Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: c0000135 {Unable To Locate Component} ... consrv was not found (Farbar Log Included)


  • This topic is locked This topic is locked
19 replies to this topic

#1 iFroggy

iFroggy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 December 2011 - 01:35 AM

Hello,

I was hit by some sort of bad ad today. Long story short, after a variety of steps, I thought I had it under control. Computer was working fine and then Microsoft Security Essentials said it had to reboot to finish a removal. I let it do so and now, Windows won't boot, even in Safe Mode. Turned off the automatic reboot so I was able to read the error:

STOP: c0000135 {Unable To Locate Component}
This application has failed to start because consrv was not found. Re-installing the application may fix this problem.

I did some Google searching and found that people here posted with similar errors and they had all been asked to post a Farbar log. So, to save time, I went ahead and did that and it is attached to this message.

I really appreciate the service that you provide here. Thank you for your time, consideration and any assistance.

Sincerely,

Patrick

Attached Files

  • Attached File  FRST.txt   34.03KB   29 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 06 December 2011 - 04:43 PM

Hello Patrick,

Welcome to this forum.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    AppInit_DLLs:  
    SubSystems: [Windows] ==> ZeroAccess
    1 ahxfyopx; \??\C:\Windows\system32\drivers\ahxfyopx.sys [x]
    1 ddbswlit; \??\C:\Windows\system32\drivers\ddbswlit.sys [x]
    1 nkmzmfsj; \??\C:\Windows\system32\drivers\nkmzmfsj.sys [x]
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\Users\Patrick O'Keefe\Local Settings\Application Data\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\Users\Patrick O'Keefe\Local Settings\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\Users\Patrick O'Keefe\AppData\Local\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\Users\All Users\Application Data\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\Users\All Users\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:56 - 0004674 __ASH C:\ProgramData\6m87wd2e03u886
    2011-12-04 16:40 - 2011-12-04 16:40 - 0297984 ____A (Microsoft Corporation) C:\Users\Patrick O'Keefe\Local Settings\uyq.exe
    2011-12-04 16:40 - 2011-12-04 16:40 - 0297984 ____A (Microsoft Corporation) C:\Users\Patrick O'Keefe\Local Settings\Application Data\uyq.exe
    2011-12-04 16:40 - 2011-12-04 16:40 - 0297984 ____A (Microsoft Corporation) C:\Users\Patrick O'Keefe\AppData\Local\uyq.exe
    c:\Windows\system32\consrv.dll
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart the computer and let it boot normally.
  • Please download unhide.exe to your desktop and run it.
  • Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#3 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 December 2011 - 11:31 PM

Hello farbar,

Thank you for the quick reply and welcome. I really appreciate it.

I have completed the steps that you outlined. The computer booted and I ran both unhide.exe and Malwarebytes. Here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8326

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/6/2011 11:09:28 PM
mbam-log-2011-12-06 (23-09-28).txt

Scan type: Quick scan
Objects scanned: 185411
Time elapsed: 29 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
I should add one note, as well: after Malwarebytes had completed the removal, but before I could hit "restart," Microsoft Security Essentials popped up and said that it had detected two threats. I intended to ignore it, so I just clicked "Show Details," and not "Clean Computer," so I could copy down what it said to post here, but it then said that it had cleaned the threats up and turned back to green.

When the computer came back on, I opened Microsoft Security Essentials and looked at the History tab. Here are the last three listings:

Backdoor:Win32/Kelihos.B 
Alert Level: Severe
Date: 12/6/2011 11:10 PM
Action taken: Removed

TrojanDownloader:Win32/Waledac.C
Alert Level: Severe
Date: 12/6/2011 11:10 PM
Action taken: Removed

Trojan:Win32/Alureon.TK
Alert Level: Severe
Date: 12/6/2011 7:47 PM
Action taken: Allowed
From December 4 through December 6, there are multiple mentions of Trojan:Win64/Sirefef.J, Trojan:Win32/Alureon.TK and Program:Win32/CoinMiner and a single mention of both Rogue:Win32/Defmid and Trojan:Win64/Sirefef.B. All are labeled removed.

Thank you for your time and assistance.

Sincerely,

Patrick

Edited by iFroggy, 06 December 2011 - 11:57 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 01:39 AM

Great. :thumbup2:

We have taken care of the main infection and will clean them all.

  • Please copy and paste the Fix.log from step 1.
  • Run Command Prompt as administrator:
    • Click on Start button.
    • Type Cmd in the Start Search text box.
    • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
    • Type the following in the command window and press Enter: netsh winsock reset
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#5 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 10:42 AM

Hello farbar,

Thank you for the quick reply. I apologize for omitting the Farbar Fixlog from my previous post. Here it is:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-06 19:44:25 R:1
Running from K:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Value was restored.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ahxfyopx service deleted successfully.
ddbswlit service deleted successfully.
nkmzmfsj service deleted successfully.
C:\Users\Patrick O'Keefe\Local Settings\Application Data\6m87wd2e03u886 moved successfully.
C:\Users\Patrick O'Keefe\Local Settings\6m87wd2e03u886 not found.
C:\Users\Patrick O'Keefe\AppData\Local\6m87wd2e03u886 not found.
C:\Users\All Users\Application Data\6m87wd2e03u886 moved successfully.
C:\Users\All Users\6m87wd2e03u886 not found.
C:\ProgramData\6m87wd2e03u886 not found.
C:\Users\Patrick O'Keefe\Local Settings\uyq.exe moved successfully.
C:\Users\Patrick O'Keefe\Local Settings\Application Data\uyq.exe not found.
C:\Users\Patrick O'Keefe\AppData\Local\uyq.exe not found.
C:\Windows\system32\consrv.dll not found.

==== End of Fixlog ====
I ran netsh winsock reset and the command prompt said that the computer had to be restarted in order for the reset to complete. I did so.

