavdt.sys
2010/08/26 12:02:27.0183 btwl2cap (6149301dc3f81d6f9667a3fbac410975) I:\Windows\system32\DRIVERS\btwl2cap.sys
2010/08/26 12:02:27.0276 btwrchid (28e105ad3b79f440bf94780f507bf66a) I:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/26 12:02:27.0424 ccHP (da66e851e76766d2c84502fe682ab175) I:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
2010/08/26 12:02:27.0539 cdfs (b8bd2bb284668c84865658c77574381a) I:\Windows\system32\DRIVERS\cdfs.sys
2010/08/26 12:02:27.0571 cdrom (83d2d75e1efb81b3450c18131443f7db) I:\Windows\system32\DRIVERS\cdrom.sys
2010/08/26 12:02:27.0624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) I:\Windows\system32\DRIVERS\circlass.sys
2010/08/26 12:02:27.0722 CLFS (fe1ec06f2253f691fe36217c592a0206) I:\Windows\system32\CLFS.sys
2010/08/26 12:02:27.0823 CmBatt (0840155d0bddf1190f84a663c284bd33) I:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/26 12:02:27.0886 cmdide (e19d3f095812725d88f9001985b94edd) I:\Windows\system32\DRIVERS\cmdide.sys
2010/08/26 12:02:27.0940 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) I:\Windows\system32\Drivers\cng.sys
2010/08/26 12:02:28.0076 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) I:\Windows\system32\COMMONFX.DLL
2010/08/26 12:02:28.0225 Compbatt (102de219c3f61415f964c88e9085ad14) I:\Windows\system32\DRIVERS\compbatt.sys
2010/08/26 12:02:28.0288 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) I:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/26 12:02:28.0602 crcdisk (1c827878a998c18847245fe1f34ee597) I:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/26 12:02:28.0766 CSC (4a6173c2279b498cd8f57cae504564cb) I:\Windows\system32\drivers\csc.sys
2010/08/26 12:02:28.0819 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) I:\Windows\system32\CT20XUT.DLL
2010/08/26 12:02:28.0934 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) I:\Windows\system32\drivers\ctac32k.sys
2010/08/26 12:02:29.0018 ctaud2k (7321bd704cc3b34b78f8574e64258f39) I:\Windows\system32\drivers\ctaud2k.sys
2010/08/26 12:02:29.0179 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) I:\Windows\system32\CTAUDFX.DLL
2010/08/26 12:02:29.0437 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) I:\Windows\system32\CTEAPSFX.DLL
2010/08/26 12:02:29.0479 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) I:\Windows\system32\CTEDSPFX.DLL
2010/08/26 12:02:29.0570 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) I:\Windows\system32\CTEDSPIO.DLL
2010/08/26 12:02:29.0620 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) I:\Windows\system32\CTEDSPSY.DLL
2010/08/26 12:02:29.0812 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) I:\Windows\system32\CTERFXFX.DLL
2010/08/26 12:02:30.0006 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) I:\Windows\system32\CTEXFIFX.DLL
2010/08/26 12:02:30.0084 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) I:\Windows\system32\CTHWIUT.DLL
2010/08/26 12:02:30.0138 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) I:\Windows\system32\drivers\ctprxy2k.sys
2010/08/26 12:02:30.0286 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) I:\Windows\system32\CTSBLFX.DLL
2010/08/26 12:02:30.0443 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) I:\Windows\system32\drivers\ctsfm2k.sys
2010/08/26 12:02:30.0555 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) I:\Windows\system32\drivers\DefragFS.sys
2010/08/26 12:02:30.0684 DfsC (3f1dc527070acb87e40afe46ef6da749) I:\Windows\system32\Drivers\dfsc.sys
2010/08/26 12:02:30.0732 discache (13096b05847ec78f0977f2c0f79e9ab3) I:\Windows\system32\drivers\discache.sys
2010/08/26 12:02:30.0760 Disk (9819eee8b5ea3784ec4af3b137a5244c) I:\Windows\system32\DRIVERS\disk.sys
2010/08/26 12:02:30.0820 drmkaud (9b19f34400d24df84c858a421c205754) I:\Windows\system32\drivers\drmkaud.sys
2010/08/26 12:02:30.0920 DXGKrnl (ebce0b0924835f635f620d19f0529dce) I:\Windows\System32\drivers\dxgkrnl.sys
2010/08/26 12:02:31.0053 ebdrv (dc5d737f51be844d8c82c695eb17372f) I:\Windows\system32\DRIVERS\evbda.sys
2010/08/26 12:02:31.0201 eeCtrl (066108ae4c35835081598827a1a7d08d) I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/08/26 12:02:31.0311 elxstor (0e5da5369a0fcaea12456dd852545184) I:\Windows\system32\DRIVERS\elxstor.sys
2010/08/26 12:02:31.0403 emupia (1e2f860d9521fb73566c85cd17d58291) I:\Windows\system32\drivers\emupia2k.sys
2010/08/26 12:02:31.0523 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/26 12:02:31.0619 ErrDev (34a3c54752046e79a126e15c51db409b) I:\Windows\system32\DRIVERS\errdev.sys
2010/08/26 12:02:31.0958 exfat (a510c654ec00c1e9bdd91eeb3a59823b) I:\Windows\system32\drivers\exfat.sys
2010/08/26 12:02:32.0014 fastfat (0adc83218b66a6db380c330836f3e36d) I:\Windows\system32\drivers\fastfat.sys
2010/08/26 12:02:32.0109 fdc (d765d19cd8ef61f650c384f62fac00ab) I:\Windows\system32\DRIVERS\fdc.sys
2010/08/26 12:02:32.0177 FileInfo (655661be46b5f5f3fd454e2c3095b930) I:\Windows\system32\drivers\fileinfo.sys
2010/08/26 12:02:32.0271 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) I:\Windows\system32\drivers\filetrace.sys
2010/08/26 12:02:32.0421 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) I:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/26 12:02:32.0463 FltMgr (f7866af72abbaf84b1fa5aa195378c59) I:\Windows\system32\drivers\fltmgr.sys
2010/08/26 12:02:32.0510 FsDepends (d43703496149971890703b4b1b723eac) I:\Windows\system32\drivers\FsDepends.sys
2010/08/26 12:02:32.0628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) I:\Windows\system32\drivers\Fs_Rec.sys
2010/08/26 12:02:32.0680 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) I:\Windows\system32\DRIVERS\fvevol.sys
2010/08/26 12:02:32.0714 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) I:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/26 12:02:32.0813 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) I:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/26 12:02:32.0970 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) I:\Windows\system32\drivers\ha10kx2k.sys
2010/08/26 12:02:33.0095 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) I:\Windows\system32\drivers\hap16v2k.sys
2010/08/26 12:02:33.0142 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) I:\Windows\system32\drivers\hap17v2k.sys
2010/08/26 12:02:33.0255 hcw85cir (f2523ef6460fc42405b12248338ab2f0) I:\Windows\system32\drivers\hcw85cir.sys
2010/08/26 12:02:33.0306 HDAudBus (0a49913402747a0b67de940fb42cbdbb) I:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/26 12:02:33.0341 HidBatt (78e86380454a7b10a5eb255dc44a355f) I:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/26 12:02:33.0410 HidBth (7fd2a313f7afe5c4dab14798c48dd104) I:\Windows\system32\DRIVERS\hidbth.sys
2010/08/26 12:02:33.0445 HidIr (0a77d29f311b88cfae3b13f9c1a73825) I:\Windows\system32\DRIVERS\hidir.sys
2010/08/26 12:02:33.0508 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) I:\Windows\system32\DRIVERS\hidusb.sys
2010/08/26 12:02:33.0618 HpSAMD (0886d440058f203eba0e1825e4355914) I:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/26 12:02:33.0677 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) I:\Windows\system32\drivers\HTTP.sys
2010/08/26 12:02:33.0708 hwpolicy (f17766a19145f111856378df337a5d79) I:\Windows\system32\drivers\hwpolicy.sys
2010/08/26 12:02:33.0788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) I:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/26 12:02:33.0845 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) I:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/26 12:02:34.0040 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100823.002\IDSvia64.sys
2010/08/26 12:02:34.0128 iirsp (5c18831c61933628f5bb0ea2675b9d21) I:\Windows\system32\DRIVERS\iirsp.sys
2010/08/26 12:02:34.0201 intelide (f00f20e70c6ec3aa366910083a0518aa) I:\Windows\system32\DRIVERS\intelide.sys
2010/08/26 12:02:34.0282 intelppm (ada036632c664caa754079041cf1f8c1) I:\Windows\system32\DRIVERS\intelppm.sys
2010/08/26 12:02:34.0329 IpFilterDriver (722dd294df62483cecaae6e094b4d695) I:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/26 12:02:34.0385 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) I:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/26 12:02:34.0452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) I:\Windows\system32\drivers\ipnat.sys
2010/08/26 12:02:34.0587 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) I:\Windows\system32\DRIVERS\irda.sys
2010/08/26 12:02:34.0623 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) I:\Windows\system32\drivers\irenum.sys
2010/08/26 12:02:34.0748 irsir (d2ca12736624ba636f8357dc3ef0757e) I:\Windows\system32\DRIVERS\irsir.sys
2010/08/26 12:02:34.0799 isapnp (2f7b28dc3e1183e5eb418df55c204f38) I:\Windows\system32\DRIVERS\isapnp.sys
2010/08/26 12:02:34.0838 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) I:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/26 12:02:34.0942 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) I:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/26 12:02:34.0989 kbdhid (6def98f8541e1b5dceb2c822a11f7323) I:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/26 12:02:35.0095 KSecDD (e8b6fcc9c83535c67f835d407620bd27) I:\Windows\system32\Drivers\ksecdd.sys
2010/08/26 12:02:35.0147 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) I:\Windows\system32\Drivers\ksecpkg.sys
2010/08/26 12:02:35.0231 ksthunk (6869281e78cb31a43e969f06b57347c4) I:\Windows\system32\drivers\ksthunk.sys
2010/08/26 12:02:35.0404 lltdio (1538831cf8ad2979a04c423779465827) I:\Windows\system32\DRIVERS\lltdio.sys
2010/08/26 12:02:35.0486 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) I:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/26 12:02:35.0507 LSI_SAS (1047184a9fdc8bdbff857175875ee810) I:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/26 12:02:35.0541 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) I:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/26 12:02:35.0626 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) I:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/26 12:02:35.0693 luafv (43d0f98e1d56ccddb0d5254cff7b356e) I:\Windows\system32\drivers\luafv.sys
2010/08/26 12:02:35.0774 megasas (a55805f747c6edb6a9080d7c633bd0f4) I:\Windows\system32\DRIVERS\megasas.sys
2010/08/26 12:02:35.0830 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) I:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/26 12:02:35.0924 MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) I:\Windows\system32\AEA3.tmp
2010/08/26 12:02:36.0095 Modem (800ba92f7010378b09f9ed9270f07137) I:\Windows\system32\drivers\modem.sys
2010/08/26 12:02:36.0160 monitor (b03d591dc7da45ece20b3b467e6aadaa) I:\Windows\system32\DRIVERS\monitor.sys
2010/08/26 12:02:36.0237 mouclass (7d27ea49f3c1f687d357e77a470aea99) I:\Windows\system32\DRIVERS\mouclass.sys
2010/08/26 12:02:36.0294 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) I:\Windows\system32\DRIVERS\mouhid.sys
2010/08/26 12:02:36.0377 mountmgr (791af66c4d0e7c90a3646066386fb571) I:\Windows\system32\drivers\mountmgr.sys
2010/08/26 12:02:36.0444 MpFilter (c4d8c3031c7cd5884ca856b15307e997) I:\Windows\system32\DRIVERS\MpFilter.sys
2010/08/26 12:02:36.0527 mpio (609d1d87649ecc19796f4d76d4c15cea) I:\Windows\system32\DRIVERS\mpio.sys
2010/08/26 12:02:36.0591 MpNWMon (a768f58c55d3f303e686a7646348aec3) I:\Windows\system32\DRIVERS\MpNWMon.sys
