Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't start normally


  • This topic is locked This topic is locked
24 replies to this topic

#1 nacho1_1

nacho1_1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 13 June 2011 - 01:30 PM

I'm running Windows 7 64-bit.
A week or two ago, I was searching on Yahoo, I clicked on a link, then my computer shut off by itself. I turned it back on, and the screen that asks if you want to start up Windows normally or go into safe mode came up. I chose to start it normally. Afterward, a screen came up that I've never seen before that said "Windows is loading files..." It then tried to run startup repair, and the results said that "ci.dll" is corrupt. Now my computer only runs when I disable the driver signatures option as the computer is starting up, random pop-ups come up when I'm on the internet, and Yahoo search redirects.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by CHICKEN at 12:41:25 on 2011-06-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1523 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\CHICKEN\AppData\Roaming\Smilebox\SmileboxTray.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SmileboxTray] "C:\Users\CHICKEN\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [20090604] C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 2.0 Deluxe\RegApp\encore_reg.rpd"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: minecraft.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DFE1B3A0-DE25-4BE6-95A6-12FA37CC2CF7} - hxxp://gbctechtraining.com/student/emtc/finalexams/EMT01.CAB
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D25F7751-4C3E-484D-984A-5AA4600D18BD} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D25F7751-4C3E-484D-984A-5AA4600D18BD}\6596277696E6D4F62696C65602D4966496232303030223936302355636572756 : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
BHO-X64: Softonic-Eng7 - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\prxtbSof2.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CHICKEN\AppData\Roaming\Mozilla\Firefox\Profiles\5izqchbj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\CHICKEN\AppData\Roaming\Mozilla\Firefox\Profiles\5izqchbj.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YoYo Games InstantPlay: yyginstantplay@yoyogames.com - %profile%\extensions\yyginstantplay@yoyogames.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AxiomAudioDevMon;Axiom Audio Device Monitor;C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-2-19 1632776]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-2-11 300400]
R3 AXIOM;Service for M-Audio Axiom;C:\Windows\system32\DRIVERS\MAudioAxiom.sys --> C:\Windows\system32\DRIVERS\MAudioAxiom.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-08 23:56:29 -------- d-----w- C:\Users\CHICKEN\AppData\Local\{FE232C0B-7A82-4861-935F-A83D0A0B22AE}
2011-06-08 23:56:29 -------- d-----w- C:\Users\CHICKEN\AppData\Local\{9CEDDB75-FDE5-4552-8251-90EB74F9EADA}
2011-06-06 04:19:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-06 04:19:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-30 04:48:27 780224 ----a-w- C:\Windows\System32\ci (original).dll
2011-05-30 04:47:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-30 04:47:55 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-30 04:47:48 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-30 03:31:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-05-29 22:49:35 -------- d-----w- C:\ProgramData\Recovery
2011-05-27 05:06:23 -------- d-----w- C:\Users\CHICKEN\.lilypond-fonts.cache-2
.
==================== Find3M ====================
.
2011-04-13 03:47:24 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 12:41:46.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 15 June 2011 - 03:07 PM

Hi nacho1_1,

I will assist you with the issue.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Edited by farbar, 15 June 2011 - 03:30 PM.


#3 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 June 2011 - 03:56 PM

I just finished the scan.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.8
Ran by SYSTEM at 2011-06-15 15:52:40
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2041344 2010-02-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: []
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [36272 2010-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2003-08-18] (Fellowes, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [2041344 2010-02-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKU\CHICKEN\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2010-11-17] (Valve Corporation)
HKU\CHICKEN\...\Run: [SmileboxTray] "C:\Users\CHICKEN\AppData\Roaming\Smilebox\SmileboxTray.exe" [313160 2011-04-12] (Smilebox, Inc.)
HKU\CHICKEN\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\CHICKEN\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30208 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe [30208 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2870272 2011-02-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2870272 2011-02-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1


