Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scvhost.exe re-appearing after Malware removal


  • This topic is locked This topic is locked
27 replies to this topic

#1 69Ironhead

69Ironhead

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 15 September 2011 - 06:58 AM

Hello. I noticed recently that my computer would run slower than normal, web pages would redirect and my computer would freeze if I tried to type anything into the windows search box ( Start>Start Search under All Programs). I use AVG for my anti-virus and Malwarebytes for malware. I ran Malware and it discovered a SVCHOST.EXE in my Windows/System folder. I click to removed it, Malware re-boots and I think it is gone. Then I start seeing that Malwarebytes has blocked access to various IP adresses. So, I run it again and find SVCHOST.EXE is back in the Windows/System folder. So, I searched the web and find several ways to remove it but for XP and none of the registry keys are present for me using Vista. So, I find this site and have followed the preparation guide for assistance. I ran Malwarebytes again and created a log. I also have ran GMER and created a log. I cannot run DDS. For some reason it gets to a certain point and hangs up. I let it run for 45 minutes Tuesday and had to re-boot.

Here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7694

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/14/2011 10:45:44 AM
mbam-log-2011-09-14 (10-45-35).txt

Scan type: Quick scan
Objects scanned: 220491
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> No action taken.


And here is my GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-14 16:08:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006b ST350032 rev.SD1A
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agloypog.sys


---- User code sections - GMER 1.0.15 ----

CODE C:\Windows\system\svchost.exe[2332] C:\Windows\system\svchost.exe entry point in "CODE" section [0x00401F90]
.text C:\Program Files\real\realplayer\Update\realsched.exe[3376] kernel32.dll!SetUnhandledExceptionFilter 7647A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x81 0x0E 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xB6 0x0E 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 02FD27A582D420370B6F59F48AECFE00EAE304222EE89A29F34B179D5E28BC9A1B3DDD56621DC70843A5764B206274AB8ABDE26C819EA7CBB7DD9CC5DF3854972D95440902DAED49F39A58D3AC4F6AA64C058258BF18D54256DB724CE3EAF3994B6D4424C979F178C184FE29F97A2AB483DC9DD9B299F7B67473AA96552597D00BA16825E31598E7D38B0E00935FE1EC0AD91076E79CC424BCC87BA062799D3E8602621CBF0288BFD54C509AC82E213D3B065DC8AFCC55DC5C71C17A7C334BB75F52042C9046517AF659B154AE4A5F6279E02AFE200BA98405FAFAC65C4F47E534CA47104D9C6165EB36C3189D4A737229DAC15A90ECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E6677F50FEACDE9C891F98D085C6C39462B9225A6D10366C8681057BB8FB627696D5E125150D2A64DBAD595EB5C4B6AF240359D2B7F50C42B10182A698623BFDB78F1AA0BDA297866BA28BA50B670167A0E07D7B8802C10279176FE41AC4774DA37DF00BC22B0DE7A8CC62B101DAC4F7C9A049452EEBD25B702E2DAD7B080CA8ADC7917D75579981C63172E118BBC7AD53435BF37A5C5F11EC6484CA02041069EDC78CE728CCED603F05B46B551DF3EBB77C36224273A87A888AA1D

---- EOF - GMER 1.0.15 ----

I had a problem running GMER with AVG so, I uninstalled it. And I disabled my virtual CD drives but GMER would crash with "Devices" selected. So, I ran it without it.

Just checking to see if there is any help available. Have not had any response including the automated help bot.

EDIT: Please be patient. There are over 140 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

Edited by Budapest, 19 September 2011 - 12:07 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 20 September 2011 - 07:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419056 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 21 September 2011 - 03:52 AM

If you still need help, post the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 21 September 2011 - 02:08 PM

Sorry, I was re-running the tools for new logs.

Here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7764

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/21/2011 1:59:14 PM
mbam-log-2011-09-21 (13-59-09).txt

Scan type: Quick scan
Objects scanned: 226019
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> 3904 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> No action taken.

And here is my GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 13:45:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006b ST350032 rev.SD1A
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\agloypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA49C8F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA49C8FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA49C9080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA49C911C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 82EE1B74 4 Bytes [3C, 8F, 9C, A4] {CMP AL, 0x8f; PUSHF ; MOVSB }
.text ntkrnlpa.exe!KeSetEvent + 621 82EE1DA4 8 Bytes [E4, 8F, 9C, A4, 80, 90, 9C, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 82EE1E04 4 Bytes [1C, 91, 9C, A4] {SBB AL, 0x91; PUSHF ; MOVSB }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\real\realplayer\Update\realsched.exe[3576] kernel32.dll!SetUnhandledExceptionFilter 75BDA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
CODE C:\Windows\system\svchost.exe[6012] C:\Windows\system\svchost.exe entry point in "CODE" section [0x00401F90]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x81 0x0E 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xB6 0x0E 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x91 0x92 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 02FD27A582D420370B6F59F48AECFE00EAE304222EE89A29F34B179D5E28BC9A1B3DDD56621DC70843A5764B206274AB8ABDE26C819EA7CBB7DD9CC5DF3854972D95440902DAED49F39A58D3AC4F6AA64C058258BF18D54256DB724CE3EAF3994B6D4424C979F178C184FE29F97A2AB483DC9DD9B299F7B67473AA96552597D00BA16825E31598E7D38B0E00935FE1EC0AD91076E79CC424BCC87BA062799D3E8602621CBF0288BFD54C509AC82E213D3B065DC8AFCC55DC5C71C17A7C334BB75F52042C9046517AF659B154AE4A5F6279E02AFE200BA98405FAFAC65C4F47E534CA47104D9C6165EB36C3189D4A737229DAC15A90ECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E6677F50FEACDE9C891F98D085C6C39462B9225A6D10366C8681057BB8FB627696D5E125150D2A64DBAD595EB5C4B6AF240359D2B7F50C42B10182A698623BFDB78F1AA0BDA297866BA28BA50B670167A0E07D7B8802C10279176FE41AC4774DA37DF00BC22B0DE7A8CC62B101DAC4F7C9A049452EEBD25B702E2DAD7B080CA8ADC7917D75579981C63172E118BBC7AD53435BF37A5C5F11EC6484CA02041069EDC78CE728CCED603F05B46B551DF3EBB77C36224273A87A888AA1D

---- EOF - GMER 1.0.15 ----


I am running Vista SP2 32-bit and I have the installation disc. I cannot run the DDS tool. It gets to a certain point and just sits there. This is one of the reasons it has taken me so long to post my logs. My AVG anti-virus also picked up the svchost.exe file and I clicked move to vault. THe file is still there and I have not deleted it. I have deleted it in the past but it has re-appeared everytime.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 22 September 2011 - 01:34 AM

Instead of DDS, lets run OTL.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 22 September 2011 - 07:23 AM

I ran OTL and here are the rsults.