2010/08/26 12:02:36.0756 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) I:\Windows\system32\drivers\mpsdrv.sys
2010/08/26 12:02:36.0833 MRxDAV (30524261bb51d96d6fcbac20c810183c) I:\Windows\system32\drivers\mrxdav.sys
2010/08/26 12:02:36.0956 mrxsmb (767a4c3bcf9410c286ced15a2db17108) I:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/26 12:02:37.0086 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) I:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/26 12:02:37.0148 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) I:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/26 12:02:37.0230 msahci (5c37497276e3b3a5488b23a326a754b7) I:\Windows\system32\DRIVERS\msahci.sys
2010/08/26 12:02:37.0297 msdsm (8d27b597229aed79430fb9db3bcbfbd0) I:\Windows\system32\DRIVERS\msdsm.sys
2010/08/26 12:02:37.0423 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) I:\Windows\system32\drivers\Msfs.sys
2010/08/26 12:02:37.0466 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) I:\Windows\System32\drivers\mshidkmdf.sys
2010/08/26 12:02:37.0497 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) I:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/26 12:02:37.0590 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) I:\Windows\system32\drivers\MSKSSRV.sys
2010/08/26 12:02:37.0656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) I:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/26 12:02:37.0734 MSPQM (4ed981241db27c3383d72092b618a1d0) I:\Windows\system32\drivers\MSPQM.sys
2010/08/26 12:02:37.0775 MsRPC (89cb141aa8616d8c6a4610fa26c60964) I:\Windows\system32\drivers\MsRPC.sys
2010/08/26 12:02:37.0866 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) I:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/26 12:02:37.0901 MSTEE (2e66f9ecb30b4221a318c92ac2250779) I:\Windows\system32\drivers\MSTEE.sys
2010/08/26 12:02:37.0928 MTConfig (7ea404308934e675bffde8edf0757bcd) I:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/26 12:02:38.0039 MTsensor (03b7145c889603537e9ffeabb1ad1089) I:\Windows\system32\DRIVERS\ASACPI.sys
2010/08/26 12:02:38.0102 Mup (f9a18612fd3526fe473c1bda678d61c8) I:\Windows\system32\Drivers\mup.sys
2010/08/26 12:02:38.0204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) I:\Windows\system32\DRIVERS\nwifi.sys
2010/08/26 12:02:38.0349 NAVENG (a507b7d1c5f957a1aab98794eb377654) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100825.040\ENG64.SYS
2010/08/26 12:02:38.0405 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100825.040\EX64.SYS
2010/08/26 12:02:38.0550 NDIS (cad515dbd07d082bb317d9928ce8962c) I:\Windows\system32\drivers\ndis.sys
2010/08/26 12:02:38.0604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) I:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/26 12:02:38.0695 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) I:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/26 12:02:38.0808 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) I:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/26 12:02:38.0845 NdisWan (557dfab9ca1fcb036ac77564c010dad3) I:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/26 12:02:38.0957 NDProxy (659b74fb74b86228d6338d643cd3e3cf) I:\Windows\system32\drivers\NDProxy.sys
2010/08/26 12:02:38.0983 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) I:\Windows\system32\DRIVERS\netbios.sys
2010/08/26 12:02:39.0102 NetBT (9162b273a44ab9dce5b44362731d062a) I:\Windows\system32\DRIVERS\netbt.sys
2010/08/26 12:02:39.0295 netr28x (b72bb9496a126fcfc7fc5945ded9b411) I:\Windows\system32\DRIVERS\netr28x.sys
2010/08/26 12:02:39.0368 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) I:\Windows\system32\DRIVERS\netr7364.sys
2010/08/26 12:02:39.0474 nfrd960 (77889813be4d166cdab78ddba990da92) I:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/26 12:02:39.0649 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) I:\Windows\system32\drivers\ccdcmbox64.sys
2010/08/26 12:02:39.0709 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) I:\Windows\system32\drivers\ccdcmbx64.sys
2010/08/26 12:02:39.0798 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) I:\Windows\system32\drivers\Npfs.sys
2010/08/26 12:02:39.0851 nsiproxy (e7f5ae18af4168178a642a9247c63001) I:\Windows\system32\drivers\nsiproxy.sys
2010/08/26 12:02:39.0979 Ntfs (356698a13c4630d5b31c37378d469196) I:\Windows\system32\drivers\Ntfs.sys
2010/08/26 12:02:40.0088 Null (9899284589f75fa8724ff3d16aed75c1) I:\Windows\system32\drivers\Null.sys
2010/08/26 12:02:40.0151 nvax (7a0b94076988c8903e4e2991b6cdb3a1) I:\Windows\system32\drivers\nvax64.sys
2010/08/26 12:02:40.0246 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) I:\Windows\system32\DRIVERS\nvm62x64.sys
2010/08/26 12:02:40.0577 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) I:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/26 12:02:40.0758 nvnforce (fa0ee88baa69f46e10d06bcf4bb17a82) I:\Windows\system32\drivers\nvapu64.sys
2010/08/26 12:02:40.0816 nvraid (3e38712941e9bb4ddbee00affe3fed3d) I:\Windows\system32\DRIVERS\nvraid.sys
2010/08/26 12:02:40.0907 nvstor (477dc4d6deb99be37084c9ac6d013da1) I:\Windows\system32\DRIVERS\nvstor.sys
2010/08/26 12:02:40.0950 nvstor64 (581286807b5832503fd700a3217b589f) I:\Windows\system32\DRIVERS\nvstor64.sys
2010/08/26 12:02:41.0037 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) I:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/26 12:02:41.0109 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) I:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/26 12:02:41.0229 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) I:\Windows\system32\drivers\ctoss2k.sys
2010/08/26 12:02:41.0367 Parport (0086431c29c35be1dbc43f52cc273887) I:\Windows\system32\DRIVERS\parport.sys
2010/08/26 12:02:41.0424 partmgr (7daa117143316c4a1537e074a5a9eaf0) I:\Windows\system32\drivers\partmgr.sys
2010/08/26 12:02:41.0476 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) I:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2010/08/26 12:02:41.0573 pci (f36f6504009f2fb0dfd1b17a116ad74b) I:\Windows\system32\DRIVERS\pci.sys
2010/08/26 12:02:41.0646 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) I:\Windows\system32\DRIVERS\pciide.sys
2010/08/26 12:02:41.0691 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) I:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/26 12:02:41.0855 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) I:\Windows\system32\drivers\pcw.sys
2010/08/26 12:02:42.0043 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) I:\Windows\system32\drivers\peauth.sys
2010/08/26 12:02:42.0250 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) I:\Windows\system32\DRIVERS\pnarp.sys
2010/08/26 12:02:42.0359 PptpMiniport (27cc19e81ba5e3403c48302127bda717) I:\Windows\system32\DRIVERS\raspptp.sys
2010/08/26 12:02:42.0440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) I:\Windows\system32\DRIVERS\processr.sys
2010/08/26 12:02:42.0536 PRODIGY (65937a34c9a5741e3030a86905400d91) I:\Windows\system32\Drivers\PRODIGY.SYS
2010/08/26 12:02:42.0659 Psched (ee992183bd8eaefd9973f352e587a299) I:\Windows\system32\DRIVERS\pacer.sys
2010/08/26 12:02:42.0737 purendis (9a68a89f10f283a23afee2a1bfe4bffb) I:\Windows\system32\DRIVERS\purendis.sys
2010/08/26 12:02:42.0849 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) I:\Windows\system32\DRIVERS\ql2300.sys
2010/08/26 12:02:42.0930 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) I:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/26 12:02:42.0996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) I:\Windows\system32\drivers\qwavedrv.sys
2010/08/26 12:02:43.0052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) I:\Windows\system32\DRIVERS\rasacd.sys
2010/08/26 12:02:43.0151 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) I:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/26 12:02:43.0210 Rasl2tp (87a6e852a22991580d6d39adc4790463) I:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/26 12:02:43.0302 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) I:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/26 12:02:43.0347 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) I:\Windows\system32\DRIVERS\rassstp.sys
2010/08/26 12:02:43.0410 rdbss (3bac8142102c15d59a87757c1d41dce5) I:\Windows\system32\DRIVERS\rdbss.sys
2010/08/26 12:02:43.0499 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) I:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/26 12:02:43.0565 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) I:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/26 12:02:43.0658 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) I:\Windows\system32\drivers\rdpdr.sys
2010/08/26 12:02:43.0712 RDPENCDD (bb5971a4f00659529a5c44831af22365) I:\Windows\system32\drivers\rdpencdd.sys
2010/08/26 12:02:43.0795 RDPREFMP (216f3fa57533d98e1f74ded70113177a) I:\Windows\system32\drivers\rdprefmp.sys
2010/08/26 12:02:43.0827 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) I:\Windows\system32\drivers\RDPWD.sys
2010/08/26 12:02:43.0889 rdyboost (634b9a2181d98f15941236886164ec8b) I:\Windows\system32\drivers\rdyboost.sys
2010/08/26 12:02:44.0020 RFCOMM (3dd798846e2c28102b922c56e71b7932) I:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/26 12:02:44.0086 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) I:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2010/08/26 12:02:44.0184 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) I:\Windows\system32\Drivers\RootMdm.sys
2010/08/26 12:02:44.0332 rspndr (ddc86e4f8e7456261e637e3552e804ff) I:\Windows\system32\DRIVERS\rspndr.sys
2010/08/26 12:02:44.0407 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) I:\Windows\system32\DRIVERS\RTL8187Se.sys
2010/08/26 12:02:44.0502 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) I:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/26 12:02:44.0609 SASDIFSV (99df79c258b3342b6c8a5f802998de56) I:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/08/26 12:02:44.0649 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) I:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/08/26 12:02:44.0755 sbp2port (e3bbb89983daf5622c1d50cf49f28227) I:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/26 12:02:44.0823 SCDEmu (07237c66e05da6778e9f3cb67fa00736) I:\Windows\system32\drivers\SCDEmu.sys
2010/08/26 12:02:44.0921 scfilter (c94da20c7e3ba1dca269bc8460d98387) I:\Windows\system32\DRIVERS\scfilter.sys
2010/08/26 12:02:45.0095 secdrv (3ea8a16169c26afbeb544e0e48421186) I:\Windows\system32\drivers\secdrv.sys
2010/08/26 12:02:45.0166 Serenum (cb624c0035412af0debec78c41f5ca1b) I:\Windows\system32\DRIVERS\serenum.sys
2010/08/26 12:02:45.0260 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) I:\Windows\system32\DRIVERS\serial.sys
2010/08/26 12:02:45.0311 sermouse (1c545a7d0691cc4a027396535691c3e3) I:\Windows\system32\DRIVERS\sermouse.sys
2010/08/26 12:02:45.0455 sffdisk (a554811bcd09279536440c964ae35bbf) I:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/26 12:02:45.0499 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) I:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/26 12:02:45.0524 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) I:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/26 12:02:45.0559 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) I:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/26 12:02:45.0689 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) I:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/26 12:02:45.0734 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) I:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/26 12:02:45.0765 Smb (548260a7b8654e024dc30bf8a7c5baa4) I:\Windows\system32\DRIVERS\smb.sys