==================== Services ====================

3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-03-27] (LSI Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2009-07-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-02-18] (Apple Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2009-07-13] (Microsoft Corporation)
2 AxiomAudioDevMon; "C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe" [1632776 2010-02-19] (M-Audio)
3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [349472 2011-04-06] (Apple Inc.)
3 Browser; C:\Windows\System32\browser.dll [136192 2009-07-13] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [793640 2008-02-08] (Broadcom Corporation.)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [182272 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2009-07-13] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2009-07-13] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
2 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696320 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2009-07-13] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
3 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
2 FontCache; C:\Windows\System32\FntCache.dll [1135104 2011-02-18] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [250616 2009-06-05] (WildTangent, Inc.)
2 gpsvc; C:\Windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [231936 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2009-07-13] (Microsoft Corporation)
2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [120832 2009-10-15] (Hewlett-Packard)
3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [229944 2009-04-30] (Hewlett-Packard Development Company, L.P.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856384 2009-06-10] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [565760 2009-07-13] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [934176 2011-06-07] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [300400 2010-02-11] (Eastman Kodak Company)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-08-26] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84480 2009-07-13] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [127488 2009-07-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [475648 2009-07-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
2 nvsvc; C:\Windows\system32\nvvsvc.exe [382496 2009-07-29] (NVIDIA Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1390080 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [208384 2009-07-13] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1114624 2010-11-01] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-13] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [104960 2009-07-13] (Microsoft Corporation)
4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [369664 2009-07-13] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [558592 2010-08-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [403240 2011-06-02] (Valve Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [578560 2009-07-13] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1780736 2009-07-13] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [93184 2009-07-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316416 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [706560 2009-07-13] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2010-05-04] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1503744 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-09-13] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [258048 2010-12-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [442880 2010-12-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018816 2009-07-13] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2009-07-13] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [116736 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2418176 2009-07-13] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [75264 2009-07-13] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)
2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [x]

==================== Drivers ====================

3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-13] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-13] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\DRIVERS\acpipmi.sys [12288 2009-07-13] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [500224 2009-07-13] (Microsoft Corporation)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1209856 2009-08-13] (LSI Corporation)
3 agp440; C:\Windows\System32\DRIVERS\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\DRIVERS\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
3 amdide; C:\Windows\System32\DRIVERS\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2009-07-13] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
3 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [137736 2010-02-19] (M-Audio)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-13] (Microsoft Corporation)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [551936 2009-07-13] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [79360 2009-07-13] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [92200 2008-01-28] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [120872 2008-01-28] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [36392 2008-01-28] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [19880 2008-01-28] (Broadcom Corporation.)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-13] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\DRIVERS\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-13] (Microsoft Corporation)
3 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-13] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-13] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2011-01-25] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\System32\DRIVERS\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-13] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-09-25] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-13] (Microsoft Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-13] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\DRIVERS\HpSAMD.sys [77888 2009-07-13] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-13] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-13] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
3 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2004128 2009-09-15] (Realtek Semiconductor Corp.)
3 intelide; C:\Windows\System32\DRIVERS\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\DRIVERS\IPMIDrv.sys [78848 2009-07-13] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [224832 2009-07-13] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-13] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153160 2009-12-11] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2009-03-13] (http://libusb-win32.sourceforge.net)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-13] (Microsoft Corporation)
3 mpio; C:\Windows\System32\DRIVERS\mpio.sys [155216 2009-07-13] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2009-07-13] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2011-02-22] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [286720 2011-02-22] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [126464 2011-02-22] (Microsoft Corporation)
3 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-13] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\DRIVERS\msdsm.sys [140352 2009-07-13] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-13] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1657216 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11532704 2009-07-29] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339744 2009-07-30] (NVIDIA Corporation)
3 nvraid; C:\Windows\System32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [241696 2009-08-04] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-13] (Microsoft Corporation)
0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] (Microsoft Corporation)
3 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] (Microsoft Corporation)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-13] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] (Microsoft Corporation)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Realtek Semiconductor Corporation )
3 sbp2port; C:\Windows\System32\DRIVERS\sbp2port.sys [104016 2009-07-13] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\DRIVERS\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [14336 2009-07-13] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-02-22] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [401920 2011-02-22] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-02-22] (Microsoft Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1896832 2010-06-13] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1896832 2010-06-13] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-13] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\DRIVERS\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-13] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\DRIVERS\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2011-03-24] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-24] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [91136 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [30720 2011-03-24] (Microsoft Corporation)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [19968 2009-07-13] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\DRIVERS\vhdmp.sys [217680 2009-07-13] (Microsoft Corporation)
3 viaide; C:\Windows\System32\DRIVERS\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-13] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [29288 2009-10-13] (Wondershare)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-13] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [79976 2009-08-20] (Microsoft Corporation)
3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [x]
3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]