I then ran TDSSKiller. It ran for 33 seconds and processed 253 objects. It found no threats. Here is the report that it generated:

10:37:48.0555 2228	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
10:37:48.0680 2228	============================================================
10:37:48.0680 2228	Current date / time: 2011/12/07 10:37:48.0680
10:37:48.0680 2228	SystemInfo:
10:37:48.0680 2228	
10:37:48.0680 2228	OS Version: 6.0.6002 ServicePack: 2.0
10:37:48.0680 2228	Product type: Workstation
10:37:48.0680 2228	ComputerName: PATRICKDESKTOP
10:37:48.0680 2228	UserName: Patrick O'Keefe
10:37:48.0680 2228	Windows directory: C:\Windows
10:37:48.0680 2228	System windows directory: C:\Windows
10:37:48.0680 2228	Running under WOW64
10:37:48.0680 2228	Processor architecture: Intel x64
10:37:48.0680 2228	Number of processors: 4
10:37:48.0680 2228	Page size: 0x1000
10:37:48.0680 2228	Boot type: Normal boot
10:37:48.0680 2228	============================================================
10:37:49.0538 2228	Initialize success
10:37:55.0482 2756	============================================================
10:37:55.0482 2756	Scan started
10:37:55.0482 2756	Mode: Manual; 
10:37:55.0482 2756	============================================================
10:37:57.0042 2756	61883           (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
10:37:57.0073 2756	61883 - ok
10:37:57.0416 2756	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:37:57.0432 2756	ACPI - ok
10:37:57.0557 2756	adp94xx         (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
10:37:57.0619 2756	adp94xx - ok
10:37:57.0681 2756	adpahci         (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
10:37:57.0697 2756	adpahci - ok
10:37:57.0744 2756	adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
10:37:57.0791 2756	adpu160m - ok
10:37:57.0822 2756	adpu320         (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
10:37:57.0837 2756	adpu320 - ok
10:37:58.0040 2756	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
10:37:58.0149 2756	AFD - ok
10:37:58.0196 2756	agp440          (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
10:37:58.0227 2756	agp440 - ok
10:37:58.0290 2756	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:37:58.0337 2756	aic78xx - ok
10:37:58.0368 2756	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:37:58.0399 2756	aliide - ok
10:37:58.0415 2756	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:37:58.0415 2756	amdide - ok
10:37:58.0446 2756	AmdK8           (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
10:37:58.0461 2756	AmdK8 - ok
10:37:58.0508 2756	arc             (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
10:37:58.0539 2756	arc - ok
10:37:58.0633 2756	arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
10:37:58.0680 2756	arcsas - ok
10:37:58.0805 2756	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:58.0805 2756	AsyncMac - ok
10:37:58.0836 2756	atapi           (df96cf8885724430024b7522e5c95722) C:\Windows\system32\drivers\atapi.sys
10:37:58.0851 2756	atapi - ok
10:37:59.0179 2756	Avc             (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
10:37:59.0226 2756	Avc - ok
10:37:59.0241 2756	AVCSTRM         (044320c8073293e02d000671e1e7a592) C:\Windows\system32\DRIVERS\avcstrm.sys
10:37:59.0273 2756	AVCSTRM - ok
10:37:59.0335 2756	blbdrive - ok
10:37:59.0413 2756	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:37:59.0444 2756	bowser - ok
10:37:59.0460 2756	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:37:59.0507 2756	BrFiltLo - ok
10:37:59.0522 2756	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:37:59.0538 2756	BrFiltUp - ok
10:37:59.0585 2756	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:37:59.0616 2756	Brserid - ok
10:37:59.0647 2756	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:37:59.0678 2756	BrSerWdm - ok
10:37:59.0709 2756	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:37:59.0741 2756	BrUsbMdm - ok
10:37:59.0741 2756	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:37:59.0756 2756	BrUsbSer - ok
10:37:59.0787 2756	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:37:59.0803 2756	BTHMODEM - ok
10:37:59.0850 2756	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:37:59.0865 2756	cdfs - ok
10:37:59.0912 2756	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:37:59.0928 2756	cdrom - ok
10:37:59.0975 2756	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:37:59.0990 2756	circlass - ok
10:38:00.0053 2756	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:38:00.0099 2756	CLFS - ok
10:38:00.0224 2756	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:38:00.0240 2756	cmdide - ok
10:38:00.0271 2756	Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
10:38:00.0287 2756	Compbatt - ok
10:38:00.0302 2756	crcdisk         (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
10:38:00.0318 2756	crcdisk - ok
10:38:00.0380 2756	CrystalSysInfo - ok
10:38:01.0004 2756	CSC             (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
10:38:01.0035 2756	CSC - ok
10:38:01.0113 2756	CT20XUT         (04efe53395fae2c0ad519a15a3b0d279) C:\Windows\system32\drivers\CT20XUT.SYS
10:38:01.0129 2756	CT20XUT - ok
10:38:01.0207 2756	CT20XUT.DLL - ok
10:38:01.0394 2756	CT20XUT.SYS     (04efe53395fae2c0ad519a15a3b0d279) C:\Windows\System32\drivers\CT20XUT.SYS
10:38:01.0394 2756	CT20XUT.SYS - ok
10:38:01.0956 2756	ctac32k         (6744f121f14408d0cedcc3f3a40c68d7) C:\Windows\system32\drivers\ctac32k.sys
10:38:01.0971 2756	ctac32k - ok
10:38:02.0237 2756	ctaud2k         (b37c29a77a668165b7ad38cf7062b915) C:\Windows\system32\drivers\ctaud2k.sys
10:38:02.0252 2756	ctaud2k - ok
10:38:02.0611 2756	CTEXFIFX        (abac463980840c77b2fc68eb76a7d72b) C:\Windows\system32\drivers\CTEXFIFX.SYS