2010/08/26 12:02:45.0893 snapman (27ba49f89468fddae6c2b311c53bce3a) I:\Windows\system32\DRIVERS\snapman.sys
2010/08/26 12:02:46.0018 spldr (b9e31e5cacdfe584f34f730a677803f9) I:\Windows\system32\drivers\spldr.sys
2010/08/26 12:02:46.0124 sptd (602884696850c86434530790b110e8eb) I:\Windows\system32\Drivers\sptd.sys
2010/08/26 12:02:46.0124 Suspicious file (NoAccess): I:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/08/26 12:02:46.0148 sptd - detected Locked file (1)
2010/08/26 12:02:46.0277 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) I:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
2010/08/26 12:02:46.0326 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) I:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
2010/08/26 12:02:46.0431 srv (43067a65522eaec33d31a12d6fa8e3f4) I:\Windows\system32\DRIVERS\srv.sys
2010/08/26 12:02:46.0561 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) I:\Windows\system32\DRIVERS\srv2.sys
2010/08/26 12:02:46.0610 srvnet (fbd09635227a8026c0f7790f604343c6) I:\Windows\system32\DRIVERS\srvnet.sys
2010/08/26 12:02:46.0879 stexstor (f3817967ed533d08327dc73bc4d5542a) I:\Windows\system32\DRIVERS\stexstor.sys
2010/08/26 12:02:46.0939 storflt (ffd7a6f15b14234b5b0e5d49e7961895) I:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/26 12:02:46.0975 storvsc (8fccbefc5c440b3c23454656e551b09a) I:\Windows\system32\DRIVERS\storvsc.sys
2010/08/26 12:02:47.0052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) I:\Windows\system32\DRIVERS\swenum.sys
2010/08/26 12:02:47.0152 SymDS (659b227a72b76115975a6a9491b2fe1f) I:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
2010/08/26 12:02:47.0275 SymEFA (42c952d131eff724a9959bb6d78c1b63) I:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
2010/08/26 12:02:47.0381 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) I:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/08/26 12:02:47.0449 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) I:\Windows\system32\DRIVERS\SymIMv.sys
2010/08/26 12:02:47.0582 SymIRON (f57588546e738db1583981d8f44e9bc2) I:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
2010/08/26 12:02:47.0735 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) I:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
2010/08/26 12:02:47.0897 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) I:\Windows\system32\drivers\tcpip.sys
2010/08/26 12:02:47.0962 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) I:\Windows\system32\DRIVERS\tcpip.sys
2010/08/26 12:02:48.0078 tcpipreg (76d078af6f587b162d50210f761eb9ed) I:\Windows\system32\drivers\tcpipreg.sys
2010/08/26 12:02:48.0119 TDPIPE (3371d21011695b16333a3934340c4e7c) I:\Windows\system32\drivers\tdpipe.sys
2010/08/26 12:02:48.0191 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) I:\Windows\system32\DRIVERS\tdrpm258.sys
2010/08/26 12:02:48.0284 TDTCP (e4245bda3190a582d55ed09e137401a9) I:\Windows\system32\drivers\tdtcp.sys
2010/08/26 12:02:48.0411 tdx (079125c4b17b01fcaeebce0bcb290c0f) I:\Windows\system32\DRIVERS\tdx.sys
2010/08/26 12:02:48.0455 TermDD (c448651339196c0e869a355171875522) I:\Windows\system32\DRIVERS\termdd.sys
2010/08/26 12:02:48.0543 timounter (2c1caf5563548a15515eab07d2a069c6) I:\Windows\system32\DRIVERS\timntr.sys
2010/08/26 12:02:48.0649 tosporte (8021f63311797085949fa387f7c83583) I:\Windows\system32\DRIVERS\tosporte.sys
2010/08/26 12:02:48.0705 tosrfbd (3fa1857f4a99af19d1f4106697793e0e) I:\Windows\system32\DRIVERS\tosrfbd.sys
2010/08/26 12:02:48.0794 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) I:\Windows\system32\Drivers\tosrfbnp.sys
2010/08/26 12:02:48.0834 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) I:\Windows\system32\Drivers\tosrfcom.sys
2010/08/26 12:02:48.0875 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) I:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/08/26 12:02:48.0969 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) I:\Windows\system32\DRIVERS\tosrfnds.sys
2010/08/26 12:02:49.0021 TosRfSnd (2254bc85fa003686d6bc2f76e54a60ae) I:\Windows\system32\drivers\tosrfsnd.sys
2010/08/26 12:02:49.0116 Tosrfusb (6248b8ad1d0e9d7cdeba37b843c9bf33) I:\Windows\system32\DRIVERS\tosrfusb.sys
2010/08/26 12:02:49.0200 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) I:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/26 12:02:49.0293 tunnel (3836171a2cdf3af8ef10856db9835a70) I:\Windows\system32\DRIVERS\tunnel.sys
2010/08/26 12:02:49.0336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) I:\Windows\system32\DRIVERS\uagp35.sys
2010/08/26 12:02:49.0404 udfs (d47baead86c65d4f4069d7ce0a4edceb) I:\Windows\system32\DRIVERS\udfs.sys
2010/08/26 12:02:49.0507 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) I:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/26 12:02:49.0569 umbus (eab6c35e62b1b0db0d1b48b671d3a117) I:\Windows\system32\DRIVERS\umbus.sys
2010/08/26 12:02:49.0647 UmPass (b2e8e8cb557b156da5493bbddcc1474d) I:\Windows\system32\DRIVERS\umpass.sys
2010/08/26 12:02:49.0783 upperdev (bcd611d240604ceee7f90805361fab50) I:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2010/08/26 12:02:49.0819 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) I:\Windows\system32\Drivers\usbaapl64.sys
2010/08/26 12:02:49.0935 usbaudio (77b01bc848298223a95d4ec23e1785a1) I:\Windows\system32\drivers\usbaudio.sys
2010/08/26 12:02:50.0058 usbccgp (b26afb54a534d634523c4fb66765b026) I:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/26 12:02:50.0102 usbcir (af0892a803fdda7492f595368e3b68e7) I:\Windows\system32\DRIVERS\usbcir.sys
2010/08/26 12:02:50.0200 usbehci (df9f9afc9aaabd8ed47975d44e38169a) I:\Windows\system32\DRIVERS\usbehci.sys
2010/08/26 12:02:50.0274 usbhub (372a91bc3c6603080a793880b0873785) I:\Windows\system32\DRIVERS\usbhub.sys
2010/08/26 12:02:50.0351 usbohci (58e546bbaf87664fc57e0f6081e4f609) I:\Windows\system32\DRIVERS\usbohci.sys
2010/08/26 12:02:50.0406 usbprint (73188f58fb384e75c4063d29413cee3d) I:\Windows\system32\DRIVERS\usbprint.sys
2010/08/26 12:02:50.0510 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) I:\Windows\system32\DRIVERS\usbscan.sys
2010/08/26 12:02:50.0577 usbser (0f0c72a657c622286013788b886968ad) I:\Windows\system32\drivers\usbser.sys
2010/08/26 12:02:50.0671 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) I:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2010/08/26 12:02:50.0727 USBSTOR (080d3820da6c046be82fc8b45a893e83) I:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/26 12:02:50.0813 usbuhci (81fb2216d3a60d1284455d511797db3d) I:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/26 12:02:50.0882 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) I:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/26 12:02:50.0959 vga (da4da3f5e02943c2dc8c6ed875de68dd) I:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/26 12:02:50.0984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) I:\Windows\System32\drivers\vga.sys
2010/08/26 12:02:51.0027 vhdmp (c82e748660f62a242b2dfac1442f22a4) I:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/26 12:02:51.0061 viaide (e5689d93ffe4e5d66c0178761240dd54) I:\Windows\system32\DRIVERS\viaide.sys
2010/08/26 12:02:51.0144 vmbus (1501699d7eda984abc4155a7da5738d1) I:\Windows\system32\DRIVERS\vmbus.sys
2010/08/26 12:02:51.0189 VMBusHID (ae10c35761889e65a6f7176937c5592c) I:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/26 12:02:51.0231 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) I:\Windows\system32\DRIVERS\volmgr.sys
2010/08/26 12:02:51.0299 volmgrx (99b0cbb569ca79acaed8c91461d765fb) I:\Windows\system32\drivers\volmgrx.sys
2010/08/26 12:02:51.0347 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) I:\Windows\system32\DRIVERS\volsnap.sys
2010/08/26 12:02:51.0410 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) I:\Windows\system32\DRIVERS\vpchbus.sys
2010/08/26 12:02:51.0482 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) I:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/08/26 12:02:51.0557 vpcusb (31924e31bc315773e6d149b157db46d5) I:\Windows\system32\DRIVERS\vpcusb.sys
2010/08/26 12:02:51.0602 vpcvmm (c5b651e52540e6f46da66574c74b4898) I:\Windows\system32\drivers\vpcvmm.sys
2010/08/26 12:02:51.0682 vsmraid (5e2016ea6ebaca03c04feac5f330d997) I:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/26 12:02:51.0780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) I:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/26 12:02:51.0845 vwififlt (6a3d66263414ff0d6fa754c646612f3f) I:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/26 12:02:51.0916 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) I:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/26 12:02:52.0026 VX3000 (e13b31e0ada64cf1513d993f436ca39d) I:\Windows\system32\DRIVERS\VX3000.sys
2010/08/26 12:02:52.0175 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) I:\Windows\system32\DRIVERS\wacompen.sys
2010/08/26 12:02:52.0209 WANARP (47ca49400643effd3f1c9a27e1d69324) I:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 12:02:52.0252 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) I:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 12:02:52.0428 Wd (72889e16ff12ba0f235467d6091b17dc) I:\Windows\system32\DRIVERS\wd.sys
2010/08/26 12:02:52.0494 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) I:\Windows\system32\drivers\Wdf01000.sys
2010/08/26 12:02:52.0641 WfpLwf (611b23304bf067451a9fdee01fbdd725) I:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/26 12:02:52.0685 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) I:\Windows\system32\drivers\wimmount.sys
2010/08/26 12:02:52.0859 WinUsb (817eaff5d38674edd7713b9dfb8e9791) I:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/26 12:02:52.0984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) I:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/26 12:02:53.0067 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) I:\Windows\system32\drivers\ws2ifsl.sys
2010/08/26 12:02:53.0220 WudfPf (7cadc74271dd6461c452c271b30bd378) I:\Windows\system32\drivers\WudfPf.sys
2010/08/26 12:02:53.0282 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) I:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/26 12:02:53.0407 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) I:\Windows\system32\DRIVERS\yk62x64.sys
2010/08/26 12:02:53.0628 ================================================================================
2010/08/26 12:02:53.0628 Scan finished
2010/08/26 12:02:53.0628 ================================================================================
2010/08/26 12:02:53.0647 Detected object count: 1
2010/08/26 12:03:20.0369 sptd (602884696850c86434530790b110e8eb) I:\Windows\system32\Drivers\sptd.sys
2010/08/26 12:03:20.0369 Suspicious file (NoAccess): I:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/08/26 12:03:20.0375 I:\Windows\system32\Drivers\sptd.sys - quarantined
2010/08/26 12:03:20.0437 Locked file(sptd) - User select action: Quarantine
2010/08/26 12:03:42.0982 Deinitialize success