OTL text:

OTL logfile created on: 9/22/2011 8:14:25 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jason\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 49.17% Memory free
5.21 Gb Paging File | 3.83 Gb Available in Paging File | 73.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 161.91 Gb Free Space | 34.76% Space Free | Partition Type: NTFS
Drive D: | 279.45 Gb Total Space | 197.92 Gb Free Space | 70.82% Space Free | Partition Type: NTFS
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/22 08:13:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/09/21 15:17:54 | 002,975,920 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/06 00:52:46 | 000,744,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/08/06 00:52:46 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 07:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/03 07:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/24 08:34:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/08/10 21:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files\EVGA Precision\EVGAPrecision.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/14 16:59:20 | 001,071,472 | ---- | M] (FSPro Labs) -- D:\DAEMON Tools\My Lockbox\flockbox.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/21 15:17:53 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2011/08/06 00:51:50 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2011/01/18 21:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/08/10 21:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files\EVGA Precision\EVGAPrecision.exe
MOD - [2010/08/09 13:52:06 | 000,258,048 | ---- | M] () -- C:\Program Files\EVGA Precision\RTHAL.dll
MOD - [2010/08/09 13:51:58 | 000,229,376 | ---- | M] () -- C:\Program Files\EVGA Precision\RTCore.dll
MOD - [2010/08/09 13:51:54 | 000,139,264 | ---- | M] () -- C:\Program Files\EVGA Precision\RTUI.dll
MOD - [2010/08/09 13:51:50 | 000,061,440 | ---- | M] () -- C:\Program Files\EVGA Precision\RTFC.dll
MOD - [2010/07/27 16:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files\EVGA Precision\RTTSH.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- D:\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/03 09:20:01 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/16 18:12:13 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/12/03 19:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/29 13:47:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/06 15:44:19 | 000,288,368 | ---- | M] (Speedbit Ltd.) [On_Demand | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/02/25 21:59:06 | 001,352,960 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/20 22:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/06 00:52:40 | 000,185,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/08/06 00:52:38 | 000,043,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/08/06 00:52:32 | 000,017,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/08/06 00:52:30 | 000,039,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/08/03 07:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/31 15:37:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/01 13:19:00 | 000,362,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmimx32.sys -- (NVNET55)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2007/12/13 20:13:02 | 000,017,264 | ---- | M] (FSPro Labs) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\MPRIFL.SYS -- (MPRIFL)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)
DRV - [2001/12/27 11:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Wibukey.sys -- (WIBUKEY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBFA3FCA-F710-4C36-B6E2-B1A499DBFA85}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A4A57A15-10E5-43B1-9EE4-3490020C58A0}: C:\Users\Jason\AppData\Local\{A4A57A15-10E5-43B1-9EE4-3490020C58A0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A77D6DF1-6C24-40E5-84F8-92120D6C190C}: C:\Users\Jason\AppData\Local\{A77D6DF1-6C24-40E5-84F8-92120D6C190C}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A2D440E6-DC22-4E76-AFCF-356CD62096E7}: C:\Users\Jason\AppData\Local\{A2D440E6-DC22-4E76-AFCF-356CD62096E7}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBFA3FCA-F710-4C36-B6E2-B1A499DBFA85}: C:\Users\Jason\AppData\Local\{BBFA3FCA-F710-4C36-B6E2-B1A499DBFA85}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/24 19:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/24 19:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 08:34:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/06 09:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/21 15:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011/09/21 15:17:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011/09/21 15:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 13:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 16:17:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/06 09:48:41 | 000,000,000 | ---D | M]