10:38:02.0627 2756	CTEXFIFX - ok
10:38:02.0689 2756	CTEXFIFX.DLL - ok
10:38:02.0876 2756	CTEXFIFX.SYS    (abac463980840c77b2fc68eb76a7d72b) C:\Windows\System32\drivers\CTEXFIFX.SYS
10:38:02.0892 2756	CTEXFIFX.SYS - ok
10:38:03.0110 2756	CTHWIUT         (5561cdf6f943777d704c667ecd30448e) C:\Windows\system32\drivers\CTHWIUT.SYS
10:38:03.0126 2756	CTHWIUT - ok
10:38:03.0157 2756	CTHWIUT.DLL - ok
10:38:03.0173 2756	CTHWIUT.SYS     (5561cdf6f943777d704c667ecd30448e) C:\Windows\System32\drivers\CTHWIUT.SYS
10:38:03.0173 2756	CTHWIUT.SYS - ok
10:38:03.0251 2756	ctprxy2k        (f970d959a9261b6cb196da82ad75cffd) C:\Windows\system32\drivers\ctprxy2k.sys
10:38:03.0251 2756	ctprxy2k - ok
10:38:03.0453 2756	ctsfm2k         (dbc60ff183fdf088e35de5047fe0f303) C:\Windows\system32\drivers\ctsfm2k.sys
10:38:03.0453 2756	ctsfm2k - ok
10:38:03.0594 2756	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:38:03.0625 2756	DfsC - ok
10:38:03.0719 2756	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:38:03.0734 2756	disk - ok
10:38:03.0812 2756	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:38:03.0843 2756	drmkaud - ok
10:38:04.0280 2756	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:38:04.0280 2756	DXGKrnl - ok
10:38:04.0452 2756	e1express       (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
10:38:04.0452 2756	e1express - ok
10:38:04.0655 2756	E1G60           (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:38:04.0701 2756	E1G60 - ok
10:38:04.0857 2756	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:38:04.0920 2756	Ecache - ok
10:38:05.0045 2756	elxstor         (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
10:38:05.0076 2756	elxstor - ok
10:38:05.0123 2756	emupia          (9c4829b7f5d2b8648c9535f258c7c56c) C:\Windows\system32\drivers\emupia2k.sys
10:38:05.0123 2756	emupia - ok
10:38:05.0247 2756	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:38:05.0279 2756	exfat - ok
10:38:05.0357 2756	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:38:05.0403 2756	fastfat - ok
10:38:05.0435 2756	fdc             (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
10:38:05.0466 2756	fdc - ok
10:38:05.0513 2756	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:38:05.0528 2756	FileInfo - ok
10:38:05.0559 2756	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:38:05.0575 2756	Filetrace - ok
10:38:05.0637 2756	flpydisk        (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:05.0669 2756	flpydisk - ok
10:38:05.0731 2756	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:38:05.0731 2756	FltMgr - ok
10:38:05.0778 2756	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:38:05.0809 2756	Fs_Rec - ok
10:38:05.0856 2756	fvevol          (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
10:38:05.0856 2756	fvevol - ok
10:38:05.0903 2756	gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
10:38:05.0934 2756	gagp30kx - ok
10:38:05.0996 2756	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:38:06.0012 2756	GEARAspiWDM - ok
10:38:06.0355 2756	ha20x2k         (048b94b570222f01e512695fe98fc4fb) C:\Windows\system32\drivers\ha20x2k.sys
10:38:06.0371 2756	ha20x2k - ok
10:38:06.0527 2756	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
10:38:06.0605 2756	HdAudAddService - ok
10:38:06.0651 2756	HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:38:06.0698 2756	HDAudBus - ok
10:38:06.0761 2756	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:38:06.0807 2756	HidBth - ok
10:38:06.0885 2756	HidIr           (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:38:06.0901 2756	HidIr - ok
10:38:07.0260 2756	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:38:07.0275 2756	HidUsb - ok
10:38:07.0431 2756	HpCISSs         (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
10:38:07.0478 2756	HpCISSs - ok
10:38:07.0759 2756	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:38:07.0821 2756	HTTP - ok
10:38:07.0853 2756	i2omp           (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
10:38:07.0884 2756	i2omp - ok
10:38:07.0915 2756	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:38:08.0009 2756	i8042prt - ok
10:38:08.0258 2756	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iastor.sys
10:38:08.0258 2756	iaStor - ok
10:38:08.0321 2756	iaStorV         (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
10:38:08.0367 2756	iaStorV - ok
10:38:08.0414 2756	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:38:08.0445 2756	iirsp - ok
10:38:08.0570 2756	intelide        (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
10:38:08.0586 2756	intelide - ok
10:38:08.0664 2756	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:38:08.0664 2756	intelppm - ok
10:38:08.0789 2756	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:08.0835 2756	IpFilterDriver - ok
10:38:08.0835 2756	IpInIp - ok
10:38:08.0867 2756	IPMIDRV         (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
10:38:08.0898 2756	IPMIDRV - ok
10:38:08.0960 2756	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:38:08.0991 2756	IPNAT - ok
10:38:09.0038 2756	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:38:09.0069 2756	IRENUM - ok
10:38:09.0116 2756	isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
10:38:09.0132 2756	isapnp - ok
10:38:09.0225 2756	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:38:09.0225 2756	iScsiPrt - ok
10:38:09.0241 2756	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:38:09.0319 2756	iteatapi - ok
10:38:09.0366 2756	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:38:09.0397 2756	iteraid - ok
10:38:09.0444 2756	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:38:09.0444 2756	kbdclass - ok