Attached Files


my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 10 September 2010 - 09:51 PM

Hello Eddie123,

What do you have on your C: drive and what is it used for?

I still see TeaTimer active. Please uninstall SpyBot S&D. You can reinstall it after we are through if you wish.

I see you have additional programs that are either registry cleaners or contain registry cleaner components. Please refer to my earlier post and refrain from using any registry cleaners.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Vuze). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA)
or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

The file TDSSKiller quarantined is a false positive. This sometimes happens with Daemon Tools. You can uninstall Daemon Tools then reinstall to restore the file or leave Daemon Tools uninstalled.


Step 1.

We need to check some files

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

I:\Windows\SysWow64\fs2cchk4.dll

Then do the same for each of the following:

I:\Windows\Runservice.exe
I:\Windows\SysNative\wbem\ntfs.mof

Please post back the results of the scans in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 2.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AsioReg] File not found
    O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - I:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
    O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - I:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
    @Alternate Data Stream - 150 bytes -> I:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 121 bytes -> I:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:A1D5C6AA
    @Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:CB0AACC9

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=-

    :commands
    [EmptyTemp]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
================================Follow up scan=================================

We need to create another OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    /md5start
    explorer.ex*
    wininit.ex*
    /md5stop

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
Step 3.

Re-Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter

    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply
Step 4.

Download "What's Running"

* Install, Run & Open the application
* Choose "Take Snapshot"
* Choose "Save Snapshot"
* Choose "Desktop" location to save
* Name File Name "WhatsRunning"
* Choose "Save"
* Close the program

* Please Upload the "WhatRunning.xml" snapshot we created from your desktop in your next reply

Step 6.

MBAM

If you do not have MBAM still installed please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 7.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
<<Note: If ESET finds nothing there will be no log produced


In your next reply please answer my question about the C:\ drive and include the following:

Jotti scan results
OTLFix report
OTL.txt <-- Will be opened
Extra.txt<--Will be minimized
MBRCheck output
WhatsRunning file <---Upload the file. Do not Attach
MBAM report
Eset report



Thanks!!
PW

#10 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 11 September 2010 - 11:33 AM

Hi.
Thanks for the reply. thumbup2.gif
I got most of the way through this and my broswer shut down.
So will have to perform these tests again.


To answer you question.
Drive C is mainly to store my iTunes music.
There is no operating system installed on C
This is a Dual boot PC. Windows XP Pro is installed on "G"

Spybot has now been uninstalled.
Thankyou for your advice on Vuse.


I:\Windows\SysWow64\fs2cchk4.dll found nothing
I:\Windows\Runservice.exe found nothing
I:\Windows\SysNative\wbem\ntfs.mof SysNative dosnt seem to exist huh.gif

This isnt my first OTL. I copied and pasted that to the first reply but my broswer got shut down so I re did it.


All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AsioReg not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
Unable to delete ADS I:\ProgramData\TEMP:D1B5B4F1 .
Unable to delete ADS I:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS I:\ProgramData\TEMP:A1D5C6AA .
Unable to delete ADS I:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS I:\ProgramData\TEMP:CB0AACC9 .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\EnableFirewall not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eddie
->Temp folder emptied: 66644 bytes
->Temporary Internet Files folder emptied: 530313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 11614497 bytes
->Flash cache emptied: 343 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4202075 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09112010_123255

Files\Folders moved on Reboot...
I:\Users\Eddie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 9/11/2010 4:34:59 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = I:\Users\Eddie\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 186.31 Gb Total Space | 76.92 Gb Free Space | 41.29% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 330.12 Gb Total Space | 284.81 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
Drive G: | 127.99 Gb Total Space | 79.17 Gb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive H: | 104.89 Gb Total Space | 53.53 Gb Free Space | 51.03% Space Free | Partition Type: NTFS
Drive I: | 401.36 Gb Total Space | 241.23 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
Drive K: | 152.66 Gb Total Space | 42.45 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive M: | 200.03 Gb Total Space | 195.93 Gb Free Space | 97.95% Space Free | Partition Type: NTFS

Computer Name: EDDIE-PC
Current User Name: Eddie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
PRC - [2010/09/03 01:58:56 | 000,975,928 | ---- | M] (Google Inc.) -- I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/31 12:58:23 | 000,002,560 | ---- | M] () -- I:\Windows\Runservice.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/04 23:14:16 | 000,095,232 | ---- | M] () -- I:\Program Files (x86)\SkyTicker\SkyTicker.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 01:47:48 | 001,531,904 | ---- | M] (Nokia) -- I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/03/29 00:49:15 | 002,480,048 | ---- | M] (Acronis) -- I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/17 16:41:00 | 000,673,096 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/03/16 19:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/02/24 16:54:00 | 002,721,120 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/11/09 04:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/31 03:49:40 | 000,361,568 | ---- | M] (Acronis) -- I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/10/31 03:48:52 | 005,106,808 | ---- | M] (Acronis) -- I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/06/30 22:24:46 | 000,762,224 | ---- | M] (Microsoft Corporation) -- I:\Windows\vVX3000.exe
PRC - [2009/04/14 15:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- I:\Windows\SOUNDMAN.EXE
PRC - [2009/04/03 18:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2009/02/14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/07/24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/04/09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- I:\Windows\SysWOW64\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- I:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- I:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/02 17:44:30 | 000,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- I:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2010/04/10 17:25:46 | 000,342,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- I:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/25 12:40:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/26 15:09:16 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- I:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/01/26 15:09:14 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- I:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/17 17:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- I:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- I:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/14 02:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV:64bit: - [2007/03/11 14:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- I:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2010/09/07 01:18:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/31 12:58:23 | 000,002,560 | ---- | M] () [Auto | Running] -- I:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- I:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/12 10:45:36 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/29 00:49:15 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/26 03:17:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/26 02:55:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/01/04 15:08:46 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- I:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/12/11 14:32:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/31 03:50:50 | 000,894,080 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/02/14 17:29:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- I:\Windows\SysNative\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\618F.tmp -- (MEMSWEEP2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX)
DRV:64bit: - [2010/05/06 05:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/06 05:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 06:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 04:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 03:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 03:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/08 12:47:44 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/04/07 10:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/29 00:49:17 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- I:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/03/29 00:49:14 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/03/29 00:49:09 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/03/29 00:49:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/03/23 17:39:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/07 21:15:45 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/02/26 01:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/02 19:33:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- I:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/15 04:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/28 21:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- I:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 22:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/19 11:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 10:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/19 03:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009/06/17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- I:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/10 18:20:40 | 000,040,448 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\bthav.sys -- (bthav)
DRV:64bit: - [2008/01/19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007/04/12 09:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/04/10 07:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/04/10 05:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007/04/10 05:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007/04/10 05:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007/04/10 05:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/04/10 05:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/04/10 05:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/04/10 05:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/04/10 05:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/04/10 05:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 05:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 05:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 05:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 05:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 05:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/04/10 05:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 05:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/04/10 05:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/04/10 05:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2006/08/29 15:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\prodigy.sys -- (PRODIGY)
DRV:64bit: - [2005/07/26 08:07:48 | 000,599,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\nvapu64.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV:64bit: - [2005/07/26 08:07:40 | 000,090,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\SysNative\drivers\nvax64.sys -- (nvax) Service for NVIDIA® nForce™
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/08/10 02:11:04 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/07/14 14:10:21 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100910.041\EX64.SYS -- (NAVEX15)
DRV - [2010/07/14 14:10:20 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100910.041\ENG64.SYS -- (NAVENG)
DRV - [2010/05/28 20:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100908.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 04:23:56 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 04:23:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- I:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/03/20 12:26:27 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- I:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- I:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/06/01 11:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/03/07 21:15:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: I:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/12 00:33:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: I:\Program Files (x86)\Mozilla Firefox\components [2010/08/17 23:36:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: I:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/27 18:57:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: I:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/12 00:33:23 | 000,000,000 | ---D | M]