========================= NetSvcs ============================

============ One Month Created Files and folders =============

2011-06-15 15:52 - 2011-06-15 15:52 - 0000000 ____D C:\FRST
2011-06-15 12:39 - 2011-06-15 12:39 - 3397771 ____A (Creative Technology Ltd) C:\Users\CHICKEN\Downloads\MStorage_PCDRV_LB_1_07_00_250.exe
2011-06-15 12:26 - 2011-06-15 12:26 - 1080385 ____A C:\Users\CHICKEN\Downloads\FRST64.exe
2011-06-15 11:22 - 2011-06-15 11:22 - 3554356 ____A C:\Users\CHICKEN\Downloads\September by. Earth, Wind and Fire.mp3
2011-06-14 19:19 - 2011-06-14 19:20 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{214E74E8-6853-4A1D-9F3C-4453AB8B9AB6}
2011-06-14 16:40 - 2011-06-14 17:15 - 0000000 __SHD C:\Config.Msi
2011-06-14 16:40 - 2011-06-14 16:40 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-06-14 16:28 - 2011-06-14 16:37 - 81614632 ____A (Apple Inc.) C:\Users\CHICKEN\Downloads\iTunes64Setup(2).exe
2011-06-14 12:10 - 2011-06-14 12:10 - 0001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-06-14 12:10 - 2011-06-14 12:10 - 0000000 ____D C:\Program Files\iTunes
2011-06-14 12:10 - 2011-06-14 12:10 - 0000000 ____D C:\Program Files\iPod
2011-06-14 12:10 - 2011-06-14 12:10 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-06-14 12:09 - 2011-06-14 12:09 - 0000000 ____D C:\Program Files\Bonjour
2011-06-14 12:09 - 2011-06-14 12:09 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-06-13 09:30 - 2011-06-13 09:30 - 0000000 ____A C:\Users\CHICKEN\defogger_reenable
2011-06-13 09:23 - 2011-06-13 09:24 - 0607310 ____R (Swearware) C:\Users\CHICKEN\Desktop\dds.scr
2011-06-08 15:56 - 2011-06-08 15:56 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{FE232C0B-7A82-4861-935F-A83D0A0B22AE}
2011-06-08 15:56 - 2011-06-08 15:56 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{9CEDDB75-FDE5-4552-8251-90EB74F9EADA}
2011-06-05 20:29 - 2011-06-05 20:29 - 0134583 ____A C:\Users\CHICKEN\Downloads\SUMW1112.mpo
2011-06-05 20:25 - 2011-06-05 20:25 - 0139939 ____A C:\Users\CHICKEN\Downloads\ALTP1111.mpo
2011-06-05 20:19 - 2011-06-06 11:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-06-05 20:19 - 2011-06-06 11:18 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-06-05 20:19 - 2011-06-05 20:19 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-05 20:16 - 2011-06-05 20:17 - 16409960 ____A (Safer Networking Limited ) C:\Users\CHICKEN\Downloads\spybotsd162.exe
2011-05-30 21:33 - 2011-05-30 21:25 - 490815684 ____A C:\Users\CHICKEN\Downloads\Blazblue USA.part2.rar
2011-05-30 13:37 - 2011-05-30 14:49 - 524288000 ____A C:\Users\CHICKEN\Downloads\Blazblue USA.part1.rar
2011-05-29 20:48 - 2009-07-13 17:43 - 0780224 ____A (Microsoft Corporation) C:\Windows\System32\ci (original).dll
2011-05-29 20:47 - 2011-04-22 12:18 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-05-29 20:47 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-05-29 20:47 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-05-29 19:31 - 2011-05-29 20:25 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-05-29 14:49 - 2011-05-29 22:16 - 0000000 ____D C:\Users\All Users\Recovery
2011-05-29 14:49 - 2011-05-29 22:16 - 0000000 ____D C:\ProgramData\Recovery
2011-05-26 21:06 - 2011-05-26 21:07 - 0000000 ____D C:\Users\CHICKEN\.lilypond-fonts.cache-2
2011-05-24 20:09 - 2011-05-24 20:10 - 1708994 ____A (Kenneth Rundt ) C:\Users\CHICKEN\Downloads\VienaSetup.exe

============ 3 Months Modified Files and folders =============%

Edited by nacho1_1, 15 June 2011 - 05:16 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 15 June 2011 - 04:01 PM

Good. But we need the rest of the log.