10:38:09.0506 2756	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:38:09.0537 2756	kbdhid - ok
10:38:09.0615 2756	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
10:38:09.0631 2756	KSecDD - ok
10:38:09.0725 2756	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:38:09.0771 2756	ksthunk - ok
10:38:09.0865 2756	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:38:09.0912 2756	lltdio - ok
10:38:10.0068 2756	LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
10:38:10.0146 2756	LSI_FC - ok
10:38:10.0161 2756	LSI_SAS         (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
10:38:10.0177 2756	LSI_SAS - ok
10:38:10.0255 2756	LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
10:38:10.0317 2756	LSI_SCSI - ok
10:38:10.0349 2756	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:38:10.0380 2756	luafv - ok
10:38:10.0489 2756	LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:38:10.0489 2756	LVPr2M64 - ok
10:38:10.0551 2756	LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:38:10.0551 2756	LVPr2Mon - ok
10:38:10.0645 2756	LVRS64          (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
10:38:10.0661 2756	LVRS64 - ok
10:38:10.0817 2756	LVUSBS64        (f1cc5f4341df18da482531e55e0bb074) C:\Windows\system32\drivers\LVUSBS64.sys
10:38:10.0817 2756	LVUSBS64 - ok
10:38:11.0675 2756	LVUVC64         (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
10:38:11.0721 2756	LVUVC64 - ok
10:38:11.0784 2756	megasas         (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
10:38:11.0815 2756	megasas - ok
10:38:11.0831 2756	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:38:11.0862 2756	Modem - ok
10:38:11.0940 2756	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:38:11.0940 2756	monitor - ok
10:38:11.0971 2756	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:38:11.0971 2756	mouclass - ok
10:38:12.0018 2756	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:38:12.0033 2756	mouhid - ok
10:38:12.0049 2756	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:38:12.0065 2756	MountMgr - ok
10:38:12.0158 2756	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
10:38:12.0158 2756	MpFilter - ok
10:38:12.0189 2756	mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
10:38:12.0345 2756	mpio - ok
10:38:12.0392 2756	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:38:12.0423 2756	MpNWMon - ok
10:38:12.0470 2756	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:38:12.0533 2756	mpsdrv - ok
10:38:12.0533 2756	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:38:12.0548 2756	Mraid35x - ok
10:38:12.0673 2756	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:38:12.0767 2756	MRxDAV - ok
10:38:12.0891 2756	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:12.0954 2756	mrxsmb - ok
10:38:13.0235 2756	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:13.0250 2756	mrxsmb10 - ok
10:38:13.0297 2756	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:13.0344 2756	mrxsmb20 - ok
10:38:13.0359 2756	msahci          (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
10:38:13.0391 2756	msahci - ok
10:38:13.0391 2756	msdsm           (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
10:38:13.0406 2756	msdsm - ok
10:38:13.0469 2756	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:38:13.0484 2756	Msfs - ok
10:38:13.0500 2756	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:38:13.0547 2756	msisadrv - ok
10:38:13.0625 2756	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:38:13.0640 2756	MSKSSRV - ok
10:38:13.0687 2756	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:13.0703 2756	MSPCLOCK - ok
10:38:13.0718 2756	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:38:13.0734 2756	MSPQM - ok
10:38:13.0796 2756	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:38:13.0843 2756	MsRPC - ok
10:38:13.0843 2756	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:38:13.0843 2756	mssmbios - ok
10:38:13.0890 2756	MSTAPE          (7d1f9672aa6d98d896fe22314442c36f) C:\Windows\system32\DRIVERS\mstape.sys
10:38:13.0937 2756	MSTAPE - ok
10:38:13.0968 2756	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:38:13.0983 2756	MSTEE - ok
10:38:13.0999 2756	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:38:14.0015 2756	Mup - ok
10:38:14.0077 2756	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:38:14.0108 2756	NativeWifiP - ok
10:38:14.0295 2756	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:38:14.0373 2756	NDIS - ok
10:38:14.0436 2756	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:14.0467 2756	NdisTapi - ok
10:38:14.0514 2756	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:14.0561 2756	Ndisuio - ok
10:38:14.0607 2756	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:14.0623 2756	NdisWan - ok
10:38:14.0670 2756	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:38:14.0701 2756	NDProxy - ok
10:38:14.0748 2756	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:38:14.0763 2756	NetBIOS - ok
10:38:14.0841 2756	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:38:14.0888 2756	netbt - ok
10:38:14.0997 2756	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:38:15.0044 2756	nfrd960 - ok
10:38:15.0122 2756	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:38:15.0122 2756	NisDrv - ok
10:38:15.0231 2756	nmwcdnsucx64    (31274d8875682ab25346b3307a1d361c) C:\Windows\system32\drivers\nmwcdnsucx64.sys
10:38:15.0247 2756	nmwcdnsucx64 - ok
10:38:15.0356 2756	nmwcdnsux64     (5275175e2fe50baf4dd11286fb270746) C:\Windows\system32\drivers\nmwcdnsux64.sys
10:38:15.0372 2756	nmwcdnsux64 - ok
10:38:15.0450 2756	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:38:15.0575 2756	Npfs - ok
10:38:15.0621 2756	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:38:15.0653 2756	nsiproxy - ok