[2010/08/17 23:38:12 | 000,000,000 | ---D | M] -- I:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2010/08/17 23:38:12 | 000,000,000 | ---D | M] -- I:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\duar4z01.default\extensions
[2010/08/17 23:36:42 | 000,000,000 | ---D | M] -- I:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/27 19:45:29 | 000,000,824 | ---- | M]) - I:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] I:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4:64bit: - HKLM..\Run: [SoundMan] I:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX3000] I:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] I:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] I:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] I:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AsioThk32Reg] I:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] I:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] I:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] I:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NokiaMServer] I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PWRISOVM.EXE] I:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [nHancer] I:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKCU..\Run: [Steam] I:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: I:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyTicker.lnk = I:\Program Files (x86)\SkyTicker\SkyTicker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @I:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @I:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @I:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @I:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - I:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...0416.7021296296 (Update Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - I:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - I:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/24 23:45:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 10:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/08/27 19:45:29 | 000,000,000 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bddc9c4e-df71-11de-86f7-00e098fdb45f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 12:30:58 | 000,000,000 | ---D | C] -- I:\Users\Eddie\Desktop\bleeping computers
[2010/09/11 11:23:57 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WhatsRunning
[2010/09/11 11:23:42 | 001,156,877 | ---- | C] (WhatsRunning.net ) -- I:\Users\Eddie\Desktop\WhatsRunning2_2_Setup.exe
[2010/09/11 10:39:36 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/09/11 09:42:49 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Windows Live Safety Center
[2010/09/11 02:17:13 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2010/09/11 02:12:49 | 000,000,000 | ---D | C] -- I:\122cac839e817c2439e1b0
[2010/09/10 21:46:12 | 128,203,752 | ---- | C] (NVIDIA Corporation) -- I:\Users\Eddie\Desktop\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010/09/10 21:29:47 | 000,000,000 | ---D | C] -- I:\Program Files\NVIDIA Corporation
[2010/09/10 20:38:06 | 000,000,000 | ---D | C] -- I:\8ffe83486531eb3045a332bf9e1619f3
[2010/09/09 00:33:07 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Fix it Center
[2010/09/09 00:33:07 | 000,000,000 | ---D | C] -- I:\Windows\MATS
[2010/09/09 00:05:51 | 000,000,000 | ---D | C] -- I:\MGADiagToolOutput
[2010/09/09 00:05:15 | 000,000,000 | ---D | C] -- I:\ProgramData\Office Genuine Advantage
[2010/09/09 00:04:46 | 002,031,992 | ---- | C] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\MGADiag.exe
[2010/09/08 23:19:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
[2010/09/08 02:11:59 | 000,447,792 | ---- | C] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\FixitCenter_Run.exe
[2010/09/07 10:16:54 | 000,000,000 | ---D | C] -- I:\d6fb42867908c61b325ed1151e325d
[2010/09/07 09:35:43 | 000,018,816 | ---- | C] (Sophos Plc) -- I:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/09/07 03:17:14 | 000,000,000 | ---D | C] -- I:\394f6ee7909ac5329f51
[2010/09/06 23:26:01 | 000,000,000 | ---D | C] -- I:\7fdf1eca57fff0464beb5801a7b23005
[2010/09/06 23:06:12 | 000,000,000 | ---D | C] -- I:\dc6bc477495eb64319f8d09698
[2010/09/06 22:58:11 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- I:\Users\Eddie\Desktop\RegCureSetup_CB.exe
[2010/09/06 22:02:48 | 000,000,000 | ---D | C] -- I:\9d053d0e50d805ef484a69a3d086
[2010/09/06 22:01:28 | 000,159,144 | ---- | C] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\WindowsActivationUpdate.exe
[2010/09/02 16:04:54 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\ESET
[2010/08/29 12:59:28 | 000,000,000 | -HSD | C] -- I:\Windows\SysWow64\%APPDATA%
[2010/08/27 22:08:23 | 000,000,000 | ---D | C] -- I:\ProgramData\Yahoo! Companion
[2010/08/27 19:45:12 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Enigma Software Group
[2010/08/27 00:51:10 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WindowsUpdate
[2010/08/27 00:24:08 | 000,000,000 | ---D | C] -- I:\Windows\Sun
[2010/08/26 12:03:20 | 000,000,000 | ---D | C] -- I:\TDSSKiller_Quarantine
[2010/08/26 11:33:44 | 000,000,000 | ---D | C] -- I:\ProgramData\PCPitstopDat
[2010/08/26 11:27:26 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\PCPitstop
[2010/08/26 11:06:54 | 000,000,000 | ---D | C] -- I:\ProgramData\PCPitstop
[2010/08/19 23:33:49 | 000,000,000 | ---D | C] -- I:\Users\Eddie\DoctorWeb
[2010/08/18 23:27:23 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Fiddler2
[2010/08/17 23:37:22 | 000,000,000 | ---D | C] -- I:\Users\Eddie\AppData\Roaming\Mozilla
[2010/08/17 23:37:22 | 000,000,000 | ---D | C] -- I:\Users\Eddie\AppData\Local\Mozilla
[2010/08/17 23:36:34 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Mozilla Firefox
[2010/08/17 21:10:59 | 000,000,000 | ---D | C] -- I:\Windows\SysNative\%LocalAppData%
[2010/08/17 20:17:29 | 000,000,000 | -HSD | C] -- I:\Users\Eddie\%APPDATA%
[2010/08/16 22:59:30 | 000,000,000 | -H-D | C] -- I:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/16 22:58:04 | 128,750,008 | ---- | C] (Lavasoft ) -- I:\Users\Eddie\Desktop\Ad-AwareInstall.exe
[2010/08/16 22:50:55 | 000,000,000 | ---D | C] -- I:\ProgramData\!SASCORE
[2010/08/16 22:50:54 | 000,000,000 | ---D | C] -- I:\Program Files\SUPERAntiSpyware
[2010/08/16 22:45:07 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spyware Doctor
[2010/08/16 22:45:07 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\PC Tools
[2010/08/16 22:39:01 | 000,000,000 | ---D | C] -- I:\ProgramData\Spybot - Search & Destroy
[2010/08/16 22:39:01 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/16 22:37:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 17:00:47 | 000,000,000 | ---D | C] -- I:\Users\Eddie\Desktop\New folder (2)
[2010/08/15 22:43:38 | 003,429,232 | ---- | C] ( ) -- I:\Users\Eddie\Desktop\BinverseSetup_1.20.exe
[2010/08/15 01:24:16 | 066,023,424 | ---- | C] (Phoenix Simulation Software) -- I:\Users\Eddie\Desktop\PSS-B777.gau
[2010/08/14 10:38:53 | 000,000,000 | ---D | C] -- I:\Users\Eddie\Desktop\Resource
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- I:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/09/11 16:39:33 | 006,291,456 | ---- | M] () -- I:\Users\Eddie\ntuser.dat
[2010/09/11 16:36:00 | 000,000,906 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001UA.job
[2010/09/11 15:57:00 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 14:45:07 | 000,000,890 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 13:45:38 | 000,017,440 | -H-- | M] () -- I:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 13:45:38 | 000,017,440 | -H-- | M] () -- I:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 13:40:52 | 000,852,052 | ---- | M] () -- I:\Windows\SysNative\PerfStringBackup.INI
[2010/09/11 13:40:52 | 000,720,390 | ---- | M] () -- I:\Windows\SysNative\perfh009.dat
[2010/09/11 13:40:52 | 000,143,272 | ---- | M] () -- I:\Windows\SysNative\perfc009.dat
[2010/09/11 13:36:22 | 000,001,377 | -HS- | M] () -- I:\Windows\SysWow64\mmf.sys
[2010/09/11 13:35:38 | 000,000,006 | -H-- | M] () -- I:\Windows\tasks\SA.DAT
[2010/09/11 13:35:25 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2010/09/11 13:35:12 | 3220,037,632 | -HS- | M] () -- I:\hiberfil.sys
[2010/09/11 12:33:26 | 004,281,681 | -H-- | M] () -- I:\Users\Eddie\AppData\Local\IconCache.db
[2010/09/11 12:23:05 | 002,672,312 | ---- | M] () -- I:\Users\Eddie\Desktop\esetsmartinstaller_enu (1).exe
[2010/09/11 12:15:40 | 000,000,512 | ---- | M] () -- I:\Users\Eddie\Desktop\dumpmbr
[2010/09/11 11:52:43 | 000,001,003 | ---- | M] () -- I:\Users\Eddie\Desktop\What's Running.lnk
[2010/09/11 11:40:30 | 000,080,384 | ---- | M] () -- I:\Users\Eddie\Desktop\MBRCheck (1).exe
[2010/09/11 11:23:37 | 001,156,877 | ---- | M] (WhatsRunning.net ) -- I:\Users\Eddie\Desktop\WhatsRunning2_2_Setup.exe
[2010/09/10 22:26:53 | 000,284,915 | ---- | M] () -- I:\Users\Eddie\Desktop\gmer.zip
[2010/09/10 21:46:25 | 128,203,752 | ---- | M] (NVIDIA Corporation) -- I:\Users\Eddie\Desktop\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010/09/10 20:47:42 | 000,000,854 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001Core.job
[2010/09/10 10:12:47 | 000,689,664 | ---- | M] () -- I:\Users\Eddie\Desktop\MicrosoftFixit50202.msi
[2010/09/10 09:48:10 | 000,015,360 | ---- | M] () -- I:\Windows\SysNative\umstartup.etl
[2010/09/09 00:33:08 | 000,000,951 | ---- | M] () -- I:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/09/09 00:04:43 | 002,031,992 | ---- | M] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\MGADiag.exe
[2010/09/08 23:47:56 | 000,004,705 | ---- | M] () -- I:\Users\Eddie\Desktop\mbr.zip.zip
[2010/09/08 23:37:30 | 000,077,312 | ---- | M] () -- I:\Windows\mbr (2).exe
[2010/09/08 23:37:30 | 000,077,312 | ---- | M] () -- I:\Users\Eddie\Desktop\mbr (2).exe
[2010/09/08 23:33:19 | 000,134,454 | ---- | M] () -- I:\Users\Eddie\Desktop\desktop.jpg
[2010/09/08 23:19:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Users\Eddie\Desktop\OTL.exe
[2010/09/08 02:11:47 | 000,447,792 | ---- | M] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\FixitCenter_Run.exe
[2010/09/07 01:06:54 | 000,147,456 | ---- | M] () -- I:\Users\Eddie\Desktop\catchme (1).exe
[2010/09/06 23:06:10 | 001,414,933 | ---- | M] () -- I:\Users\Eddie\Desktop\Windows6.1-KB971033-x64.MSU
[2010/09/06 22:58:16 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- I:\Users\Eddie\Desktop\RegCureSetup_CB.exe
[2010/09/06 22:01:19 | 000,159,144 | ---- | M] (Microsoft Corporation) -- I:\Users\Eddie\Desktop\WindowsActivationUpdate.exe
[2010/09/04 07:49:59 | 000,001,981 | ---- | M] () -- I:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/01 23:28:20 | 004,958,588 | ---- | M] () -- I:\Windows\{00000001-00000000-00000006-00001102-00000004-20021102}.CDF
[2010/08/29 12:34:20 | 000,012,288 | ---- | M] () -- I:\Windows\SysNative\umstartup000.etl
[2010/08/28 13:59:18 | 000,000,020 | ---- | M] () -- I:\Users\Eddie\defogger_reenable
[2010/08/27 22:08:02 | 000,001,027 | ---- | M] () -- I:\Users\Eddie\Desktop\CCleaner.lnk
[2010/08/27 19:45:29 | 000,000,000 | ---- | M] () -- I:\autoexec.bat
[2010/08/27 18:57:51 | 000,001,865 | ---- | M] () -- I:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/27 01:23:41 | 000,001,908 | ---- | M] () -- I:\Windows\diagwrn.xml
[2010/08/27 01:23:41 | 000,001,908 | ---- | M] () -- I:\Windows\diagerr.xml
[2010/08/27 01:22:22 | 000,004,672 | ---- | M] () -- I:\Users\Eddie\Desktop\Windows Compatibility Report.htm
[2010/08/25 22:48:01 | 000,000,127 | ---- | M] () -- I:\Users\Eddie\Desktop\Perform a clean startup to determine whether background programs are interfering with your game or program.url
[2010/08/19 22:24:58 | 000,007,618 | ---- | M] () -- I:\Users\Eddie\AppData\Local\Resmon.ResmonCfg
[2010/08/19 16:49:04 | 000,000,460 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100819_164853.reg
[2010/08/17 23:36:55 | 000,001,983 | ---- | M] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/17 23:36:54 | 000,001,959 | ---- | M] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 22:58:31 | 128,750,008 | ---- | M] (Lavasoft ) -- I:\Users\Eddie\Desktop\Ad-AwareInstall.exe
[2010/08/16 22:37:07 | 000,001,029 | ---- | M] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 20:50:04 | 000,001,764 | ---- | M] () -- I:\Users\Eddie\Documents\cc_20100816_204959.reg
[2010/08/16 20:18:57 | 002,101,817 | ---- | M] () -- I:\Users\Eddie\Desktop\ICRTool.exe
[2010/08/16 20:17:08 | 000,000,136 | ---- | M] () -- I:\Users\Eddie\Desktop\winsockfix.bat
[2010/08/15 22:43:48 | 003,429,232 | ---- | M] ( ) -- I:\Users\Eddie\Desktop\BinverseSetup_1.20.exe
[2010/08/15 18:59:29 | 001,187,419 | ---- | M] () -- I:\Users\Eddie\Desktop\texture.baZC.zip
[2010/08/14 10:38:00 | 002,845,757 | ---- | M] () -- I:\Users\Eddie\Desktop\installer_resource_hacker_3_4_0_79_English.exe
[2010/08/14 01:26:42 | 000,034,240 | ---- | M] () -- I:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,034,240 | ---- | M] () -- I:\Windows\SysNative\BMXState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,030,528 | ---- | M] () -- I:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,030,528 | ---- | M] () -- I:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx
[2010/08/14 01:26:42 | 000,011,564 | ---- | M] () -- I:\Windows\SysNative\DVCState-{00000001-00000000-00000006-00001102-00000004-20021102}.rfx