[2010/04/22 11:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/05/18 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/02 17:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\7qettk03.default\extensions
[2011/09/01 13:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\7qettk03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/02 16:39:05 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\7qettk03.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/09/02 13:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/08 18:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/16 15:17:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/12/16 15:16:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/09/09 17:41:56 | 000,438,110 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 15067 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [flockbox] D:\DAEMON Tools\My Lockbox\flockbox.exe (FSPro Labs)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-2555256102-484019428-3655063643-1006..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1000\..Trusted Domains: toolwire.com ([campus] http in Trusted sites)
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1006\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1006\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1006\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-2555256102-484019428-3655063643-1006\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab (LSICapture Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/gom/receiver/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE5E13C9-8CD7-48E4-9088-6F6BAB4169DC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/15 05:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 13:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{8527a695-6778-11df-859f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8527a695-6778-11df-859f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/11/15 05:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{ec447a82-d1e5-11de-a1fe-00044b027611}\Shell - "" = AutoRun
O33 - MountPoints2\{ec447a82-d1e5-11de-a1fe-00044b027611}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 08:11:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/09/21 15:18:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My DAP Downloads
[2011/09/21 15:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
[2011/09/21 15:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2011/09/21 15:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Downloader
[2011/09/21 15:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2011/09/21 14:08:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2011/09/21 14:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\America's Army Deploy Client
[2011/09/21 14:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\America's Army Deploy Client
[2011/09/21 14:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\America's Army Deploy Client
[2011/09/21 13:46:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\HP
[2011/09/15 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Yahoo
[2011/09/15 08:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/15 08:14:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/09/14 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft Games
[2011/09/14 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe
[2011/09/14 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PackageAware
[2011/09/12 15:30:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Mozilla
[2011/09/10 17:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/10 17:00:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/10 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/09/10 16:19:35 | 000,072,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
[2011/09/10 16:19:34 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2011/09/10 16:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2011/09/10 15:56:06 | 001,171,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecureKeyBackupCPL.dll
[2011/09/10 15:35:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Rockstar Games
[2011/09/10 13:46:19 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/09/10 10:32:13 | 000,185,480 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\EuFdDisk.sys
[2011/09/10 10:32:13 | 000,017,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2011/09/10 10:32:12 | 000,039,560 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
[2011/09/10 10:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 3.0
[2011/09/10 10:31:16 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\fbnative.exe
[2011/09/10 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2011/09/09 21:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\MICROSOFT SECURITY CLIENT
[2011/09/09 09:05:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/09 09:05:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/09 09:05:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/09 09:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/09 08:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/09 08:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/07 12:30:13 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/09/07 10:08:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DriverCure
[2011/09/07 10:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/04 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\AVG2012
[2011/09/04 14:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/04 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ScummVM
[2011/09/04 11:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2011/09/04 11:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2011/09/03 09:20:01 | 000,218,624 | ---- | C] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/09/02 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\PCSX2
[2011/09/02 12:05:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\EMU Games
[2011/09/02 10:14:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/09/02 10:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2011/09/02 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\PCSX2 0.9.8
[2011/09/01 07:40:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/24 08:11:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2 C:\Users\Jason\Desktop\*.tmp files -> C:\Users\Jason\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/22 08:13:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/09/22 07:55:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/22 07:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/22 07:51:48 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 07:51:48 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 07:51:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/22 07:51:32 | 2682,810,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 07:51:25 | 002,303,708 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011/09/21 18:03:02 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jason.job
[2011/09/21 17:45:54 | 104,858,641 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/21 15:20:03 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/21 15:17:54 | 000,109,216 | ---- | M] () -- C:\Windows\System32\EasyHook64.dll
[2011/09/21 15:17:54 | 000,084,480 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
[2011/09/21 15:13:28 | 000,002,477 | ---- | M] () -- C:\Users\Public\Desktop\America's Army Deploy Client™.lnk
[2011/09/21 14:08:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2011/09/21 13:55:52 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/20 13:50:59 | 282,680,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/17 11:06:16 | 000,000,930 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/14 15:22:19 | 000,005,120 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 13:08:34 | 000,000,020 | ---- | M] () -- C:\Users\Jason\defogger_reenable
[2011/09/14 11:48:20 | 000,302,592 | ---- | M] () -- C:\Users\Jason\Desktop\gmer.exe
[2011/09/10 17:00:49 | 000,031,832 | ---- | M] () -- C:\Users\Jason\Desktop\Jason.bmp
[2011/09/10 17:00:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/10 13:42:04 | 000,382,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/10 10:32:11 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 3.0.lnk
[2011/09/09 21:11:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/09 21:09:27 | 000,001,040 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/09 17:41:56 | 000,438,110 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/09 16:24:42 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\EVGAPrecision.job
[2011/09/09 08:17:29 | 000,001,874 | ---- | M] () -- C:\Users\Jason\Desktop\HijackThis.lnk
[2011/09/03 09:20:01 | 000,218,624 | ---- | M] (Intel Corporation ) -- C:\Windows\System32\itnetw32.dll
[2011/09/02 16:42:35 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\0.job
[2011/09/02 16:27:50 | 000,000,000 | ---- | M] () -- C:\Users\Jason\Documents\BitTornado-0.3.18-w32install.exe
[2011/09/02 12:48:29 | 000,000,004 | -H-- | M] () -- C:\Users\Jason\AppData\Roaming\mlog
[2011/09/02 12:39:31 | 000,000,004 | -H-- | M] () -- C:\Users\Jason\AppData\Roaming\ylog
[2011/09/02 12:38:48 | 000,000,146 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\tlzsmv3rq.bat
[2011/09/02 10:14:12 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/28 10:49:08 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Users\Jason\Desktop\*.tmp files -> C:\Users\Jason\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 17:45:54 | 104,858,641 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/21 15:17:54 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011/09/21 15:17:54 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/09/21 14:08:26 | 000,002,477 | ---- | C] () -- C:\Users\Public\Desktop\America's Army Deploy Client™.lnk
[2011/09/15 08:15:20 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/14 13:08:23 | 000,000,020 | ---- | C] () -- C:\Users\Jason\defogger_reenable
[2011/09/14 11:57:34 | 2682,810,368 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/13 09:44:06 | 000,005,120 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/10 17:00:47 | 000,000,930 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/10 17:00:47 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/10 15:56:07 | 000,000,711 | ---- | C] () -- C:\Windows\System32\CPSOKBTasks.xml
[2011/09/10 10:32:12 | 000,043,656 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/09/10 10:32:11 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 3.0.lnk
[2011/09/10 09:23:44 | 000,031,832 | ---- | C] () -- C:\Users\Jason\Desktop\Jason.bmp
[2011/09/09 09:05:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/09 09:05:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/09 09:05:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/09 09:05:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/09 09:05:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/09 08:24:09 | 000,000,260 | ---- | C] () -- C:\Windows\tasks\EVGAPrecision.job
[2011/09/09 08:17:29 | 000,001,874 | ---- | C] () -- C:\Users\Jason\Desktop\HijackThis.lnk
[2011/09/09 08:11:24 | 000,001,040 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/07 12:34:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/02 16:42:35 | 000,000,216 | ---- | C] () -- C:\Windows\tasks\0.job
[2011/09/02 16:27:50 | 000,000,000 | ---- | C] () -- C:\Users\Jason\Documents\BitTornado-0.3.18-w32install.exe
[2011/09/02 12:41:03 | 000,000,004 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\mlog
[2011/09/02 12:39:31 | 000,000,004 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\ylog
[2011/09/02 12:38:48 | 000,000,146 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\tlzsmv3rq.bat
[2011/09/02 10:14:12 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/06 09:38:50 | 000,207,027 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/06/10 16:57:07 | 000,011,334 | -HS- | C] () -- C:\Users\Jason\AppData\Local\ga02ne8m6nu
[2011/06/10 16:57:07 | 000,011,334 | -HS- | C] () -- C:\ProgramData\ga02ne8m6nu
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/04/22 11:21:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/14 08:48:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/03/31 20:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010/03/26 09:17:56 | 000,000,249 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/26 08:20:00 | 000,000,016 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\jasltw.dat
[2009/12/13 11:54:59 | 000,005,876 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/11/12 20:57:01 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/10/21 11:25:33 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WKDOS.EXE
[2009/06/19 21:19:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/19 21:19:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/19 21:19:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/19 20:07:02 | 000,000,050 | ---- | C] () -- C:\Windows\System32\swkotor2.ini
[2009/05/11 17:17:32 | 000,083,216 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2009/05/07 17:40:13 | 000,157,542 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/05/07 17:40:13 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/05/07 17:05:34 | 000,157,534 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/05/07 10:56:04 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/06 16:03:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/06 16:02:45 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/06 15:18:03 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,382,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/07/21 15:50:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwXDS.dll
[2002/09/08 18:55:52 | 000,005,520 | ---- | C] () -- C:\Windows\System32\lsiprn.drv

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >

And the Extras text:

OTL Extras logfile created on: 9/22/2011 8:14:25 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jason\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 49.17% Memory free
5.21 Gb Paging File | 3.83 Gb Available in Paging File | 73.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 161.91 Gb Free Space | 34.76% Space Free | Partition Type: NTFS
Drive D: | 279.45 Gb Total Space | 197.92 Gb Free Space | 70.82% Space Free | Partition Type: NTFS
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2555256102-484019428-3655063643-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009BA5DF-4558-4CA2-BCE2-E80B3471DB50}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{05119D0F-D2A2-458D-AA66-85DDF9CA248A}" = rport=139 | protocol=6 | dir=out | app=system |
"{0AF693F6-E844-47CB-987C-34D745D5739D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0E87CE52-C521-4353-AD86-8F83EAF56712}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{159A3BF2-D9B1-43AC-A5D6-93C69BB885F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2F805987-92AF-433D-8C3E-192A714574F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C6E6563-3E15-455A-B42E-BCB28422439E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7908EEF9-E061-46A7-89C9-E609F5804832}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D9C27D4-9913-498B-98A9-EAFA760005FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE1493A-A858-416A-826E-1E7873ADB749}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3256B59-9216-470C-88B4-C47FDAD86625}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBDABA84-A293-4CBE-AA72-D32869DF70D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6F7ED0B-1721-4F23-AB89-22ED14B6D473}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECDCD618-D670-4846-B15A-5C62B5678BA7}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D42720-C353-48DC-949D-4AC18055DD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{04233C5F-3159-4942-9752-29EE4459EBF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0925EB30-0BA0-4716-A24A-1E0B7161F2E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{0A260F76-BB0D-43D5-8A0E-BE10A33931C4}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0B52A9AD-D81D-4BD5-A5AA-55DDEEC51C11}" = dir=in | app=support inrosettastoneltdservices.exe |
"{10D1AB8B-AA5E-4347-B467-BCC1DFEC1582}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{10DF169B-7B29-4A74-8F1A-6C7792AA18B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{1392FE36-6EDA-4FE7-BE6B-7403995DC30C}" = dir=in | app=rosettastoneversion3.exe |
"{1B5A8937-5384-4A1E-B39D-0B2FF95E9408}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{23FB9D34-4D6E-4327-81D8-97F31BA82386}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{266E3DE0-3FA5-4E50-B4E3-4DF33B41ED3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3714E280-99D0-4569-8816-6F62F771BA86}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{4B2F476D-92A4-4F28-8F4D-B397E589F0F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4EF042B9-4507-463F-9410-03DD64DF92D5}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ijjioptimizer.exe |
"{5378C5E4-8638-4DFF-BE9A-7362A8C8EBE3}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{5D78F770-D8C2-41D7-9B38-154004E5BA04}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{5E50F960-D08C-4D2A-B536-5F22046CDC8D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{60653672-4188-4814-8944-3E84A122A5D2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DC43CFE-5F9E-4DE8-BC78-12B0F76DBC9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6E798DBB-FBF4-4F6C-B573-663D3566D972}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{73A8243F-FCF8-41B8-A647-6C0AFAF33FDA}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{73EE18F2-6630-46B9-9482-D028AB0A89D9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{79EBF0EE-1215-432C-A7B0-8F47076F1E39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7A41024F-E386-49F1-AE87-45F324A0DDCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7EFD6B66-A9F8-4126-B942-9890344D320A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{817EC9FD-DDA0-4F2F-BCDB-585AC55EE0AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{85E1875D-B489-427B-B441-98511523E5D3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{862F13CD-11BF-4F1C-8C29-45792B355452}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C87025D-3ACA-45DF-94A4-C08C5CB4D651}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8CF758F8-10FA-4657-961E-45E2EB743592}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{97F41D45-A3A6-46BE-8B15-31072C9BB5AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9A49AF53-FE9B-42C6-A4D5-24F1D259A442}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9ECE5916-803E-4420-8BE9-249E873AE36B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A1DF2F3E-6F73-415B-B3E2-7D9CDA3E47A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A4B0575F-4A12-40DE-AC65-E68A1633DA07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A6C12401-BE4E-46B4-9B7A-30AB3D517401}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{AF6B597D-63B8-411E-A2E2-53E55B44E6EC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B2E8776F-36C3-46E9-A2E7-C63CBD69F9AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B6075BB8-A0B7-4D6B-B309-6F3CAAEB260B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BA6B1A32-A034-4459-A7F9-D813D187BF41}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BB8176BF-DD69-4203-B476-D873DE770E12}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BFCC4EEE-4C87-40FA-9960-20661128901E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C19E4094-FB74-46FA-B9A5-9D6A5EB1812C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C407D1E5-6E03-472A-BD50-24293E1C4ADA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D52C420D-03F7-4FEE-9FB2-CD7C14F53CFF}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ijjioptimizer.exe |
"{D7A3E118-10B2-4993-A784-A2A6E2003F74}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D80555CD-B496-4A86-AB9A-2014411470D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB600F80-4430-48EF-B306-125F15275A60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E6E823DA-51CE-463B-885B-910206D53157}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E8F05CB3-542B-465A-BFC2-31F59743FCB3}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{EDAE6E5E-5082-42FD-9DEE-E8C1C382451E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{EE3055E8-BAD5-424A-8895-875C9EE13C05}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F2E6FD90-9985-4F56-BA64-378E4C027BD1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F63D2348-37D6-4ED5-88F8-8093D1EC1B3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8BEEB52-A8A9-439F-8B3D-74B1FA4DA43C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FC829C5C-6893-4A0B-B553-D574DCCA3486}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{FD2BAFF3-AB80-4DBC-B32A-86DDF0A8C31A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{FE18C679-243A-4BD3-BC08-B9F1FFAF1373}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FE417AA5-0FD8-4185-A7F3-645EE908D669}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"TCP Query User{0EDC933E-55E7-42DC-9463-4CA5B7EEAD83}C:\program files\starwarsgalaxies\swgvoiceservice.exe" = protocol=6 | dir=in | app=c:\program files\starwarsgalaxies\swgvoiceservice.exe |
"TCP Query User{168147D1-5A61-4855-B829-6C4F741CD2E7}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{4124743B-9F7E-4EFB-8ABE-B387E4322D46}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{58248566-CCE1-431A-B719-48B2CE0C84A2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9ABED0FA-EA57-4BE0-B719-1E28E3B4884A}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{30C809F0-5D95-436F-8586-DB4EC23A51C1}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{6C52C583-D6C8-4575-8C90-A69C793E7B01}C:\program files\starwarsgalaxies\swgvoiceservice.exe" = protocol=17 | dir=in | app=c:\program files\starwarsgalaxies\swgvoiceservice.exe |
"UDP Query User{8BA21720-CD27-45F7-98D1-C20696BE78CF}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{BF9B7E8A-A432-46A8-ACB9-335D67F91BDC}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{D4A2E9FD-A4D7-496B-81DC-0C62D6951E8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2C045D2C-667D-4494-9684-E4B071C2C7FF}" = TurboTax 2010 wohiper
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47A85B97-AE27-4963-A839-9B454A7E73A7}" = Mad Catz Xbox PC Driver
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}" = Microsoft Math Add-in for Word 2007
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56839333-0802-40D6-9A50-EBB9EB2BF541}" = AVG 2012
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A1713E14-4A72-4DE1-B555-5354F710D51E}" = AVG 2012
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Any Video Converter_is1" = Any Video Converter 3.2.2
"A-PDF Password Security_is1" = A-PDF Password Security 2.4
"AVG" = AVG 2012
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Download Manager" = Download Manager 2.3.10
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Impulse" = Impulse
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"My Lockbox_is1" = My Lockbox 1.2 for Windows 2000/XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PeerGuardian_is1" = PeerGuardian 2.0
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.9.6
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Registry Clean Expert_is1" = Registry Clean Expert
"ScummVM_is1" = ScummVM 1.2.1
"Shop for HP Supplies" = Shop for HP Supplies
"Sins of a Solar Empire" = Sins of a Solar Empire
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"ST6UNST #1" = ProProfs CompTIA A+ Practice Exams
"Star Trek Online" = Star Trek Online
"Station Launcher" = Station Launcher
"Steam App 211" = Source SDK
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"The Rosetta Stone Classic" = The Rosetta Stone Classic
"ToolBox" = NCH Toolbox
"TurboTax 2010" = TurboTax 2010
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VISPRO" = Microsoft Office Visio Professional 2007
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2555256102-484019428-3655063643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Star Wars Galaxies" = Star Wars Galaxies

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'system_objects', because it does not exist
or you do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'extended_procedures', because it does not
exist or you do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'views', because it does not exist or you do
not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'tables', because it does not exist or you
do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'objects', because it does not exist or you
do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_sql_modules', because it does not exist
or you do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_parameters', because it does not exist
or you do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_columns', because it does not exist or
you do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_views', because it does not exist or you
do not have permission.

Error - 12/24/2010 3:23:51 PM | Computer Name = Jason-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_objects', because it does not exist or
you do not have permission.