Also tell me if you have done anything to ci.dll about two week ego:

2011-05-30 04:48:27 780224 ----a-w- C:\Windows\System32\ci (original).dll



#5 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 June 2011 - 05:10 PM

I had a backup, so I tried to replace the corrupt one with the original. It wouldn't let me. I checked the properties of the corrupt one, and under the "Security" tab, I saw that the ability to modify/write was only given to a usergroup called "TrustedInstaller".

EDIT: Whoops, didn't realize I forgot to post the rest of the log. I'll fix the last post.

Edited by nacho1_1, 15 June 2011 - 05:15 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 15 June 2011 - 05:15 PM

Thanks for your feedback. I can check it but it is not needed if you confirm that you have not removed or overwrite the original ci.dll? Because the problem is not ci.dll and we should not do anything to that. Please confirm that the original ci.dll is still there.

Also please post the rest of the FRST.txt, what you have posted is a part of it.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 15 June 2011 - 05:30 PM

Hi,

Please post the rest of the log to a new reply. If edit the old posts I will not get any notification and by doing that I would miss your post.

Just to let you know it is too late here and I'll get back to you tomorrow.

Also please give me feedback about my previous post as it will save us one extra step to check it.

More important: Please don't do anything on your own. Tomorrow we will take care of the boot problem with a fix.

#8 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 June 2011 - 05:48 PM

It's not letting me post the rest of the log. Whenever I do, it says "Problem loading page - The connection to the server was reset while the page was loading."

Edited by nacho1_1, 15 June 2011 - 05:49 PM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 16 June 2011 - 01:00 AM

Please try to attach the log like your first post.

You miss some posts here: http://www.bleepingcomputer.com/forums/topic403572.html/page__view__findpost__p__2294124

#10 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 June 2011 - 01:34 PM

Thanks for your feedback. I can check it but it is not needed if you confirm that you have not removed or overwrite the original ci.dll? Because the problem is not ci.dll and we should not do anything to that. Please confirm that the original ci.dll is still there.


Yes, ci.dll is still there. Also, I checked the Properties of ci.dll again, and I'm sure it is the original. Exact same filesize as the backup, and it hasn't been edited since 2009.

It's not letting me attach FRST.txt either.

Edited by nacho1_1, 16 June 2011 - 01:35 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 16 June 2011 - 03:56 PM

Please go to: http://www.mediafire.com/

Drag and drop FRST.txt into the upload button. You will get a link to the uploaded file. Please post the link here.

#12 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 June 2011 - 09:19 PM

When I go to Mediafire, it won't let me upload the whole log. I tried changing the extension, and nothing happened. I tried splitting the rest of the log in four parts, and only the last 3 uploaded.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 17 June 2011 - 12:49 AM

What are the links? :wacko:

#14 nacho1_1

nacho1_1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 June 2011 - 07:19 PM

FRST2.txt
http://www.mediafire.com/download.php?ad7p00aymygyeqb

FRST3.txt
http://www.mediafire.com/download.php?15mm9v5spda7q37

FRST4.txt
http://www.mediafire.com/download.php?uu7t3e8138jfdfm

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 PM

Posted 18 June 2011 - 07:38 PM

Well done. Here is the log:

2011-05-29 20:29 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-05-29 20:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-05-29 20:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-05-29 20:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-05-29 20:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2011-05-29 20:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\wbem
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2011-05-29 20:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-05-29 20:27 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-05-29 20:27 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-05-29 20:27 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-05-29 20:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2011-05-29 20:25 - 2011-05-29 19:31 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-05-29 20:25 - 2010-05-03 12:57 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\Hewlett-Packard
2011-05-29 20:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-05-29 20:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-05-29 20:21 - 2010-05-03 13:10 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\Adobe
2011-05-29 14:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-05-28 21:48 - 2010-12-27 20:07 - 0000790 ____A C:\Users\CHICKEN\Desktop\caleb_part.txt
2011-05-26 21:07 - 2011-05-26 21:06 - 0000000 ____D C:\Users\CHICKEN\.lilypond-fonts.cache-2
2011-05-26 19:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-05-26 15:57 - 2010-05-07 19:53 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\ElevatedDiagnostics
2011-05-24 20:11 - 2010-06-27 19:08 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\SynthFont
2011-05-24 20:11 - 2010-06-27 19:08 - 0000000 ____D C:\Program Files (x86)\SynthFont
2011-05-24 20:10 - 2011-05-24 20:09 - 1708994 ____A (Kenneth Rundt ) C:\Users\CHICKEN\Downloads\VienaSetup.exe
2011-05-24 20:05 - 2010-06-27 19:08 - 0000000 ____D C:\Users\CHICKEN\Documents\SynthFont
2011-05-24 19:23 - 2011-03-26 15:22 - 0000000 ____D C:\3DLab
2011-05-10 05:06 - 2011-05-10 05:06 - 4517664 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2011-05-10 05:06 - 2011-05-10 05:06 - 0051712 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2011-05-06 11:36 - 2011-05-06 11:33 - 0000417 ____A C:\Windows\smrpro.INI
2011-05-06 11:32 - 2011-05-06 11:32 - 2276644 ____A (AdmireSoft Co., Ltd. ) C:\Users\CHICKEN\Downloads\smrpro.exe
2011-05-06 11:32 - 2011-05-06 11:32 - 0000000 ____D C:\Program Files (x86)\Admiresoft
2011-05-05 17:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-04-28 10:09 - 2010-01-07 18:28 - 0204102 ____A C:\Windows\PFRO.log
2011-04-27 21:29 - 2011-04-27 21:29 - 0000000 ____D C:\Users\All Users\InstallShield
2011-04-27 21:29 - 2011-04-27 21:29 - 0000000 ____D C:\ProgramData\InstallShield
2011-04-27 21:29 - 2011-04-27 21:16 - 0000000 ____D C:\Program Files (x86)\M-Audio
2011-04-27 21:29 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-04-27 21:28 - 2011-04-27 21:27 - 10308153 ____A (Macrovision Corporation) C:\Users\CHICKEN\Downloads\Enigma_Ver_1.2.exe
2011-04-27 21:18 - 2010-05-03 15:48 - 0001148 ____A C:\Users\CHICKEN\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2011-04-27 21:18 - 2010-05-03 15:48 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2011-04-27 21:15 - 2011-04-27 21:13 - 13679112 ____A (M-Audio) C:\Users\CHICKEN\Downloads\Install M-Audio Axiom 1_1_1.exe
2011-04-27 21:09 - 2011-04-27 21:09 - 0414207 ____A C:\Users\CHICKEN\Downloads\ASIO4ALL_2_10_beta1_English.exe
2011-04-27 21:07 - 2011-04-27 21:07 - 0415759 ____A C:\Users\CHICKEN\Downloads\ASIO4ALL_2_10_English.exe
2011-04-27 20:53 - 2010-05-03 15:47 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2011-04-27 20:44 - 2011-04-27 20:44 - 0002958 ____A C:\Users\CHICKEN\Downloads\FLRegkey.Reg
2011-04-27 20:42 - 2010-05-03 15:46 - 0000000 ____D C:\Program Files (x86)\Image-Line
2011-04-27 20:38 - 2011-04-27 20:07 - 217559329 ____A C:\Users\CHICKEN\Downloads\flstudio_10.0_online.exe