========== Files Created - No Company Name ==========

[2010/09/11 12:26:21 | 002,672,312 | ---- | C] () -- I:\Users\Eddie\Desktop\esetsmartinstaller_enu (1).exe
[2010/09/11 12:15:40 | 000,000,512 | ---- | C] () -- I:\Users\Eddie\Desktop\dumpmbr
[2010/09/11 11:40:37 | 000,080,384 | ---- | C] () -- I:\Users\Eddie\Desktop\MBRCheck (1).exe
[2010/09/11 11:23:57 | 000,001,003 | ---- | C] () -- I:\Users\Eddie\Desktop\What's Running.lnk
[2010/09/10 22:26:51 | 000,284,915 | ---- | C] () -- I:\Users\Eddie\Desktop\gmer.zip
[2010/09/10 10:12:56 | 000,689,664 | ---- | C] () -- I:\Users\Eddie\Desktop\MicrosoftFixit50202.msi
[2010/09/09 00:33:08 | 000,000,951 | ---- | C] () -- I:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/09/08 23:55:48 | 000,077,312 | ---- | C] () -- I:\Users\Eddie\Desktop\mbr (2).exe
[2010/09/08 23:47:36 | 000,004,705 | ---- | C] () -- I:\Users\Eddie\Desktop\mbr.zip.zip
[2010/09/08 23:37:39 | 000,077,312 | ---- | C] () -- I:\Windows\mbr (2).exe
[2010/09/08 23:08:19 | 000,134,454 | ---- | C] () -- I:\Users\Eddie\Desktop\desktop.jpg
[2010/09/07 01:07:13 | 000,147,456 | ---- | C] () -- I:\Users\Eddie\Desktop\catchme (1).exe
[2010/09/06 22:10:42 | 001,414,933 | ---- | C] () -- I:\Users\Eddie\Desktop\Windows6.1-KB971033-x64.MSU
[2010/08/28 13:59:18 | 000,000,020 | ---- | C] () -- I:\Users\Eddie\defogger_reenable
[2010/08/27 19:45:29 | 000,000,000 | ---- | C] () -- I:\autoexec.bat
[2010/08/27 18:57:50 | 000,001,865 | ---- | C] () -- I:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/27 01:22:23 | 000,004,672 | ---- | C] () -- I:\Users\Eddie\Desktop\Windows Compatibility Report.htm
[2010/08/25 22:48:01 | 000,000,127 | ---- | C] () -- I:\Users\Eddie\Desktop\Perform a clean startup to determine whether background programs are interfering with your game or program.url
[2010/08/19 16:48:58 | 000,000,460 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100819_164853.reg
[2010/08/17 23:36:54 | 000,001,983 | ---- | C] () -- I:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/17 23:36:54 | 000,001,959 | ---- | C] () -- I:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/16 22:50:55 | 000,001,981 | ---- | C] () -- I:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/16 22:37:07 | 000,001,029 | ---- | C] () -- I:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 20:50:02 | 000,001,764 | ---- | C] () -- I:\Users\Eddie\Documents\cc_20100816_204959.reg
[2010/08/16 20:18:43 | 002,101,817 | ---- | C] () -- I:\Users\Eddie\Desktop\ICRTool.exe
[2010/08/16 20:17:08 | 000,000,136 | ---- | C] () -- I:\Users\Eddie\Desktop\winsockfix.bat
[2010/08/15 18:59:16 | 001,187,419 | ---- | C] () -- I:\Users\Eddie\Desktop\texture.baZC.zip
[2010/08/14 10:37:57 | 002,845,757 | ---- | C] () -- I:\Users\Eddie\Desktop\installer_resource_hacker_3_4_0_79_English.exe
[2010/08/08 21:41:21 | 000,003,584 | ---- | C] () -- I:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 12:58:26 | 000,001,377 | -HS- | C] () -- I:\Windows\SysWow64\mmf.sys
[2010/07/31 12:58:23 | 000,048,640 | ---- | C] () -- I:\Windows\mmfs.dll
[2010/07/08 17:32:08 | 000,184,320 | ---- | C] () -- I:\Windows\SysWow64\dbcmdb32.dll
[2010/07/08 17:32:08 | 000,141,824 | ---- | C] () -- I:\Windows\SysWow64\dbcjpg32.dll
[2010/07/08 17:32:08 | 000,135,168 | ---- | C] () -- I:\Windows\SysWow64\DBCMEM32.DLL
[2010/07/08 17:32:08 | 000,073,728 | ---- | C] () -- I:\Windows\SysWow64\dbcgeo32.dll
[2010/07/08 17:32:07 | 000,204,800 | ---- | C] () -- I:\Windows\SysWow64\DBCDBF32.DLL
[2010/07/02 19:06:34 | 000,861,662 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 18:59:18 | 000,000,000 | ---- | C] () -- I:\ProgramData\LauncherAccess.dt
[2010/07/02 11:04:35 | 000,005,632 | ---- | C] () -- I:\Windows\SysWow64\drivers\StarOpen.sys
[2010/06/19 23:55:54 | 000,154,144 | ---- | C] () -- I:\Windows\SysWow64\RTLCPAPI.dll
[2010/03/12 00:27:50 | 000,000,072 | ---- | C] () -- I:\Windows\SysWow64\epDPE.ini
[2010/03/12 00:27:17 | 000,000,022 | ---- | C] () -- I:\Windows\SysWow64\PICSDK.ini
[2010/03/12 00:26:21 | 000,000,025 | ---- | C] () -- I:\Windows\CDE P242580EF.ini
[2010/03/05 14:00:27 | 000,002,950 | ---- | C] () -- I:\Windows\uninstall_NewSpanishAirports.ini
[2010/01/30 11:26:43 | 000,000,303 | ---- | C] () -- I:\Windows\RFP.ini
[2010/01/30 10:18:30 | 000,000,060 | ---- | C] () -- I:\Windows\Vmax_742.ini
[2010/01/20 12:03:16 | 000,000,036 | ---- | C] () -- I:\Users\Eddie\AppData\Local\housecall.guid.cache
[2010/01/14 01:23:15 | 000,000,194 | ---- | C] () -- I:\ProgramData\DriverTool.log
[2010/01/14 00:46:07 | 000,162,304 | ---- | C] () -- I:\Windows\SysWow64\ztvunrar36.dll
[2010/01/14 00:46:07 | 000,153,088 | ---- | C] () -- I:\Windows\SysWow64\UNRAR3.dll
[2010/01/14 00:46:07 | 000,077,312 | ---- | C] () -- I:\Windows\SysWow64\ztvunace26.dll
[2010/01/14 00:46:07 | 000,075,264 | ---- | C] () -- I:\Windows\SysWow64\unacev2.dll
[2010/01/10 13:51:49 | 000,003,072 | ---- | C] () -- I:\Windows\SysWow64\flt1chk3.dll
[2010/01/10 13:28:31 | 000,061,965 | ---- | C] () -- I:\Windows\uninstall_Wonderful Madeira.ini
[2010/01/10 13:25:15 | 000,000,708 | ---- | C] () -- I:\Windows\uninstall_Menorca.ini
[2009/12/11 15:27:09 | 000,007,618 | ---- | C] () -- I:\Users\Eddie\AppData\Local\Resmon.ResmonCfg
[2009/12/08 21:05:41 | 000,327,168 | ---- | C] () -- I:\Windows\SysWow64\cutil32.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 18:24:18 | 000,015,498 | ---- | C] () -- I:\Windows\VX3000.ini
[2009/06/23 13:29:48 | 000,000,054 | ---- | C] () -- I:\Windows\SysWow64\ctzapxx.ini
[2008/01/24 02:49:14 | 000,098,304 | ---- | C] () -- I:\Windows\SysWow64\fs2cchk4.dll
[2008/01/16 01:15:58 | 000,053,248 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- I:\Windows\SysWow64\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- I:\Windows\SysWow64\instwdm.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- I:\Windows\SysWow64\CTBurst.dll
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- I:\Windows\SysWow64\kill.ini
[2006/06/29 16:24:43 | 000,318,014 | ---- | C] () -- I:\Windows\SysWow64\flt1chk4.dll
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- I:\Windows\SysWow64\ctmmactl.dll
[2005/01/15 00:51:21 | 000,000,151 | ---- | C] () -- I:\Windows\swfl5.ini
[2004/07/11 20:41:52 | 000,094,208 | ---- | C] () -- I:\Windows\SysWow64\vbpng.dll

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 03:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- I:\Windows\en-US\explorer.exe.mui
[2009/07/14 03:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- I:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- I:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WININIT.EXE.MUI >
[2009/07/14 03:05:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0CA1666E3535B8045352649498A8E1A6 -- I:\Windows\SysWOW64\en-US\wininit.exe.mui
[2009/07/14 03:05:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0CA1666E3535B8045352649498A8E1A6 -- I:\Windows\SysWOW64\en-US\wininit.exe.mui
[2009/07/14 03:05:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0CA1666E3535B8045352649498A8E1A6 -- I:\Windows\winsxs\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_453be6e96bdadb18\wininit.exe.mui
[2009/07/14 03:25:36 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=52445E61DF6C069AC858A0D9F81A97A2 -- I:\Windows\winsxs\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a15a826d24384c4e\wininit.exe.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 845 bytes -> I:\Users\Eddie\Desktop\Ticket Confirmation.eml:OECustomProperty
< End of report >

Cant find the EXTRA.TXT file

Upload failed. You are not permitted to upload this type of file MBRCHECK huh.gif

Upload failed. The file was larger than the available space Whats running


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4591

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/09/2010 12:30:43
mbam-log-2010-09-11 (12-30-43).txt

Scan type: Quick scan
Objects scanned: 170960
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Eset online scanner

I:\Users\Eddie\DoctorWeb\Quarantine\000005A5 multiple threats deleted - quarantined
I:\Users\Eddie\DoctorWeb\Quarantine\000005BD multiple threats deleted - quarantined
K:\My Shared Folder\multiple threats deleted - quarantined
K:\My Shared Folder\probably a variant of Win32/Agent.FZOQGJC trojan deleted - quarantined
K:\My Shared Folder\Comp progs\multiple threats deleted - quarantined
K:\My Shared Folder\Comp progs\multiple threats deleted - quarantined
K:\My Shared Folder\probably a variant of Win32/Delf.FQABISN trojan deleted - quarantined
K:\My Shared Folder\probably a variant of Win32/Delf.FQABISN trojan deleted - quarantined



Edited by Eddie123, 12 September 2010 - 06:40 AM.

my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 13 September 2010 - 01:00 PM

Hello Eddie123,

Step 1.

Send me a copy of the Mbr dump for analysis

1. Please go to here.
2. Where it asks for the Link to topic where this file was requested: copy and paste in
CODE
http://www.bleepingcomputer.com/forums/topic343506.html#entry1927024

3. Where it says "Browse to the file you want to submit", browse to
CODE
I:\Users\Eddie\Desktop\dumpmbr

4. Press the Send File button.

Step 2.

Since WhatsRunning is too large for upload follow these instructions.

You have a number of programs that run at startup. Most programs are not required to run at startup as they can be accessed through Start | All Programs or a desktop icon.

To see these entries please open What's Running. Click on the Startup tab. A list of all programs running at startup will be listed.

Please check all the startup programs listed to determine if they are needed. You can use the following two links to determine if the programs that you have running at startup are either needed, not needed or can be stopped at User's choice. You can check or uncheck items to stop or start them.
Bleeping Computer Startup List
SystemLookup

If you would rather have me check them then do the following.

Please download HjT to your desktop

http://www.trendmicro.com/ftp/products/hij.../HiJackThis.msi
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
    • Click on Open the Misc Tools Section.
    • Then press Generate StartupList log, making sure that both boxes next to it are checked.
    • Select Yes at the prompt.
    • A Notepad file will open, and will automatically be saved in your HijackThis folder.
    • Paste this log in your next reply.
    • More information with a screenshot, can be found here.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 3.

Norton Internet Security takes a lot of resources to run. You might consider using an antivirus program that has a smaller footprint along with a stand alone antimalware program such as the licensed version of MBAM along with the native Windows 7 Firewall. The Windows 7 Firewall provides both inbound and outbound protection.

Some free Antivirus solutions are Avira Antivir and Avast. You could also reinstall Microsoft Security Essentials. Remember to only have one antivirus installed at a time.

You also have a number of antimalware programs installed. I suggest you keep MBAM and one other of your choice. Again, keep in mind the resources each program requires.

You have a number of programs installed that take a lot of resources and require a lot of CPU cycles to run. You might want to look closely at which programs are installed and determine which of those are actually needed.

Step 4.

I would like to see another ESET scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note: If ESET finds nothing there will be no log produced

In your next reply please advise which steps you have taken and include the ESET report if any.

How is your computer running?


Thanks!!
PW

#12 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 14 September 2010 - 10:03 AM

Hi mate.
Thanks for your reply.
These are the problems I`m still having on my PC.

1. Start up When powering on I get to the welcome page. Then screen goes black with movable curser for 2 min`s then PC boots to desktop.
2. Shutdown PC refuses to shut down. It will log off, go to shutting down and hang for hours.
3. Windows updates not working I have no errors. I go to control panel and press Windows update. I hear the "click" sound that explorer does, but the page just freezes. On accasion the upodate page has loaded, but hung on 0% downloading.
4. Internet Icon on taskbar by the clock still has asterix through it. Stuck on Identifying, butI can still surf the internet
5. Internet browsing. Internet Explorer.......blank page opens when opening internet exoplorer and hangs.
Google Chrome. Does work, but has a "resolving host" message on bottomleft of browser and takes a while to load.