[ Media Center Events ]
Error - 7/29/2009 5:59:07 PM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/1/2009 9:30:23 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/10/2009 6:37:56 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/16/2009 7:28:19 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/16/2009 7:28:22 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/16/2009 7:28:22 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/17/2009 7:06:53 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 8/20/2009 7:53:04 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 9/12/2009 9:58:15 AM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/2/2011 3:34:21 PM | Computer Name = Jason-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 9/21/2011 1:55:48 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/21/2011 1:55:48 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/21/2011 3:11:32 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:09:26 PM on 9/21/2011 was unexpected.

Error - 9/21/2011 3:11:57 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 9/21/2011 3:11:57 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/21/2011 3:11:58 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/21/2011 6:29:37 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/22/2011 7:52:08 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 9/22/2011 7:52:08 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/22/2011 7:52:08 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 22 September 2011 - 03:14 PM

Looks like you have run combofix. Please post me the log you'll find at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 23 September 2011 - 12:52 PM

Ok, I have tried 3 times to run ComboFix since yesturday without success. I saved the ComboFix.exe file to my desktop, and ran as admin. After 4 hours last night, the screen had the message that it was scanning and that it normaly takes 10 minutes. This morning I stated the scan again and left it for 3 hours. Still no farther than the scanning normaly takes 10 minutes. I ran it a 3rd time, this time from safe mode. After another 3 hours, I restarted my computer. Am I being impatient and stopping it too soon? Should it take hours for a scan to run? Or is there something I am (not doing) to cause the scan to seem to stall? I shut down AVG and then the computer is left by itself so nothing is clicked on-screen.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 23 September 2011 - 01:18 PM

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 23 September 2011 - 03:10 PM

Here are the TDSS Scan results:

15:54:13.0826 6060 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
15:54:14.0294 6060 ============================================================
15:54:14.0295 6060 Current date / time: 2011/09/23 15:54:14.0294
15:54:14.0295 6060 SystemInfo:
15:54:14.0295 6060
15:54:14.0295 6060 OS Version: 6.0.6002 ServicePack: 2.0
15:54:14.0295 6060 Product type: Workstation
15:54:14.0295 6060 ComputerName: JASON-PC
15:54:14.0295 6060 UserName: Jason
15:54:14.0295 6060 Windows directory: C:\Windows
15:54:14.0295 6060 System windows directory: C:\Windows
15:54:14.0295 6060 Processor architecture: Intel x86
15:54:14.0295 6060 Number of processors: 2
15:54:14.0295 6060 Page size: 0x1000
15:54:14.0295 6060 Boot type: Normal boot
15:54:14.0295 6060 ============================================================
15:54:16.0032 6060 Initialize success
15:54:19.0447 6020 ============================================================
15:54:19.0447 6020 Scan started
15:54:19.0447 6020 Mode: Manual;
15:54:19.0447 6020 ============================================================
15:54:22.0497 6020 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:54:22.0502 6020 ACPI - ok
15:54:22.0538 6020 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:54:22.0543 6020 adp94xx - ok
15:54:22.0567 6020 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:54:22.0572 6020 adpahci - ok
15:54:22.0592 6020 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:54:22.0594 6020 adpu160m - ok
15:54:22.0617 6020 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:54:22.0620 6020 adpu320 - ok
15:54:22.0670 6020 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:54:22.0674 6020 AFD - ok
15:54:22.0694 6020 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:54:22.0696 6020 agp440 - ok
15:54:22.0729 6020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:54:22.0731 6020 aic78xx - ok
15:54:22.0771 6020 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:54:22.0772 6020 aliide - ok
15:54:22.0804 6020 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:54:22.0806 6020 amdagp - ok
15:54:22.0826 6020 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:54:22.0828 6020 amdide - ok
15:54:22.0848 6020 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:54:22.0850 6020 AmdK7 - ok
15:54:22.0869 6020 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:54:22.0871 6020 AmdK8 - ok
15:54:22.0889 6020 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:54:22.0891 6020 arc - ok
15:54:22.0907 6020 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:54:22.0909 6020 arcsas - ok
15:54:22.0943 6020 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:22.0944 6020 AsyncMac - ok
15:54:22.0954 6020 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:54:22.0955 6020 atapi - ok
15:54:23.0022 6020 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:54:23.0035 6020 AVGIDSDriver - ok
15:54:23.0065 6020 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:54:23.0067 6020 AVGIDSEH - ok
15:54:23.0096 6020 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:54:23.0119 6020 AVGIDSFilter - ok
15:54:23.0150 6020 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
15:54:23.0152 6020 AVGIDSShim - ok
15:54:23.0188 6020 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
15:54:23.0257 6020 Avgldx86 - ok
15:54:23.0389 6020 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:54:23.0391 6020 Avgmfx86 - ok
15:54:23.0424 6020 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:54:23.0426 6020 Avgrkx86 - ok
15:54:23.0461 6020 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
15:54:23.0466 6020 Avgtdix - ok
15:54:23.0488 6020 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:54:23.0490 6020 Beep - ok
15:54:23.0551 6020 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:54:23.0553 6020 blbdrive - ok
15:54:23.0560 6020 BOHCI - ok
15:54:23.0610 6020 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:54:23.0614 6020 bowser - ok
15:54:23.0631 6020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:54:23.0634 6020 BrFiltLo - ok
15:54:23.0673 6020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:54:23.0675 6020 BrFiltUp - ok
15:54:23.0724 6020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:54:23.0727 6020 Brserid - ok
15:54:23.0776 6020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:54:23.0778 6020 BrSerWdm - ok
15:54:23.0810 6020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:54:23.0813 6020 BrUsbMdm - ok
15:54:23.0828 6020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:54:23.0830 6020 BrUsbSer - ok
15:54:23.0865 6020 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:54:23.0867 6020 BTHMODEM - ok
15:54:23.0879 6020 BUHCI - ok
15:54:23.0889 6020 BUSBD - ok
15:54:23.0920 6020 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\Windows\system32\Drivers\SPCA561.SYS
15:54:23.0923 6020 CA561 - ok
15:54:24.0040 6020 catchme - ok
15:54:24.0060 6020 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:54:24.0063 6020 cdfs - ok
15:54:24.0101 6020 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:54:24.0103 6020 cdrom - ok
15:54:24.0144 6020 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
15:54:24.0146 6020 circlass - ok
15:54:24.0170 6020 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:54:24.0174 6020 CLFS - ok
15:54:24.0219 6020 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:54:24.0221 6020 cmdide - ok
15:54:24.0265 6020 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:54:24.0267 6020 Compbatt - ok
15:54:24.0288 6020 cpuz130 - ok
15:54:24.0295 6020 cpuz132 - ok
15:54:24.0304 6020 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:54:24.0306 6020 crcdisk - ok
15:54:24.0337 6020 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:54:24.0340 6020 Crusoe - ok
15:54:24.0390 6020 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
15:54:24.0395 6020 CSC - ok
15:54:24.0440 6020 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:54:24.0443 6020 ctxusbm - ok
15:54:24.0489 6020 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:54:24.0492 6020 DfsC - ok
15:54:24.0539 6020 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:54:24.0540 6020 disk - ok
15:54:24.0588 6020 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:54:24.0590 6020 Dot4 - ok
15:54:24.0610 6020 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:54:24.0612 6020 Dot4Print - ok
15:54:24.0630 6020 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:54:24.0633 6020 dot4usb - ok
15:54:24.0684 6020 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:54:24.0686 6020 drmkaud - ok
15:54:24.0742 6020 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:54:24.0750 6020 DXGKrnl - ok
15:54:24.0771 6020 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:24.0774 6020 E1G60 - ok
15:54:24.0818 6020 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:54:24.0821 6020 Ecache - ok
15:54:24.0853 6020 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:54:24.0859 6020 elxstor - ok
15:54:24.0898 6020 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
15:54:24.0901 6020 ENTECH - ok
15:54:24.0918 6020 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:54:24.0920 6020 ErrDev - ok
15:54:24.0955 6020 EUBAKUP (79a7ece845ec968e1a7115051c618a22) C:\Windows\system32\drivers\eubakup.sys
15:54:24.0957 6020 EUBAKUP - ok
15:54:24.0973 6020 EUBKMON (137af232e21e1be834e4093e14c12d0b) C:\Windows\system32\drivers\EUBKMON.sys
15:54:24.0975 6020 EUBKMON - ok
15:54:25.0018 6020 EUDSKACS (75e08418e0b515fd828b74a8f1928cc2) C:\Windows\system32\drivers\eudskacs.sys
15:54:25.0020 6020 EUDSKACS - ok
15:54:25.0070 6020 EUFDDISK (f158f55282737d0c9d34504940db0550) C:\Windows\system32\drivers\EuFdDisk.sys
15:54:25.0073 6020 EUFDDISK - ok
15:54:25.0121 6020 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:54:25.0124 6020 exfat - ok
15:54:25.0181 6020 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:54:25.0184 6020 fastfat - ok
15:54:25.0205 6020 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:54:25.0207 6020 fdc - ok
15:54:25.0228 6020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:54:25.0230 6020 FileInfo - ok
15:54:25.0250 6020 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:54:25.0251 6020 Filetrace - ok
15:54:25.0270 6020 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:25.0272 6020 flpydisk - ok
15:54:25.0295 6020 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:54:25.0299 6020 FltMgr - ok
15:54:25.0322 6020 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:54:25.0323 6020 Fs_Rec - ok
15:54:25.0344 6020 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
15:54:25.0346 6020 fvevol - ok
15:54:25.0364 6020 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:54:25.0367 6020 gagp30kx - ok
15:54:25.0408 6020 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\Windows\system32\DRIVERS\hcwPP2.sys
15:54:25.0412 6020 hcwPP2 - ok
15:54:25.0439 6020 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:54:25.0443 6020 HdAudAddService - ok
15:54:25.0491 6020 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:25.0498 6020 HDAudBus - ok
15:54:25.0527 6020 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:54:25.0529 6020 HidBth - ok
15:54:25.0550 6020 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
15:54:25.0552 6020 HidIr - ok
15:54:25.0582 6020 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:54:25.0584 6020 HidUsb - ok
15:54:25.0606 6020 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:54:25.0608 6020 HpCISSs - ok
15:54:25.0653 6020 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:54:25.0659 6020 HTTP - ok
15:54:25.0674 6020 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:54:25.0676 6020 i2omp - ok
15:54:25.0701 6020 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:25.0703 6020 i8042prt - ok
15:54:25.0733 6020 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:54:25.0737 6020 iaStorV - ok
15:54:25.0758 6020 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:54:25.0761 6020 iirsp - ok
15:54:25.0821 6020 IntcAzAudAddService (2f8eae7d84ed905ffd19ed93bdaafe51) C:\Windows\system32\drivers\RTKVHDA.sys
15:54:25.0879 6020 IntcAzAudAddService - ok
15:54:25.0898 6020 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:54:25.0901 6020 intelide - ok
15:54:25.0919 6020 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:54:25.0921 6020 intelppm - ok