2011-04-27 19:38 - 2011-04-15 13:55 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\GameMaker
2011-04-27 19:29 - 2011-04-27 19:29 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\YoYo_Games_Ltd
2011-04-22 16:46 - 2010-11-12 16:58 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\Smilebox
2011-04-22 12:18 - 2011-05-29 20:47 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-20 19:56 - 2010-01-07 19:04 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-04-19 13:11 - 2011-03-03 12:11 - 0000590 ____A C:\Users\CHICKEN\AppData\Roaming\wklnhst.dat
2011-04-16 12:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-04-16 10:25 - 2010-08-09 19:22 - 0000000 ____D C:\Users\CHICKEN\Documents\YoYoGames
2011-04-16 10:04 - 2011-04-16 10:04 - 0000027 ____A C:\Users\CHICKEN\Downloads\jx3.mgf
2011-04-16 10:01 - 2011-04-16 10:00 - 5129416 ____A (Marco Gamerz) C:\Users\CHICKEN\Downloads\Jin_vs_World_v01.exe
2011-04-16 09:10 - 2009-07-13 20:45 - 1203104 ____A C:\Windows\System32\FNTCACHE.DAT
2011-04-15 20:41 - 2010-01-07 18:52 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-04-15 14:06 - 2011-04-15 13:55 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\GameMaker8.1
2011-04-15 13:55 - 2011-04-15 13:55 - 0000000 ____D C:\Program Files (x86)\Game Maker 8.1
2011-04-15 13:54 - 2011-04-15 13:52 - 14429928 ____A C:\Users\CHICKEN\Downloads\GameMaker-Installer-8.1.exe
2011-04-14 10:05 - 2010-10-15 17:59 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-04-14 07:45 - 2011-04-14 07:45 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{6FFABB8F-FC37-465B-AA83-C3B4BC31699D}
2011-04-14 07:33 - 2011-04-14 07:33 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{70257AC6-5940-459F-81AA-11976508E072}
2011-04-13 12:56 - 2011-04-13 12:56 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{EEF9D78C-5A04-4D73-8F4D-6B43606066A8}
2011-04-12 19:47 - 2011-04-12 19:47 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\Conduit
2011-04-12 19:47 - 2011-04-12 19:47 - 0000000 ____D C:\Program Files (x86)\ConduitEngine
2011-04-12 19:47 - 2011-04-12 19:47 - 0000000 ____A C:\Windows\SysWOW64\ConduitEngine.tmp
2011-04-12 19:47 - 2010-08-12 21:20 - 0000000 ____D C:\Program Files (x86)\Softonic-Eng7
2011-04-12 19:47 - 2010-05-03 12:53 - 0000000 ____D C:\Users\CHICKEN\AppData\LocalLow
2011-04-12 19:44 - 2011-04-12 19:44 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\Windows Live Writer
2011-04-12 19:44 - 2011-04-12 19:44 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\Windows Live Writer
2011-04-12 19:44 - 2011-04-12 19:44 - 0000000 ____D C:\Users\CHICKEN\AppData\Local\{1D71AAFB-4284-4B25-9C46-FEAB0C797D64}
2011-04-12 19:43 - 2011-04-12 19:43 - 0000000 ____D C:\Users\CHICKEN\Tracing
2011-04-12 19:12 - 2011-04-12 19:12 - 0000000 ____D C:\Windows\en
2011-04-12 19:05 - 2010-01-07 19:04 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-04-12 18:44 - 2011-04-12 18:44 - 0000000 ____D C:\Program Files\Windows Live
2011-04-12 18:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-04-12 18:43 - 2010-01-07 19:09 - 0190302 ____A C:\Windows\DirectX.log
2011-04-12 18:40 - 2011-04-12 18:38 - 3145819 ____A C:\Users\CHICKEN\Downloads\pcsx2-0.9.7-r3878-setup.exe
2011-04-12 18:33 - 2011-04-12 18:33 - 0000000 ____D C:\6503906bbd85e064cf052a2f5f8b
2011-04-12 18:21 - 2011-04-12 18:20 - 1286504 ____A (Microsoft Corporation) C:\Users\CHICKEN\Downloads\wlsetup-web.exe
2011-04-11 13:08 - 2011-04-06 18:41 - 0291822 ____A C:\Windows\ntbtlog.txt
2011-04-08 22:58 - 2011-05-29 20:47 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-08 22:45 - 2011-05-11 18:32 - 5509504 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 22:13 - 2011-05-11 18:32 - 3957632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-08 22:13 - 2011-05-11 18:32 - 3901824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-29 20:47 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-04-08 14:52 - 2011-04-08 14:52 - 0343904 ____A C:\Users\CHICKEN\AppData\Local\GDIPFONTCACHEV1.DAT