I have submitted MBRDUMP files to the link you have provided. Hope I`ve done it correctly.
There was something on the page to say some maintainance is being done.


Hyjack this start up list




StartupList report, 14/09/2010, 17:57:31
StartupList version: 1.52.2
Started from : I:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.EXE
Detected: Unknown Windows (WinNT 6.01.3504)
Detected: Internet Explorer v8.00 (8.00.7600.16385)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
I:\Windows\vVX3000.exe
I:\Windows\SOUNDMAN.EXE
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
I:\Windows\SysWOW64\CtHelper.exe
I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
I:\Program Files (x86)\SkyTicker\SkyTicker.exe
I:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\Program Files (x86)\iTunes\iTunesHelper.exe
I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
I:\Users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe
I:\Program Files (x86)\WhatsRunning\WhatsRunning.exe
I:\Windows\syswow64\MsiExec.exe
I:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[I:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
SkyTicker.lnk = I:\Program Files (x86)\SkyTicker\SkyTicker.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
Bluetooth Manager.lnk = ?
Bluetooth.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = I:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LifeCam = "I:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
QuickTime Task = "I:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
nmctxth = "I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
amd_dc_opt = I:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
NokiaMServer = I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
CTHelper = CTHELPER.EXE
CTxfiHlp = CTXFIHLP.EXE
TrueImageMonitor.exe = I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
Adobe Reader Speed Launcher = "I:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched = "I:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
iTunesHelper = "I:\Program Files (x86)\iTunes\iTunesHelper.exe"
PWRISOVM.EXE = I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
GrooveMonitor = "I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
AdobeCS4ServiceManager = "I:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

nHancer = "I:\Program Files\nHancer\nHancer.exe" /tray
Steam = "I:\Program Files (x86)\Steam\Steam.exe" -silent

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = I:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = "I:\Windows\SysWOW64\rundll32.exe" "I:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = I:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = I:\Windows\SysWOW64\Rundll32.exe I:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from I:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from I:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

I:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
I:\Windows\Explorer\Explorer.exe: not present
I:\Windows\System\Explorer.exe: not present
I:\Windows\System32\Explorer.exe: not present
I:\Windows\Command\Explorer.exe: not present
I:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in I:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - I:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Symantec NCO BHO - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
Symantec Intrusion Prevention - I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Search Helper - I:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - I:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - I:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - I:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001Core.job
GoogleUpdateTaskUserS-1-5-21-2527311835-514280460-1218292114-1001UA.job

--------------------------------------------------

Enumerating Download Program Files:

[PCPitstop Utility]
InProcServer32 = I:\Windows\Downloaded Program Files\PCPitStop.dll
CODEBASE = http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

[Shockwave ActiveX Control]
InProcServer32 = I:\Windows\SysWow64\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = I:\Windows\SysWow64\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/E/5...heckControl.cab

[System Requirements Lab Class]
InProcServer32 = I:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
CODEBASE = http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
OSD = I:\Windows\Downloaded Program Files\sysreqlab.osd

[Symantec AntiVirus scanner]
InProcServer32 = I:\Windows\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

[Windows Live Safety Center Base Module]
InProcServer32 = I:\Windows\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab

[Symantec RuFSI Utility Class]
InProcServer32 = I:\Windows\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[NVIDIA Smart Scan]
InProcServer32 = I:\Windows\DOWNLO~1\NVIDIA~1.OCX
CODEBASE = http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

[Java Plug-in 1.6.0_21]
InProcServer32 = I:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Update Class]
InProcServer32 = I:\Windows\SysWow64\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...0416.7021296296

[Java Plug-in 1.4.2_03]
InProcServer32 = I:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in 1.6.0_21]
InProcServer32 = I:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_21]
InProcServer32 = I:\Program Files (x86)\Java\jre6\bin\npjpi160_21.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = I:\Windows\SysWOW64\Macromed\Flash\Flash10i.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = I:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTPID.ocx
CODEBASE = http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: I:\Windows\system32\NLAapi.dll
NameSpace #2: I:\Windows\System32\mswsock.dll
NameSpace #3: I:\Windows\System32\winrnr.dll
NameSpace #4: I:\Windows\system32\napinsp.dll
NameSpace #5: I:\Windows\system32\pnrpnsp.dll
NameSpace #6: I:\Windows\system32\pnrpnsp.dll
NameSpace #7: I:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
NameSpace #8: I:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
NameSpace #9: I:\Windows\system32\wshbth.dll
Protocol #1: I:\Windows\system32\mswsock.dll
Protocol #2: I:\Windows\system32\mswsock.dll
Protocol #3: I:\Windows\system32\mswsock.dll
Protocol #4: I:\Windows\system32\mswsock.dll
Protocol #5: I:\Windows\system32\mswsock.dll
Protocol #6: I:\Windows\system32\mswsock.dll
Protocol #7: I:\Windows\system32\mswsock.dll
Protocol #8: I:\Windows\system32\mswsock.dll
Protocol #9: I:\Windows\system32\mswsock.dll
Protocol #10: I:\Windows\system32\mswsock.dll
Protocol #11: I:\Windows\system32\mswsock.dll
Protocol #12: I:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