10:38:16.0027 2756	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:38:16.0058 2756	Ntfs - ok
10:38:16.0089 2756	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:38:16.0105 2756	Null - ok
10:38:17.0384 2756	nvlddmkm        (e8ad532406358c2f488d11ec6fd8f068) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:38:17.0447 2756	nvlddmkm - ok
10:38:17.0556 2756	nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
10:38:17.0634 2756	nvraid - ok
10:38:17.0649 2756	nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
10:38:17.0649 2756	nvstor - ok
10:38:17.0681 2756	nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
10:38:17.0696 2756	nv_agp - ok
10:38:17.0696 2756	NwlnkFlt - ok
10:38:17.0696 2756	NwlnkFwd - ok
10:38:17.0774 2756	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:38:17.0790 2756	ohci1394 - ok
10:38:17.0915 2756	ossrv           (e379b1090e9b639c84cbd2da9bd7c62f) C:\Windows\system32\drivers\ctoss2k.sys
10:38:17.0915 2756	ossrv - ok
10:38:17.0993 2756	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:38:18.0071 2756	Parport - ok
10:38:18.0102 2756	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:38:18.0133 2756	partmgr - ok
10:38:18.0211 2756	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:38:18.0273 2756	pci - ok
10:38:18.0273 2756	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:38:18.0320 2756	pciide - ok
10:38:18.0507 2756	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:38:18.0539 2756	pcmcia - ok
10:38:18.0695 2756	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:38:18.0726 2756	PEAUTH - ok
10:38:18.0773 2756	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:38:18.0788 2756	PptpMiniport - ok
10:38:18.0835 2756	Processor       (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
10:38:18.0866 2756	Processor - ok
10:38:18.0944 2756	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:38:18.0944 2756	PSched - ok
10:38:19.0007 2756	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:38:19.0038 2756	PxHlpa64 - ok
10:38:19.0178 2756	ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
10:38:19.0209 2756	ql2300 - ok
10:38:19.0256 2756	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:38:19.0287 2756	ql40xx - ok
10:38:19.0334 2756	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:38:19.0397 2756	QWAVEdrv - ok
10:38:19.0490 2756	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:38:19.0506 2756	RasAcd - ok
10:38:19.0584 2756	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:19.0677 2756	Rasl2tp - ok
10:38:19.0724 2756	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:19.0740 2756	RasPppoe - ok
10:38:19.0802 2756	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:38:19.0880 2756	RasSstp - ok
10:38:20.0005 2756	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:38:20.0036 2756	rdbss - ok
10:38:20.0114 2756	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:20.0161 2756	RDPCDD - ok
10:38:20.0208 2756	rdpdr           (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
10:38:20.0255 2756	rdpdr - ok
10:38:20.0286 2756	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:38:20.0301 2756	RDPENCDD - ok
10:38:20.0348 2756	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
10:38:20.0379 2756	RDPWD - ok
10:38:20.0660 2756	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:38:20.0691 2756	rspndr - ok
10:38:20.0707 2756	RxFilter - ok
10:38:20.0816 2756	SASDIFSV        (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
10:38:20.0925 2756	SASDIFSV - ok
10:38:21.0003 2756	SASENUM         (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
10:38:21.0035 2756	SASENUM - ok
10:38:21.0066 2756	SASKUTIL        (4731a1b8a79b19cad8e2cfdc7b7d82d4) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
10:38:21.0097 2756	SASKUTIL - ok
10:38:21.0159 2756	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:38:21.0175 2756	sbp2port - ok
10:38:21.0269 2756	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:38:21.0269 2756	secdrv - ok
10:38:21.0284 2756	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:38:21.0284 2756	Serenum - ok
10:38:21.0315 2756	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:38:21.0347 2756	Serial - ok
10:38:21.0581 2756	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:38:21.0674 2756	sermouse - ok
10:38:21.0721 2756	sffdisk         (18c056b109da7cd823bfae223818eb2e) C:\Windows\system32\drivers\sffdisk.sys
10:38:21.0783 2756	sffdisk - ok
10:38:21.0783 2756	sffp_mmc        (b387781ea1a47bbe08a6e4cbd82f9790) C:\Windows\system32\drivers\sffp_mmc.sys
10:38:21.0783 2756	sffp_mmc - ok
10:38:21.0783 2756	sffp_sd         (4e6b82359dfbd84e914b4d01256ef3bf) C:\Windows\system32\drivers\sffp_sd.sys
10:38:21.0799 2756	sffp_sd - ok
10:38:21.0799 2756	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:38:21.0799 2756	sfloppy - ok
10:38:21.0815 2756	SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
10:38:21.0815 2756	SiSRaid2 - ok
10:38:21.0830 2756	SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
10:38:21.0861 2756	SiSRaid4 - ok
10:38:21.0924 2756	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:38:21.0955 2756	Smb - ok
10:38:22.0033 2756	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:38:22.0033 2756	spldr - ok
10:38:22.0189 2756	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:38:22.0251 2756	srv - ok
10:38:22.0329 2756	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:38:22.0345 2756	srv2 - ok
10:38:22.0595 2756	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:38:22.0735 2756	srvnet - ok
10:38:22.0860 2756	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:38:22.0860 2756	swenum - ok
10:38:22.0907 2756	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:38:23.0016 2756	Symc8xx - ok