2011-04-06 20:09 - 2011-04-06 20:09 - 110985216 ___RA C:\ul.1E77652C.SLUS_217.82.04
2011-04-06 20:09 - 2011-04-06 20:09 - 1073741824 ___RA C:\ul.1E77652C.SLUS_217.82.03
2011-04-06 20:09 - 2011-04-06 20:09 - 0000064 ___RA C:\ul-old.cfg
2011-04-06 20:09 - 2011-04-06 20:09 - 0000064 ____A C:\ul.cfg
2011-04-06 20:09 - 2011-04-06 20:08 - 1073741824 ___RA C:\ul.1E77652C.SLUS_217.82.02
2011-04-06 20:08 - 2011-04-06 20:08 - 1073741824 ___RA C:\ul.1E77652C.SLUS_217.82.01
2011-04-06 20:08 - 2011-04-06 20:08 - 1073741824 ___RA C:\ul.1E77652C.SLUS_217.82.00
2011-04-06 19:13 - 2011-04-06 18:40 - 0008174 __ASH C:\Users\CHICKEN\AppData\Local\021kt06rnqmt6u8qid
2011-04-06 19:13 - 2011-04-06 18:40 - 0008174 __ASH C:\Users\All Users\021kt06rnqmt6u8qid
2011-04-06 19:13 - 2011-04-06 18:40 - 0008174 __ASH C:\ProgramData\021kt06rnqmt6u8qid
2011-04-06 19:04 - 2011-04-06 19:03 - 4738880 ____A (AVG Technologies) C:\Users\CHICKEN\Downloads\avg_free_stb_all_2011_1204_cnet.exe
2011-04-06 14:20 - 2010-11-09 16:33 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\ImgBurn
2011-04-06 13:26 - 2011-04-06 13:26 - 0119584 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-04-06 13:26 - 2011-04-06 13:26 - 0096544 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-04-06 13:20 - 2011-04-06 13:20 - 0107808 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-04-06 13:20 - 2011-04-06 13:20 - 0091424 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-04-06 12:50 - 2009-07-13 21:08 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-03-31 20:33 - 2011-03-31 20:33 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-03-31 20:31 - 2011-03-31 20:21 - 81229096 ____A (Apple Inc.) C:\Users\CHICKEN\Downloads\iTunes64Setup.exe
2011-03-26 15:23 - 2011-03-26 15:23 - 0001381 ____A C:\Users\Public\Desktop\Electromechanical Technician.lnk
2011-03-26 15:23 - 2011-03-26 15:23 - 0000025 ____A C:\Windows\cirlogix.ini
2011-03-26 15:23 - 2011-03-26 15:22 - 0000000 ____D C:\CIRLOGIX
2011-03-26 15:22 - 2011-03-26 15:22 - 0001277 ____A C:\Users\Public\Desktop\CircuitLogix.lnk
2011-03-26 15:22 - 2011-03-26 15:22 - 0001233 ____A C:\Users\Public\Desktop\3DLab.lnk
2011-03-26 15:22 - 2011-03-26 15:22 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\InstallShield
2011-03-24 19:23 - 2011-05-11 18:31 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2011-03-24 19:23 - 2011-05-11 18:31 - 0324608 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2011-03-24 19:23 - 2011-05-11 18:31 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2011-03-24 19:22 - 2011-05-11 18:31 - 0052224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2011-03-24 19:22 - 2011-05-11 18:31 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2011-03-24 19:22 - 2011-05-11 18:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2011-03-24 19:22 - 2011-05-11 18:31 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2011-03-19 14:46 - 2011-01-27 15:18 - 0000000 ____D C:\Users\CHICKEN\AppData\Roaming\codeblocks
========================= Known DLLs =========================

Removed the entries to make the log shorter. (Farbar)

================== Bamital & volsnap Check ===================

C:\Windows\System32\winlogon.exe
[2010-05-04 09:19] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\explorer.exe
[2011-04-27 20:25] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\System32\Drivers\volsnap.sys
[2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C
========================= Memory info ========================

Percentage of memory in use: 23%
Total physical RAM: 2815.3 MB
Available physical RAM: 2147.36 MB
Total Pagefile: 2813.45 MB
Available Pagefile: 2128.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions ===========================

1 Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:327.78 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.48 GB) NTFS
4 Drive g: (MICROSD) (Removable) (Total:1.86 GB) (Free:0.17 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users