SAS Core Service: "I:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" (autostart)
1394 OHCI Compliant Host Controller: system32\DRIVERS\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\DRIVERS\acpipmi.sys (manual start)
Acronis Scheduler2 Service: "I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" (autostart)
Adobe LM Service: "I:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adp94xx: \SystemRoot\system32\DRIVERS\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\DRIVERS\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\DRIVERS\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
afcdp: system32\DRIVERS\afcdp.sys (manual start)
Acronis Nonstop Backup service: I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (autostart)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\RTKVAC64.SYS (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\DRIVERS\aliide.sys (manual start)
ALSysIO: \??\I:\Users\Eddie\AppData\Local\Temp\ALSysIO64.sys (manual start)
amdide: \SystemRoot\system32\DRIVERS\amdide.sys (manual start)
AMD K8 Processor Driver: system32\DRIVERS\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\DRIVERS\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\DRIVERS\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\DRIVERS\amdsbs.sys (manual start)
amdxata: system32\DRIVERS\amdxata.sys (system)
@%windir%\system32\inetsrv\iisres.dll,-30011: %windir%\system32\svchost.exe -k apphost (autostart)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Apple Mobile Device: "I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\DRIVERS\arc.sys (manual start)
arcsas: \SystemRoot\system32\DRIVERS\arcsas.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\DRIVERS\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\DRIVERS\bxvbda.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)
Broadcom 802.11 Network Adapter Driver: system32\DRIVERS\bcmwl664.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
BHDrvx64: \??\I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth AV Profile: system32\drivers\bthav.sys (manual start)
Bluetooth AVRCP Profile: system32\DRIVERS\BthAvrcp.sys (manual start)
Bluetooth Enumerator Service: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth Modem Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
Bluetooth Audio Device Service: system32\drivers\btwaudio.sys (manual start)
Bluetooth AVDT: system32\DRIVERS\btwavdt.sys (manual start)
Bluetooth Service: I:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (autostart)
Bluetooth L2CAP Service: system32\DRIVERS\btwl2cap.sys (manual start)
btwrchid: system32\DRIVERS\btwrchid.sys (manual start)
Symantec Hash Provider: \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys (system)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Certificate Propagation: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\DRIVERS\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (manual start)
Microsoft .NET Framework NGEN v4.0.30319_X86: I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft .NET Framework NGEN v4.0.30319_X64: I:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\DRIVERS\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
COMMONFX: system32\drivers\COMMONFX.SYS (manual start)
COMMONFX.DLL: system32\COMMONFX.DLL (manual start)
COMMONFX.SYS: \SystemRoot\System32\drivers\COMMONFX.SYS (manual start)
Compbatt: \SystemRoot\system32\DRIVERS\compbatt.sys (manual start)
Composite Bus Enumerator Driver: system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
cpuz130: \??\I:\Users\Eddie\AppData\Local\Temp\cpuz130\cpuz_x64.sys (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\DRIVERS\crcdisk.sys (disabled)
Creative ALchemy AL6 Licensing Service: "I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" (manual start)
Creative Audio Engine Licensing Service: "I:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" (manual start)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\cscsvc.dll,-202: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
CT20XUT.DLL: system32\CT20XUT.DLL (manual start)
Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
CTAUDFX: system32\drivers\CTAUDFX.SYS (manual start)
CTAUDFX.DLL: system32\CTAUDFX.DLL (manual start)
CTAUDFX.SYS: \SystemRoot\System32\drivers\CTAUDFX.SYS (manual start)
Creative Audio Service: I:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (autostart)
CTEAPSFX.DLL: system32\CTEAPSFX.DLL (manual start)
CTEDSPFX.DLL: system32\CTEDSPFX.DLL (manual start)
CTEDSPIO.DLL: system32\CTEDSPIO.DLL (manual start)
CTEDSPSY.DLL: system32\CTEDSPSY.DLL (manual start)
CTERFXFX: system32\drivers\CTERFXFX.SYS (manual start)
CTERFXFX.DLL: system32\CTERFXFX.DLL (manual start)
CTERFXFX.SYS: \SystemRoot\System32\drivers\CTERFXFX.SYS (manual start)
CTEXFIFX.DLL: system32\CTEXFIFX.DLL (manual start)
CTHWIUT.DLL: system32\CTHWIUT.DLL (manual start)
Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
CTSBLFX: system32\drivers\CTSBLFX.SYS (manual start)
CTSBLFX.DLL: system32\CTSBLFX.DLL (manual start)
CTSBLFX.SYS: \SystemRoot\System32\drivers\CTSBLFX.SYS (manual start)
Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\DRIVERS\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\DRIVERS\evbda.sys (manual start)
Symantec Eraser Control driver: \??\I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (system)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\DRIVERS\elxstor.sys (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
EraserUtilRebootDrv: \??\I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\DRIVERS\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Lavalys EVEREST Kernel Driver: \??\I:\Users\Eddie\AppData\Local\Temp\EverestDriver.sys (manual start)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
FLEXnet Licensing Service: "I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start)
FLEXnet Licensing Service 64: "I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\DRIVERS\gagp30kx.sys (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Google Update Service (gupdate): "I:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (autostart)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)
Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
HASP License Manager: I:\Windows\system32\hasplms.exe -run (autostart)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\DRIVERS\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\DRIVERS\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\DRIVERS\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\DRIVERS\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
iaStorV: \SystemRoot\system32\DRIVERS\iaStorV.sys (manual start)
InstallDriver Table Manager: "I:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
IDSVia64: \??\I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100910.001\IDSvia64.sys (system)
iirsp: \SystemRoot\system32\DRIVERS\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
intelide: \SystemRoot\system32\DRIVERS\intelide.sys (manual start)
Intel Processor Driver: \SystemRoot\system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\DRIVERS\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
iPod Service: "I:\Program Files\iPod\bin\iPodService.exe" (autostart)
IrDA Protocol: system32\DRIVERS\irda.sys (autostart)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
@%SystemRoot%\System32\irmon.dll,-2000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Serial Infrared Driver: system32\DRIVERS\irsir.sys (manual start)
isapnp: \SystemRoot\system32\DRIVERS\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\DRIVERS\msiscsi.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
LicCtrl Service: I:\Windows\runservice.exe (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\DRIVERS\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\DRIVERS\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\DRIVERS\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\DRIVERS\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000: "I:\Program Files\Microsoft Fix it Center\Matsvc.exe" (manual start)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\DRIVERS\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\DRIVERS\MegaSR.sys (manual start)
MEMSWEEP2: \??\I:\Windows\system32\618F.tmp (manual start)
mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit: "I:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" (autostart)
Microsoft Office Groove Audit Service: "I:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" (manual start)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
mpio: \SystemRoot\system32\DRIVERS\mpio.sys (manual start)
Microsoft Malware Protection Network Driver: system32\DRIVERS\MpNWMon.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
Windows Firewall: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\DRIVERS\msahci.sys (manual start)
MSCamSvc: "I:\Program Files\Microsoft LifeCam\MSCamS64.exe" (autostart)
msdsm: \SystemRoot\system32\DRIVERS\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\DRIVERS\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (autostart)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "I:\Program Files\Microsoft Security Essentials\MsMpEng.exe" (disabled)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\DRIVERS\MTConfig.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NAVENG: \??\I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100913.048\ENG64.SYS (manual start)
NAVEX15: \??\I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100913.048\EX64.SYS (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (autostart)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
Netlogon: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Net.Msmq Listener Adapter: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator (autostart)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" (autostart)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Linksys WPC600N/WMP600N Wireless-N Card Driver for Vista: system32\DRIVERS\netr28x.sys (manual start)
RT73 USB Wireless LAN Card Driver for Vista: system32\DRIVERS\netr7364.sys (manual start)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" (autostart)
Net.Tcp Port Sharing Service: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
nfrd960: \SystemRoot\system32\DRIVERS\nfrd960.sys (manual start)
nHancer Support: "I:\Program Files\nHancer\nHancerService.exe" (autostart)
Norton Internet Security: "I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "I:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1 (autostart)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Pure Networks Platform Service: "I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" (autostart)
Nokia USB Generic: system32\drivers\ccdcmbox64.sys (manual start)
Nokia USB Phone Parent: system32\drivers\ccdcmbx64.sys (manual start)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
Service for NVIDIA® nForce™ Audio Enumerator: system32\drivers\nvax64.sys (manual start)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\nvm62x64.sys (manual start)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
Service for NVIDIA® nForce™ Audio: system32\drivers\nvapu64.sys (manual start)
nvraid: \SystemRoot\system32\DRIVERS\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\DRIVERS\nvstor.sys (manual start)
nvstor64: system32\DRIVERS\nvstor64.sys (system)
NVIDIA Display Driver Service: I:\Windows\system32\nvvsvc.exe (autostart)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\DRIVERS\nv_agp.sys (manual start)
Microsoft Office Diagnostics Service: "I:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\DRIVERS\ohci1394.sys (manual start)
Office Source Engine: "I:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
Program Compatibility Assistant Service: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
PCCS Mode Change Filter Driver: system32\DRIVERS\pccsmcfdx64.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
pciide: system32\DRIVERS\pciide.sys (system)
pcmcia: \SystemRoot\system32\DRIVERS\pcmcia.sys (manual start)
PCPitstop Scheduling: I:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (disabled)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PDAgent: "I:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" (autostart)
PDEngine: "I:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" (manual start)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%SystemRoot%\system32\peerdistsvc.dll,-9000: %SystemRoot%\System32\svchost.exe -k PeerDist (manual start)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Pure Networks Device Discovery Driver: system32\DRIVERS\pnarp.sys (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\DRIVERS\processr.sys (manual start)
PRODIGY: System32\Drivers\PRODIGY.SYS (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
Pure Networks Wireless Driver: system32\DRIVERS\purendis.sys (autostart)
ql2300: \SystemRoot\system32\DRIVERS\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\DRIVERS\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
@%windir%\WindowsMobile\rapimgr.dll,-104: %SystemRoot%\system32\svchost.exe -k WindowsMobile (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: system32\DRIVERS\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\drivers\rdpdr.sys (manual start)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
RivaTuner64: \??\I:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek RTL8187SE Wireless LAN PCIE Network Adapter: system32\DRIVERS\RTL8187Se.sys (manual start)
s3cap: \SystemRoot\system32\DRIVERS\vms3cap.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\I:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (system)
SASKUTIL: \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (system)
sbp2port: \SystemRoot\system32\DRIVERS\sbp2port.sys (manual start)
Smart Card: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Smart Card Removal Policy: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
SeaPort: "I:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" (autostart)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Adaptive Brightness: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Serial Mouse Driver: \SystemRoot\system32\DRIVERS\sermouse.sys (manual start)
ServiceLayer: "I:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\DRIVERS\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\DRIVERS\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\DRIVERS\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\DRIVERS\sfloppy.sys (manual start)
Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\DRIVERS\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\DRIVERS\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
Acronis Snapshots Manager: system32\DRIVERS\snapman.sys (system)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (disabled)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
Software Protection: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
sptd: \SystemRoot\System32\Drivers\sptd.sys (disabled)
Symantec Real Time Storage Protection x64: \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS (system)
Symantec Real Time Storage Protection (PEL) x64: \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS (system)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
SSDP Discovery: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Steam Client Service: I:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService (manual start)
NVIDIA Stereoscopic 3D Driver Service: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (autostart)
stexstor: \SystemRoot\system32\DRIVERS\stexstor.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
@%SystemRoot%\system32\vmstorfltres.dll,-1000: system32\DRIVERS\vmstorfl.sys (system)
storvsc: \SystemRoot\system32\DRIVERS\storvsc.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Software Shadow Copy Provider: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symantec Data Store: system32\drivers\NISx64\1107000.00C\SYMDS64.SYS (system)
Symantec Extended File Attributes: system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS (system)
SymEvent: \??\I:\Windows\system32\Drivers\SYMEVENT64x86.SYS (manual start)
Symantec Network Security Intermediate Filter Driver: system32\DRIVERS\SymIMv.sys (system)
Symantec Iron Driver: \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS (system)
Symantec Vista Network Dispatch Driver: \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS (system)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
Acronis Try&Decide and Restore Points filter (build 258): system32\DRIVERS\tdrpm258.sys (system)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Acronis Backup Archive Explorer: system32\DRIVERS\timntr.sys (system)
TOSHIBA Bluetooth Service: I:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (manual start)
Bluetooth COM Port: system32\DRIVERS\tosporte.sys (manual start)
Bluetooth RFBUS: system32\DRIVERS\tosrfbd.sys (manual start)
Bluetooth RFBNEP: System32\Drivers\tosrfbnp.sys (manual start)
Bluetooth RFCOMM: System32\Drivers\tosrfcom.sys (system)
Bluetooth RFHID: system32\DRIVERS\Tosrfhid.sys (manual start)
Bluetooth Personal Area Network: system32\DRIVERS\tosrfnds.sys (manual start)
Bluetooth Audio: system32\drivers\tosrfsnd.sys (manual start)
Bluetooth USB Controller: system32\DRIVERS\tosrfusb.sys (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Modules Installer: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\DRIVERS\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\DRIVERS\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\DRIVERS\umpass.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
UPnP Device Host: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
upperdev: system32\DRIVERS\usbser_lowerfltx64.sys (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl64.sys (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\DRIVERS\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Modem Driver: system32\drivers\usbser.sys (manual start)
UsbserFilt: system32\DRIVERS\usbser_lowerfltx64j.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\DRIVERS\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
vhdmp: \SystemRoot\system32\DRIVERS\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\DRIVERS\viaide.sys (manual start)
@%SystemRoot%\system32\vmbusres.dll,-1000: \SystemRoot\system32\DRIVERS\vmbus.sys (manual start)
VMBusHID: \SystemRoot\system32\DRIVERS\VMBusHID.sys (manual start)
Volume Manager Driver: system32\DRIVERS\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\DRIVERS\volsnap.sys (system)
Virtual PC Host Bus Service: system32\DRIVERS\vpchbus.sys (manual start)
Virtual PC Network Filter Driver: system32\DRIVERS\vpcnfltr.sys (system)
USB Virtualization Connector Service: system32\DRIVERS\vpcusb.sys (manual start)
@%SystemRoot%\system32\drivers\vpcvmm.sys,-100: system32\drivers\vpcvmm.sys (system)
vsmraid: \SystemRoot\system32\DRIVERS\vsmraid.sys (manual start)
Volume Shadow Copy: %systemroot%\system32\vssvc.exe (manual start)
Virtual WiFi Bus Driver: system32\DRIVERS\vwifibus.sys (manual start)
Virtual WiFi Filter Driver: system32\DRIVERS\vwififlt.sys (system)
Microsoft Virtual WiFi Miniport Service: system32\DRIVERS\vwifimp.sys (manual start)
VX-3000: system32\DRIVERS\VX3000.sys (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%windir%\system32\inetsrv\iisres.dll,-30003: %windir%\system32\svchost.exe -k iissvcs (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\DRIVERS\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%windir%\system32\inetsrv\iisres.dll,-30001: %windir%\system32\svchost.exe -k iissvcs (manual start)
Windows Activation Technologies Service: %SystemRoot%\system32\Wat\WatAdminSvc.exe (autostart)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%windir%\WindowsMobile\wcescomm.dll,-40079: %SystemRoot%\system32\svchost.exe -k WindowsMobile (autostart)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\DRIVERS\wd.sys (manual start)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Error Reporting Service: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
Windows Defender: %SystemRoot%\System32\svchost.exe -k secsvcs (manual start)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
WinUsb: system32\DRIVERS\WinUsb.sys (manual start)
WLAN AutoConfig: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Live ID Sign-in Assistant: "I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
WWAN AutoConfig: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)
NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller: system32\DRIVERS\yk62x64.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = PDBoot.exe

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 67,691 bytes
Report generated in 0.282 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


I`m running the ESET scanner as I write this

Good luck with this.

Eddie



PS.
Started ESET scanner.
It is hanging on component dwnload.
Will leave it over night to see if it does download

Edited by Eddie123, 14 September 2010 - 05:08 PM.

my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard

#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 14 September 2010 - 10:34 AM

OK, I'll wait for your edited post

Thanks!!
PW

#14 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:31 PM

Posted 15 September 2010 - 10:44 AM

Hello Eddie123,

I forgot to mention not to edit replies as we are not notified when they are edited. Post a new reply thumbup2.gif

Do you have a Windows 7 installation disk or know where you can borrow one?

The good news is that your system is clean. The bad news it is your system is very unstable. The problems you are experiencing indicate either a hardware or software problem and could be because of missing or corrupt system files.

Step 1.

Let's check your hard disk.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive I and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check.
    Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.

Step 2.

Run Startup Repair.
  • Restart your computer and tap the F8 key as soon as it starts.
  • Windows should load the Boot Menu
  • In the Boot Menu if the option is there choose Repair your computer
  • Startup Repair will now attempt to fix errors.
  • Please do not choose/run any other option in the boot menu unless asked to.
After running Startup Repairand ChkDsk reboot Windows and let me know if you are still having problems.

Note: If the Startup Repair option is unavailable you will need a Windows 7 installation disk

Thanks!!
PW

#15 Eddie123

Eddie123
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:31 PM

Posted 15 September 2010 - 03:58 PM

Hi again.
Thankyou again for getting back to me.

Not sure that it`s good news that i`m no longer infected.
Have just completed step 1 check disk.
Disk went through with no errors.

Just Done step 2
On pressing F8 i choose start up repair.
It later came back with a message to say......Startup could not detect problem.

(The other options were no help to me).
System restore dosn`t work.
I`ve not set up the back up so cant use that either. Doh!


OK I`m getting lost now.

Eddie

Edited by Eddie123, 15 September 2010 - 04:31 PM.

my spec is.
ASUS A8N-SLI SE ACPI BIOS Revision 0502 motherboard
4 x 1 GB DDR400 memory sticks.
Win 7 64 bit
2.53 gigahertz AMD Athlon 64 X2 Dual Core (4800+)
NVIDIA GeForce GTX 260 [Display adapter]
Creative SB Audigy 2 ZS (WDM) soundcard




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users