Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Novice Computer User-Infection Newbie


  • This topic is locked This topic is locked
23 replies to this topic

#1 Robinsky123

Robinsky123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 11 December 2011 - 08:07 AM

Hello from Canada!!!.....I have a serious? Infection...Details:
On Dec/6/11, I was checking emails and found one in "Junk".....it said it was from Canada Post......Just by pure coincidence, I just happen to waiting on an Important Letter(Credit Related) from them
so I selected "Safe" and read it.....It came with an Attachment...unfortunatly I downloaded It...STUPID!! I know....The file was a Zip, which I scanned with Both Malwarebytes+Microsoft Security
Essentials...both came up clean!!!...so I unzipped it, deleted the original zip and opened the folder...it contained 1 .pdf and several .txt (0bytes)...I opened the .pdf and the Nightmare Began!!!
Immediatly my screen changed/flashed to a Black screen. Then a bunch (over 20) of rectangular windows showed up...all indicating that my hard drive was failing!!!.there was an option to "Fix" by selecting "OK"....However I didnot..I just forced shutdown by pressing the Start Buttion on my HP. I then started up and the same windows showed up...I shut down again and started with the
Kaspersky Rescue DVD....I would "Boot"..BUT at a certain point it would not continue...."could not find cd"!!....so I restarted in safe mode, ran some scans & was able to start normally, BUT
my desktop was still Black....other symptoms as followed: Start Menu would only show Admin(Empty)...ALL folders were Hidden (I could see then but when opened..were empty!!)..I typed Computer, and Opened it...my drives and partitions still showed up (With correct space used..)...I could access my user folder again by typing it in...same with control panel...etc...Tried a system Restore..
Failed...Tried a Repair computer from a Win 7 Repair disc..to no avail...also all taskbar icon were gone..(But notifications were still there...)...so I deleted ALL system restore points and turned
it off.....did a superantispyware scan in safe mode..found 2 in appdata....ran RKill and it stopped a couple of processes.....rebooted and my desktop was back to normal!! with all my slideshow pics
I started my older second desktop (eMachine T5234-Vista 32) and went on line to fine other anti???....I used my Micro 8GB card to transfer files...I used Combofix..and then everything was almost back to normal.......ALL folders were "Unhidden" and I could open and see contents. BUT MAJOR problems still exist: Updates download BUT are not listed in Windows Update downloads page!!!, tried scannow both normally and from CMD in recovery disc...would not work...Windows Modules Installer Errors "Windows Resource Protetion could not....")......."Turn windows features on or off" is blank........
I would go back and forth between computers and do sugessted "Fixes" on HP......Finally got scannow to run!! (After Restart)...ran for almost 2hrs 30min...restarted...Back to FAST BOOT :)
BUT problems still exist...Reg+dll+ other are probibly corrupted!!...I am uncertain if I got rid of infection or its hiding???...I want to be certain!!....I have thought of nuking my drive and doing
a clean install!! but only as a LAST resort.....I have so many programs & Personal folder/files....I don't want to back up anything NOW (I have a 2TB WD for backups via sata...it USED to be an external...but usb was way too slow....)....Long story short: am I still Infected and how to repair various win7 problems....I am certain my HP has missing/corrupted system files....sorry for thelong letter but I thought that I should give as much info as possible. I have a Hijackthis log....My HP specs are: Windows 7 64, 8GB RAM, 1 dvd+1 Blu-ray Burner, 2 Hard drives>> Main is partitioned..
c: os and user d: Backup.....2nd drive.2 partitions..a: Audio(Cakewalk Projects.I am a Guitarist/Bassist/Keys/Drummer) b: Vid files Main has 620gb...2nd has 500GB.Thank for ANY info.....the Hijackthis.log is suspicially small!! Help me Obi-Wans, you are my only hope!!!......R

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 17 December 2011 - 08:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431845 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:25 AM

Posted 18 December 2011 - 09:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Firstly, do not run Combofix without expert help. This can cause more problems than the malware.

Second, it seems that there are deeper issues so we need to check for rootkit activity at the beginning

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#4 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 18 December 2011 - 11:32 PM