10:38:23.0047 2756	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:38:23.0094 2756	Sym_hi - ok
10:38:23.0109 2756	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:38:23.0109 2756	Sym_u3 - ok
10:38:23.0406 2756	Tcpip           (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
10:38:23.0468 2756	Tcpip - ok
10:38:23.0468 2756	Tcpip6          (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
10:38:23.0484 2756	Tcpip6 - ok
10:38:23.0531 2756	tcpipreg        (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
10:38:23.0531 2756	tcpipreg - ok
10:38:23.0655 2756	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:38:23.0733 2756	TDPIPE - ok
10:38:23.0780 2756	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:38:23.0827 2756	TDTCP - ok
10:38:23.0858 2756	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:38:23.0889 2756	tdx - ok
10:38:23.0936 2756	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:38:23.0936 2756	TermDD - ok
10:38:23.0983 2756	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:24.0014 2756	tssecsrv - ok
10:38:24.0092 2756	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:38:24.0108 2756	tunmp - ok
10:38:24.0139 2756	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:38:24.0186 2756	tunnel - ok
10:38:24.0233 2756	uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
10:38:24.0264 2756	uagp35 - ok
10:38:24.0373 2756	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:38:24.0467 2756	udfs - ok
10:38:24.0529 2756	uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
10:38:24.0576 2756	uliagpkx - ok
10:38:24.0701 2756	uliahci         (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
10:38:24.0779 2756	uliahci - ok
10:38:24.0810 2756	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:38:24.0825 2756	UlSata - ok
10:38:24.0825 2756	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:38:24.0841 2756	ulsata2 - ok
10:38:24.0966 2756	UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
10:38:24.0966 2756	UltraMonUtility - ok
10:38:25.0106 2756	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:38:25.0106 2756	umbus - ok
10:38:25.0184 2756	usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:38:25.0215 2756	usbaudio - ok
10:38:25.0262 2756	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:25.0309 2756	usbccgp - ok
10:38:25.0340 2756	usbcir          (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
10:38:25.0371 2756	usbcir - ok
10:38:25.0403 2756	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:38:25.0418 2756	usbehci - ok
10:38:25.0496 2756	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:38:25.0527 2756	usbhub - ok
10:38:25.0574 2756	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
10:38:25.0574 2756	usbohci - ok
10:38:25.0621 2756	usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
10:38:25.0637 2756	usbprint - ok
10:38:25.0683 2756	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:38:25.0699 2756	usbscan - ok
10:38:25.0746 2756	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:25.0746 2756	USBSTOR - ok
10:38:25.0761 2756	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:38:25.0793 2756	usbuhci - ok
10:38:27.0540 2756	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:27.0571 2756	vga - ok
10:38:27.0649 2756	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:38:27.0665 2756	VgaSave - ok
10:38:27.0665 2756	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:38:27.0696 2756	viaide - ok
10:38:27.0711 2756	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:38:27.0743 2756	volmgr - ok
10:38:27.0883 2756	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:38:27.0945 2756	volmgrx - ok
10:38:27.0992 2756	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:38:28.0023 2756	volsnap - ok
10:38:28.0039 2756	vsmraid         (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
10:38:28.0055 2756	vsmraid - ok
10:38:28.0070 2756	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:38:28.0070 2756	WacomPen - ok
10:38:28.0133 2756	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:28.0242 2756	Wanarp - ok
10:38:28.0320 2756	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:28.0320 2756	Wanarpv6 - ok
10:38:28.0335 2756	Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
10:38:28.0335 2756	Wd - ok
10:38:28.0507 2756	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:38:28.0523 2756	Wdf01000 - ok
10:38:28.0632 2756	WmiAcpi         (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
10:38:28.0710 2756	WmiAcpi - ok
10:38:28.0850 2756	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:38:28.0928 2756	WpdUsb - ok
10:38:28.0991 2756	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:29.0022 2756	ws2ifsl - ok
10:38:29.0069 2756	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:29.0115 2756	WUDFRd - ok
10:38:29.0271 2756	xcbdaNtsc       (52e7b49578938f7b5fc94582123672c6) C:\Windows\system32\DRIVERS\xcbdax64.sys
10:38:29.0349 2756	xcbdaNtsc - ok
10:38:29.0505 2756	MBR (0x1B8)     (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
10:38:29.0552 2756	\Device\Harddisk0\DR0 - ok
10:38:29.0552 2756	Boot (0x1200)   (d9d2fe22626065cb5a2c05845708eaf9) \Device\Harddisk0\DR0\Partition0
10:38:29.0552 2756	\Device\Harddisk0\DR0\Partition0 - ok
10:38:29.0615 2756	Boot (0x1200)   (dbc7b6614f8a8453adc3db8964333721) \Device\Harddisk0\DR0\Partition1
10:38:29.0615 2756	\Device\Harddisk0\DR0\Partition1 - ok
10:38:29.0615 2756	============================================================
10:38:29.0615 2756	Scan finished
10:38:29.0615 2756	============================================================
10:38:29.0630 4168	Detected object count: 0
10:38:29.0630 4168	Actual detected object count: 0
Thank you for your time and assistance.