15:54:25.0939 6020 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:25.0941 6020 IpFilterDriver - ok
15:54:25.0950 6020 IpInIp - ok
15:54:25.0984 6020 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:54:25.0986 6020 IPMIDRV - ok
15:54:26.0006 6020 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:54:26.0008 6020 IPNAT - ok
15:54:26.0028 6020 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:54:26.0030 6020 IRENUM - ok
15:54:26.0054 6020 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:54:26.0056 6020 isapnp - ok
15:54:26.0095 6020 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:26.0098 6020 iScsiPrt - ok
15:54:26.0118 6020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:54:26.0121 6020 iteatapi - ok
15:54:26.0135 6020 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:54:26.0136 6020 iteraid - ok
15:54:26.0152 6020 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:26.0155 6020 kbdclass - ok
15:54:26.0203 6020 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:54:26.0204 6020 kbdhid - ok
15:54:26.0229 6020 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:54:26.0236 6020 KSecDD - ok
15:54:26.0277 6020 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:54:26.0306 6020 LHidFilt - ok
15:54:26.0344 6020 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:54:26.0346 6020 lltdio - ok
15:54:26.0374 6020 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:54:26.0376 6020 LMouFilt - ok
15:54:26.0401 6020 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:54:26.0404 6020 LSI_FC - ok
15:54:26.0426 6020 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:54:26.0429 6020 LSI_SAS - ok
15:54:26.0453 6020 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:54:26.0455 6020 LSI_SCSI - ok
15:54:26.0466 6020 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:54:26.0469 6020 luafv - ok
15:54:26.0509 6020 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:54:26.0511 6020 megasas - ok
15:54:26.0535 6020 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:54:26.0541 6020 MegaSR - ok
15:54:26.0560 6020 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:54:26.0562 6020 Modem - ok
15:54:26.0597 6020 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:54:26.0599 6020 monitor - ok
15:54:26.0636 6020 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
15:54:26.0638 6020 motccgp - ok
15:54:26.0682 6020 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
15:54:26.0684 6020 motccgpfl - ok
15:54:26.0724 6020 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\Windows\system32\DRIVERS\motodrv.sys
15:54:26.0726 6020 MotDev - ok
15:54:26.0773 6020 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
15:54:26.0775 6020 motmodem - ok
15:54:26.0806 6020 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motport.sys
15:54:26.0808 6020 motport - ok
15:54:26.0836 6020 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:54:26.0838 6020 mouclass - ok
15:54:26.0846 6020 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:54:26.0847 6020 mouhid - ok
15:54:26.0857 6020 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:54:26.0859 6020 MountMgr - ok
15:54:26.0900 6020 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:54:26.0903 6020 mpio - ok
15:54:26.0978 6020 MpKsl10caf528 - ok
15:54:26.0984 6020 MpKsl7bf2621e - ok
15:54:26.0987 6020 MpKsl7c741d22 - ok
15:54:27.0013 6020 MPRIFL (a252adb815e5186382d79e19dd7a486b) C:\Windows\system32\DRIVERS\MPRIFL.SYS
15:54:27.0015 6020 MPRIFL - ok
15:54:27.0032 6020 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:54:27.0034 6020 mpsdrv - ok
15:54:27.0049 6020 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:54:27.0051 6020 Mraid35x - ok
15:54:27.0073 6020 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:54:27.0075 6020 MRxDAV - ok
15:54:27.0188 6020 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:27.0191 6020 mrxsmb - ok
15:54:27.0316 6020 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:27.0359 6020 mrxsmb10 - ok
15:54:27.0425 6020 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:27.0427 6020 mrxsmb20 - ok
15:54:27.0469 6020 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:54:27.0500 6020 msahci - ok
15:54:27.0552 6020 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:54:27.0566 6020 msdsm - ok
15:54:27.0661 6020 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:54:27.0663 6020 Msfs - ok
15:54:27.0731 6020 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:54:27.0733 6020 msisadrv - ok
15:54:27.0795 6020 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:54:27.0811 6020 MSKSSRV - ok
15:54:27.0875 6020 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:27.0888 6020 MSPCLOCK - ok
15:54:27.0907 6020 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:54:27.0908 6020 MSPQM - ok
15:54:27.0970 6020 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:54:27.0973 6020 MsRPC - ok
15:54:27.0988 6020 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:27.0991 6020 mssmbios - ok
15:54:28.0022 6020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:54:28.0024 6020 MSTEE - ok
15:54:28.0035 6020 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:54:28.0036 6020 Mup - ok
15:54:28.0080 6020 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:54:28.0083 6020 NativeWifiP - ok
15:54:28.0123 6020 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:54:28.0130 6020 NDIS - ok
15:54:28.0149 6020 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:28.0152 6020 NdisTapi - ok
15:54:28.0171 6020 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:28.0173 6020 Ndisuio - ok
15:54:28.0223 6020 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:28.0229 6020 NdisWan - ok
15:54:28.0261 6020 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:54:28.0263 6020 NDProxy - ok
15:54:28.0273 6020 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:54:28.0274 6020 NetBIOS - ok
15:54:28.0333 6020 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:54:28.0337 6020 netbt - ok
15:54:28.0361 6020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:54:28.0470 6020 nfrd960 - ok
15:54:28.0493 6020 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:54:28.0494 6020 Npfs - ok
15:54:28.0516 6020 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:54:28.0518 6020 nsiproxy - ok
15:54:28.0569 6020 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:54:28.0593 6020 Ntfs - ok
15:54:28.0617 6020 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:54:28.0619 6020 ntrigdigi - ok
15:54:28.0651 6020 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:54:28.0653 6020 Null - ok
15:54:28.0697 6020 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
15:54:28.0702 6020 NVENETFD - ok
15:54:28.0927 6020 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:54:29.0104 6020 nvlddmkm - ok
15:54:29.0132 6020 NVNET55 (52235eb6943c62d56d7b5d3463d75f0c) C:\Windows\system32\DRIVERS\nvmimx32.sys
15:54:29.0137 6020 NVNET55 - ok
15:54:29.0165 6020 NVR0Dev (9ce1b0e5cfa8223cec3be1c7616e9f63) C:\Windows\nvoclock.sys
15:54:29.0167 6020 NVR0Dev - ok
15:54:29.0203 6020 NVR0FLASHDev (a73f918ec995dddbfb0d0cf1f546089a) C:\Windows\nvflash.sys
15:54:29.0205 6020 NVR0FLASHDev - ok
15:54:29.0226 6020 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:54:29.0229 6020 nvraid - ok
15:54:29.0254 6020 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:54:29.0273 6020 nvstor - ok
15:54:29.0356 6020 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
15:54:29.0357 6020 nvstor32 - ok
15:54:29.0450 6020 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:54:29.0476 6020 nv_agp - ok
15:54:29.0513 6020 NwlnkFlt - ok
15:54:29.0572 6020 NwlnkFwd - ok
15:54:29.0702 6020 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:29.0725 6020 ohci1394 - ok
15:54:29.0805 6020 P2k - ok
15:54:29.0885 6020 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:54:29.0911 6020 Parport - ok
15:54:30.0032 6020 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:54:30.0048 6020 partmgr - ok
15:54:30.0091 6020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:54:30.0107 6020 Parvdm - ok
15:54:30.0279 6020 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:54:30.0310 6020 pci - ok
15:54:30.0381 6020 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:54:30.0387 6020 pciide - ok
15:54:30.0479 6020 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:54:30.0508 6020 pcmcia - ok
15:54:30.0672 6020 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:54:30.0779 6020 PEAUTH - ok
15:54:30.0948 6020 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
15:54:30.0960 6020 pgfilter - ok
15:54:31.0072 6020 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:54:31.0075 6020 PptpMiniport - ok
15:54:31.0161 6020 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:54:31.0175 6020 Processor - ok
15:54:31.0274 6020 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:54:31.0276 6020 PSched - ok
15:54:31.0514 6020 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:54:31.0712 6020 ql2300 - ok
15:54:31.0803 6020 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:54:31.0807 6020 ql40xx - ok
15:54:31.0919 6020 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:54:31.0920 6020 QWAVEdrv - ok
15:54:31.0970 6020 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:54:31.0977 6020 RasAcd - ok
15:54:32.0014 6020 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:54:32.0038 6020 Rasl2tp - ok
15:54:32.0133 6020 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:54:32.0145 6020 RasPppoe - ok
15:54:32.0228 6020 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:54:32.0232 6020 RasSstp - ok
15:54:32.0308 6020 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:54:32.0327 6020 rdbss - ok
15:54:32.0389 6020 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:54:32.0397 6020 RDPCDD - ok
15:54:32.0538 6020 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
15:54:32.0581 6020 rdpdr - ok
15:54:32.0699 6020 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:54:32.0720 6020 RDPENCDD - ok
15:54:32.0861 6020 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:54:32.0883 6020 RDPWD - ok
15:54:32.0941 6020 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
15:54:32.0945 6020 RsFx0103 - ok