Sincerely,

Patrick

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 11:00 AM

No apologies is needed Patrick:)

I would like to take a look at vulnerabilities.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#7 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 11:18 AM

Hello farbar,

Thank you for the quick reply and understanding.

I have run OTL. Here is the output of OTL.txt:

OTL logfile created on: 12/7/2011 11:05:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Patrick O'Keefe\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.58% Memory free
8.17 Gb Paging File | 6.11 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.31 Gb Total Space | 80.40 Gb Free Space | 17.70% Space Free | Partition Type: NTFS
Drive D: | 11.44 Gb Total Space | 1.58 Gb Free Space | 13.82% Space Free | Partition Type: NTFS
 
Computer Name: PATRICKDESKTOP | User Name: Patrick O'Keefe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- 
PRC - [2011/12/07 11:04:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick O'Keefe\Desktop\OTL.exe
PRC - [2011/11/23 16:42:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/10/14 17:52:30 | 006,775,640 | ---- | M] (2BrightSparks Pte Ltd) -- C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe
PRC - [2011/08/17 10:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/15 11:01:48 | 000,567,296 | ---- | M] () -- C:\Prey\platform\windows\bin\bash.exe
PRC - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/07 17:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/06/03 11:19:38 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\Ctxfihlp.exe
PRC - [2009/06/03 11:14:24 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SysWOW64\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 15:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/06 18:20:15 | 000,377,303 | ---- | M] () -- C:\Program Files (x86)\Texter\texter.exe
PRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
PRC - [2005/12/15 19:21:22 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\HP Battery Backup Monitor\UPSMON_Service.exe
PRC - [2005/11/24 15:04:00 | 000,431,104 | ---- | M] () -- C:\Program Files (x86)\HP Battery Backup Monitor\UPSMON.exe
PRC - [2005/03/10 13:45:16 | 001,193,984 | ---- | M] (GlobalSCAPE Texas, LP.) -- C:\Program Files (x86)\GlobalSCAPE\CuteFTP 7 Home\ftpte.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/11/23 16:42:56 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 10:03:14 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/15 09:16:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 09:16:48 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7d48d82b0761adf21f7d78ca28b98069\IAStorUtil.ni.dll
MOD - [2011/10/15 09:16:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b644c263050c8733b61f27336bafc766\IAStorCommon.ni.dll
MOD - [2011/10/15 09:16:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/15 09:13:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 09:13:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 09:13:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 09:12:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/15 09:12:32 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 09:11:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/03 11:19:42 | 000,002,560 | ---- | M] () -- C:\WINDOWS\SysWOW64\CtxfiRes.dll
MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\SysWOW64\CmdRtr.DLL
MOD - [2007/11/06 18:20:15 | 000,377,303 | ---- | M] () -- C:\Program Files (x86)\Texter\texter.exe
MOD - [2005/11/24 15:04:00 | 000,431,104 | ---- | M] () -- C:\Program Files (x86)\HP Battery Backup Monitor\UPSMON.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2010/05/07 17:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:[b]64bit:[/b] - [2008/12/12 11:35:46 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:[b]64bit:[/b] - [2008/12/12 11:35:36 | 000,285,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:[b]64bit:[/b] - [2008/01/19 03:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/17 10:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/06/28 15:57:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/03 11:41:06 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/07 13:14:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/15 19:21:22 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP Battery Backup Monitor\UPSMON_Service.Exe -- (UPSMONService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/05/14 17:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:[b]64bit:[/b] - [2010/05/14 17:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:[b]64bit:[/b] - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:[b]64bit:[/b] - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:[b]64bit:[/b] - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/06/03 13:29:44 | 001,561,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:[b]64bit:[/b] - [2009/06/03 13:29:32 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:[b]64bit:[/b] - [2009/06/03 13:29:24 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:[b]64bit:[/b] - [2009/06/03 13:29:14 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:[b]64bit:[/b] - [2009/06/03 13:29:06 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:56 | 000,685,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:46 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:[b]64bit:[/b] - [2009/06/03 13:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/12/17 01:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:[b]64bit:[/b] - [2008/02/01 15:17:40 | 000,174,080 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:[b]64bit:[/b] - [2008/02/01 15:17:34 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:[b]64bit:[/b] - [2008/01/19 01:34:08 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:[b]64bit:[/b] - [2008/01/19 01:34:06 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:[b]64bit:[/b] - [2008/01/19 01:34:03 | 000,017,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV:[b]64bit:[/b] - [2008/01/19 01:34:02 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE)
DRV:[b]64bit:[/b] - [2008/01/15 00:56:22 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:[b]64bit:[/b] - [2007/09/07 06:43:24 | 000,204,672 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xcbdax64.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2009/03/23 13:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/08/18 03:09:04 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultthis.engineName: "123USA Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=10-05-2010&tb_mrud=10-05-2010"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=15091"
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b3
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.6
FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=10-05-2010&tb_mrud=10-05-2010&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Patrick O'Keefe\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Patrick O'Keefe\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick O'Keefe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick O'Keefe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 16:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/01 14:30:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Patrick O'Keefe\AppData\Roaming\Move Networks [2009/09/29 19:38:44 | 000,000,000 | ---D | M]
 
[2009/05/12 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Extensions
[2009/05/12 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2011/12/01 14:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions
[2011/02/16 18:53:49 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2011/10/03 23:48:00 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/12/01 14:30:39 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011/09/13 15:05:19 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/11/30 15:11:27 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\extensions\toolbar@ask.com
[2010/05/10 08:35:00 | 000,002,343 | ---- | M] () -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\searchplugins\aol-search.xml
[2011/03/27 10:08:31 | 000,002,354 | ---- | M] () -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\searchplugins\aol-web-search.xml
[2009/06/21 22:12:04 | 000,002,831 | ---- | M] () -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\searchplugins\bing.xml
[2011/12/02 11:13:14 | 000,002,533 | ---- | M] () -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\gpy5mph7.default\searchplugins\diigo--google.xml
[2011/11/23 16:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 11:13:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\PATRICK O'KEEFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPY5MPH7.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\PATRICK O'KEEFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPY5MPH7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/11/23 16:42:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/05/18 10:18:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/23 16:42:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/12/05 12:33:36 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [UPSMON] C:\Program Files (x86)\HP Battery Backup Monitor\UPSMON.EXE ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Patrick O'Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CuteFTP 7 Home.lnk = C:\Program Files (x86)\GlobalSCAPE\CuteFTP 7 Home\cuteftp.exe (GlobalSCAPE Texas, LP.)
O4 - Startup: C:\Users\Patrick O'Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Texter.lnk = C:\Program Files (x86)\Texter\texter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1279248592-2350562021-295134033-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendo.com/consumer/systems/wii/en_na/usbaptest.cab (USBAPTester Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E01DC50F-76C5-4E61-BDAF-993CDD87B094}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Patrick O'Keefe\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Patrick O'Keefe\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22c7471b-6eb8-11e0-947e-001e8c357386}\Shell - "" = AutoRun
O33 - MountPoints2\{22c7471b-6eb8-11e0-947e-001e8c357386}\Shell\AutoRun\command - "" = H:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/07 11:04:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick O'Keefe\Desktop\OTL.exe
[2011/12/07 10:37:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick O'Keefe\Desktop\tdsskiller
[2011/12/06 04:10:30 | 000,000,000 | ---D | C] -- C:\FRST
[2011/12/04 23:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/04 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/04 19:41:09 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/30 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/11/30 15:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011/11/30 15:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2011/11/18 00:37:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick O'Keefe\AppData\Roaming\Mp3tag
[2011/11/18 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011/11/18 00:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2011/11/17 23:59:45 | 000,000,000 | ---D | C] -- C:\Users\Patrick O'Keefe\AppData\Roaming\com.amazon.music.uploader
[2011/11/17 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick O'Keefe\Documents\Amazon MP3 Uploader
[2011/11/11 10:03:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/11 01:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/06/03 11:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/06/03 10:56:56 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/07 11:07:10 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/12/07 11:05:05 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 11:04:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick O'Keefe\Desktop\OTL.exe
[2011/12/07 10:43:03 | 000,878,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/07 10:43:03 | 000,725,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/07 10:43:03 | 000,152,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/07 10:42:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279248592-2350562021-295134033-1003UA.job
[2011/12/07 10:24:15 | 000,207,812 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/07 10:23:57 | 000,207,812 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/07 10:23:54 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2011/12/07 10:23:44 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 10:23:32 | 000,003,568 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 10:23:32 | 000,003,568 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 10:23:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/07 10:23:18 | 4294,156,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 10:22:07 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-60031102}.rfx
[2011/12/07 10:22:07 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-00000005-60031102}.rfx
[2011/12/07 10:22:07 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-00000005-60031102}.rfx
[2011/12/07 10:21:14 | 001,557,928 | ---- | M] () -- C:\Users\Patrick O'Keefe\Desktop\tdsskiller.zip
[2011/12/07 10:18:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1279248592-2350562021-295134033-1003UA.job
[2011/12/06 20:05:49 | 000,684,297 | ---- | M] () -- C:\Users\Patrick O'Keefe\Desktop\unhide.exe
[2011/12/05 12:33:36 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/04 23:30:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/04 23:29:51 | 000,893,622 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/04 18:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1279248592-2350562021-295134033-1003Core.job
[2011/12/04 17:42:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1279248592-2350562021-295134033-1003Core.job
[2011/11/25 17:14:21 | 000,037,376 | ---- | M] () -- C:\Users\Patrick O'Keefe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 12:10:57 | 005,709,783 | ---- | M] () -- C:\Users\Patrick O'Keefe\Desktop\c01951704.pdf
[2011/11/14 09:39:54 | 772,711,036 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/11 10:03:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/12/07 10:21:15 | 001,557,928 | ---- | C] () -- C:\Users\Patrick O'Keefe\Desktop\tdsskiller.zip
[2011/12/06 20:06:35 | 000,684,297 | ---- | C] () -- C:\Users\Patrick O'Keefe\Desktop\unhide.exe
[2011/12/05 17:47:31 | 4294,156,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 23:29:47 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/17 23:59:14 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/11/14 12:09:32 | 005,709,783 | ---- | C] () -- C:\Users\Patrick O'Keefe\Desktop\c01951704.pdf
[2011/10/05 11:33:49 | 000,000,429 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/07/29 19:31:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/01/25 18:33:00 | 000,000,600 | ---- | C] () -- C:\Users\Patrick O'Keefe\AppData\Local\PUTTY.RND
[2010/12/24 11:38:40 | 000,037,376 | ---- | C] () -- C:\Users\Patrick O'Keefe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/05/02 07:54:04 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\o.dat
[2010/03/18 18:20:26 | 000,008,640 | ---- | C] () -- C:\Windows\SysWow64\Pgi_qt.dll
[2010/03/18 18:20:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\HWDll.dll
[2010/03/18 15:16:25 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\CLL.EXE
[2010/01/14 09:13:14 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/14 09:12:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/14 09:12:04 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/05 14:31:47 | 000,220,420 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/08/11 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2009/08/07 14:56:31 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/08/07 13:38:40 | 000,207,812 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/07 13:37:58 | 000,207,812 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/03 12:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/03 11:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/06/03 10:57:12 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/05/26 09:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/02/21 18:20:59 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/02/06 18:18:33 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/02/06 18:16:36 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/02/06 18:13:50 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/02/05 20:17:44 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\RemoteControl.dll
[2009/02/02 18:39:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/02 16:56:49 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/01 18:04:56 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/10/07 20:08:10 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2008/10/07 20:08:10 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2008/09/12 17:20:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2007/11/29 14:02:36 | 000,893,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/11/29 13:51:06 | 000,107,056 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/11/29 13:44:12 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2007/11/29 13:44:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2007/11/29 13:31:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2007/11/29 13:31:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\SysWow64\LTCRY13N.DLL
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\SysWow64\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL

< End of report >
Please find Extras.txt attached.

I appreciate your time and assistance.

Sincerely,

Patrick

Attached Files



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 11:34 AM

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O33 - MountPoints2\{22c7471b-6eb8-11e0-947e-001e8c357386}\Shell\AutoRun\command - "" = H:\MI.exe
      :commands
      [resethosts]
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for "Java Platform, Standard Edition".
    • Click the "Download JRE" button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select your OS and Platform (32-bit or 64-bit).
    • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
  • Also please tell me how is the system running.


#9 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 11:49 AM

Hello farbar,

Thank you for the quick reply.

I entered the fix into OTL as described, but it brought up a dialog box that said "Cannot create file C:\Windows\System32\drivers\etc\Hosts." All I could select was "OK." No log file opened. After I clicked "OK," however, I noticed that the OTL status bar said "Resetting HOSTS file. DO NOT INTERRUPT..." Nothing in the program can be clicked on. It has been running for approximately 10 minutes with no change. Should I do anything?

Holding off on upgrading Java until I can close OTL.

I appreciate your time.

Thanks,

Patrick

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 11:54 AM

It is probably a hang up.

We can take care of it. But I would like to see if OTL has done it.

Restart the computer and run the OTL fix again.

#11 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 12:09 PM

Hello farbar,

I closed OTL and restarted the computer. When it rebooted, a text file appeared on the screen titled 12072011_113847.txt. It contained:

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Should I go ahead and run the OTL fix again?

Thanks,

Patrick

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 12:12 PM

Yes please.

#13 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 12:18 PM

Thanks for that. I ran the OTL fix and it did the exact same thing again, unfortunately.

Patrick

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 07 December 2011 - 12:24 PM

That is what I wanted to know, thanks. We deal with it with FRST.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Unlock: C:\Windows\System32\drivers\etc\Hosts
C:\Windows\System32\drivers\etc\Hosts
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#15 iFroggy

iFroggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 07 December 2011 - 12:33 PM

Thanks for that. I have followed those instructions. Here is the Fixlog.txt file contents:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-07 12:31:24 R:2
Running from F:\

==============================================

permissions for C:\Windows\System32\drivers\etc\Hosts restored successfully 
C:\Windows\System32\drivers\etc\Hosts moved successfully.

==== End of Fixlog ====
Thanks,

Patrick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users