15:54:32.0989 6020 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:54:32.0991 6020 rspndr - ok
15:54:33.0064 6020 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
15:54:33.0066 6020 RTCore32 - ok
15:54:33.0085 6020 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:54:33.0088 6020 sbp2port - ok
15:54:33.0138 6020 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
15:54:33.0141 6020 SCDEmu - ok
15:54:33.0199 6020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:54:33.0201 6020 secdrv - ok
15:54:33.0235 6020 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:54:33.0237 6020 Serenum - ok
15:54:33.0272 6020 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:54:33.0274 6020 Serial - ok
15:54:33.0302 6020 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:54:33.0304 6020 sermouse - ok
15:54:33.0338 6020 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:54:33.0340 6020 sffdisk - ok
15:54:33.0357 6020 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:54:33.0359 6020 sffp_mmc - ok
15:54:33.0376 6020 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:54:33.0378 6020 sffp_sd - ok
15:54:33.0395 6020 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:54:33.0397 6020 sfloppy - ok
15:54:33.0453 6020 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:54:33.0455 6020 sisagp - ok
15:54:33.0487 6020 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:54:33.0489 6020 SiSRaid2 - ok
15:54:33.0512 6020 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:54:33.0515 6020 SiSRaid4 - ok
15:54:33.0558 6020 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:54:33.0561 6020 Smb - ok
15:54:33.0596 6020 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:54:33.0598 6020 spldr - ok
15:54:33.0663 6020 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
15:54:33.0671 6020 sptd - ok
15:54:33.0762 6020 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:54:33.0767 6020 srv - ok
15:54:33.0802 6020 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:54:33.0825 6020 srv2 - ok
15:54:33.0875 6020 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:54:33.0891 6020 srvnet - ok
15:54:33.0939 6020 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
15:54:33.0960 6020 StarOpen - ok
15:54:33.0991 6020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:54:33.0993 6020 swenum - ok
15:54:34.0012 6020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:54:34.0014 6020 Symc8xx - ok
15:54:34.0029 6020 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:54:34.0031 6020 Sym_hi - ok
15:54:34.0040 6020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:54:34.0042 6020 Sym_u3 - ok
15:54:34.0113 6020 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
15:54:34.0123 6020 Tcpip - ok
15:54:34.0143 6020 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
15:54:34.0147 6020 Tcpip6 - ok
15:54:34.0171 6020 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
15:54:34.0173 6020 tcpipreg - ok
15:54:34.0193 6020 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:54:34.0195 6020 TDPIPE - ok
15:54:34.0215 6020 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:54:34.0217 6020 TDTCP - ok
15:54:34.0249 6020 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:54:34.0251 6020 tdx - ok
15:54:34.0285 6020 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:54:34.0287 6020 TermDD - ok
15:54:34.0353 6020 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:54:34.0355 6020 tssecsrv - ok
15:54:34.0377 6020 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:54:34.0378 6020 tunmp - ok
15:54:34.0414 6020 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:54:34.0416 6020 tunnel - ok
15:54:34.0424 6020 uabjs - ok
15:54:34.0444 6020 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:54:34.0447 6020 uagp35 - ok
15:54:34.0487 6020 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:54:34.0491 6020 udfs - ok
15:54:34.0518 6020 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:54:34.0520 6020 uliagpkx - ok
15:54:34.0540 6020 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:54:34.0546 6020 uliahci - ok
15:54:34.0561 6020 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:54:34.0564 6020 UlSata - ok
15:54:34.0580 6020 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:54:34.0583 6020 ulsata2 - ok
15:54:34.0608 6020 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:54:34.0610 6020 umbus - ok
15:54:34.0650 6020 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
15:54:34.0653 6020 usbbus - ok
15:54:34.0714 6020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:54:34.0717 6020 usbccgp - ok
15:54:34.0744 6020 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
15:54:34.0747 6020 usbcir - ok
15:54:34.0790 6020 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
15:54:34.0792 6020 UsbDiag - ok
15:54:34.0827 6020 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:54:34.0829 6020 usbehci - ok
15:54:34.0864 6020 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:54:34.0868 6020 usbhub - ok
15:54:34.0899 6020 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
15:54:34.0901 6020 USBModem - ok
15:54:34.0936 6020 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
15:54:34.0938 6020 usbohci - ok
15:54:34.0957 6020 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:54:34.0959 6020 usbprint - ok
15:54:34.0988 6020 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:54:34.0990 6020 usbscan - ok
15:54:35.0015 6020 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:54:35.0016 6020 USBSTOR - ok
15:54:35.0060 6020 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:54:35.0062 6020 usbuhci - ok
15:54:35.0124 6020 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:54:35.0126 6020 vga - ok
15:54:35.0148 6020 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:54:35.0150 6020 VgaSave - ok
15:54:35.0174 6020 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:54:35.0177 6020 viaagp - ok
15:54:35.0195 6020 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:54:35.0198 6020 ViaC7 - ok
15:54:35.0217 6020 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:54:35.0219 6020 viaide - ok
15:54:35.0229 6020 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:54:35.0231 6020 volmgr - ok
15:54:35.0271 6020 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:54:35.0275 6020 volmgrx - ok
15:54:35.0303 6020 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:54:35.0307 6020 volsnap - ok
15:54:35.0348 6020 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:54:35.0351 6020 vsmraid - ok
15:54:35.0380 6020 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:54:35.0382 6020 WacomPen - ok
15:54:35.0411 6020 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:54:35.0413 6020 Wanarp - ok
15:54:35.0416 6020 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:54:35.0417 6020 Wanarpv6 - ok
15:54:35.0430 6020 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:54:35.0431 6020 Wd - ok
15:54:35.0447 6020 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:54:35.0455 6020 Wdf01000 - ok
15:54:35.0504 6020 WIBUKEY (09ebc00530cc3493df55219d0da5e03a) C:\Windows\system32\DRIVERS\Wibukey.sys
15:54:35.0507 6020 WIBUKEY - ok
15:54:35.0539 6020 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:54:35.0541 6020 WmiAcpi - ok
15:54:35.0591 6020 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:54:35.0593 6020 ws2ifsl - ok
15:54:35.0625 6020 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:54:35.0629 6020 WUDFRd - ok
15:54:35.0655 6020 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
15:54:35.0663 6020 xnacc - ok
15:54:35.0704 6020 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
15:54:35.0707 6020 xusb21 - ok
15:54:35.0719 6020 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:54:35.0726 6020 \Device\Harddisk0\DR0 - ok
15:54:35.0742 6020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:54:35.0884 6020 \Device\Harddisk1\DR1 - ok
15:54:35.0886 6020 Boot (0x1200) (e9225e19289cc02f3475eaea8a1522f3) \Device\Harddisk0\DR0\Partition0
15:54:35.0887 6020 \Device\Harddisk0\DR0\Partition0 - ok
15:54:35.0888 6020 Boot (0x1200) (75366c390b4b72ccadb13126bbd634af) \Device\Harddisk1\DR1\Partition0
15:54:35.0889 6020 \Device\Harddisk1\DR1\Partition0 - ok
15:54:35.0890 6020 ============================================================
15:54:35.0890 6020 Scan finished
15:54:35.0890 6020 ============================================================
15:54:35.0895 5268 Detected object count: 0
15:54:35.0895 5268 Actual detected object count: 0

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 23 September 2011 - 04:16 PM

Please launch Malwarebytes antimalware, update it and run a quick scan. Post the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 September 2011 - 08:33 AM

I ran Malwarebytes. Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7789

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/24/2011 9:24:10 AM
mbam-log-2011-09-24 (09-24-06).txt

Scan type: Quick scan
Objects scanned: 230579
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> No action taken.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 24 September 2011 - 10:09 AM

Hi again,

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :services
    svchost
    
    :files
    C:\Windows\system\svchost.exe
    
    :commands
    [emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

After the reboot, try to rerun Combofix.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 69Ironhead

69Ironhead
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 September 2011 - 07:03 PM

Here is the log from OTL with the additional script. ComboFix still just sits there with the Scanning files screen.

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named svchost was found to stop!
Service\Driver key svchost not found.
========== FILES ==========
C:\Windows\system\svchost.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1921524 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 291 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4369 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09242011_152517

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 25 September 2011 - 01:47 AM

Please rerun GMER. Uncheck all boxes in the right panel except for Services. Run a scan and post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users