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Robin at 16:11:44 on 2011-12-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.6010 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Zoominto.IEPlugin.ZoomintoMain: {acdf77a9-9eda-407f-969f-b3bcbe3217d0} - mscoree.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAVCPL~1.LNK - C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
Trusted Zone: line6.net
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Zoominto.IEPlugin.ZoomintoMain: {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} - mscoree.dll
TB-X64: Ant.com Download Toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-12 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41:14;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 L6PODX3;L6 POD X3 Service;C:\Windows\system32\Drivers\L6PODX364.sys --> C:\Windows\system32\Drivers\L6PODX364.sys [?]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers\L6TPortGX64.sys [?]
S3 L6UX1;Service - Line 6 UX1;C:\Windows\system32\Drivers\L6UX164.sys --> C:\Windows\system32\Drivers\L6UX164.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
.
=============== Created Last 30 ================
.
2011-12-18 18:00:39 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D789E404-47F5-4BE7-8950-DE4ECB8346D4}\offreg.dll
2011-12-18 12:17:02 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-18 02:06:34 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D789E404-47F5-4BE7-8950-DE4ECB8346D4}\mpengine.dll
2011-12-17 22:25:28 -------- d-----w- C:\Users\Robin\AppData\Local\{C5BCC622-9AA3-40AB-A625-1DA1BB0FF156}
2011-12-17 22:25:17 -------- d-----w- C:\Users\Robin\AppData\Local\{FA612BA2-9B45-43EC-8491-CE323E1A936A}
2011-12-12 08:42:05 0 ----a-w- C:\Windows\System32\windbg.exe
2011-12-12 08:27:38 -------- d-----w- C:\WinDDK
2011-12-12 08:03:15 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-12 07:09:41 -------- d-----w- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
2011-12-12 06:16:23 137536 ----a-w- C:\Windows\System32\nvshext.dll
2011-12-12 06:16:22 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-12-12 06:16:22 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-12-12 06:16:22 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2011-12-12 06:16:22 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-12-12 06:16:22 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2011-12-12 06:07:15 -------- d-----w- C:\Users\Robin\AppData\Local\NVIDIA Corporation
2011-12-12 05:04:58 -------- d--h--w- C:\Windows\msdownld.tmp
2011-12-12 05:04:58 -------- d-----w- C:\Windows\SysWow64\directx
2011-12-12 04:35:38 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-12-12 04:35:38 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-12-11 22:34:08 -------- d-----w- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
2011-12-11 22:33:57 -------- d-----w- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
2011-12-11 09:14:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-09 11:22:02 -------- d-----w- C:\41f7dcba618342895cab
2011-12-08 06:35:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
2011-12-08 04:34:09 5326 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-12-08 04:20:59 98816 ----a-w- C:\Windows\sed.exe
2011-12-08 04:20:59 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-08 04:20:59 256000 ----a-w- C:\Windows\PEV.exe
2011-12-08 04:20:59 208896 ----a-w- C:\Windows\MBR.exe
2011-12-08 03:47:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-07 09:33:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-07 06:06:40 -------- d-----w- C:\ProgramData\IObit
2011-12-07 05:49:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 16:13:09 -------- d-----w- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
2011-12-04 16:12:59 -------- d-----w- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
2011-11-28 23:15:40 -------- d-----w- C:\Users\Robin\CyberLink
2011-11-28 23:12:37 -------- d-----w- C:\Users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12:33 -------- d-----w- C:\Program Files (x86)\zoomintoIE
2011-11-28 22:17:56 -------- d-----r- C:\Users\Robin\pentadactyl
2011-11-28 15:45:21 0 ----a-w- C:\Users\Robin\AppData\Local\BIT4A86.tmp
2011-11-26 01:59:22 -------- d-----w- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
2011-11-26 01:59:11 -------- d-----w- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
2011-11-23 00:44:15 -------- d-----w- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
2011-11-23 00:44:03 -------- d-----w- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
.
==================== Find3M ====================
.
2011-12-16 04:15:22 82816 ----a-w- C:\Users\Robin\AppData\Roaming\pcouffin.sys
2011-11-29 16:53:15 414368 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-02 00:00:38 5018 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-10-24 20:29:02 94208 ------w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ------w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:54:52 321856 ------w- C:\Windows\SysWow64\nvStreaming.exe
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-21 02:52:52 472808 ------w- C:\Windows\SysWow64\deployJava1.dll
2011-09-21 02:50:46 0 ------w- C:\Windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50:46 0 ------w- C:\Windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50:46 0 ------w- C:\Windows\SysWow64\REN1B6C.tmp
2006-03-26 20:24:18 557056 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23:58 442368 ----a-w- C:\Program Files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15:16 405504 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41:48 405504 ----a-w- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15:12 98304 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26:04 417792 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.2.dll
.
============= FINISH: 16:12:08.73 ===============

#5 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 18 December 2011 - 11:34 PM

Hello mOle!!.....I am grateful for your assistance, here are my answers as requested: My HP seems to be running OK but I

still have the following known issues,
Updates will run and install...but the same update immedietly shows up again, (I have it set to inform me of updates, not

Automatic download)
"turn windows features on or off" is still blank, there are many services issues.I forgot specifics but some will not start...relating

to updates and others.
when I run "Generate system health report"....the report "looks" different than before.has a diff name...and shows many

services issues.
Some of my admin tool don't work right......when I run performance monitor i get a list of errors "Unable to add these counters"

3 Processor Information, 2 Physical Disk and 1
network interface.....in event viewer there is a "Subcriptions" error....."The windows event collector service must be running and

configured"
basically i think that many system drivers etc are missing or corrupted???....everything seems fine otherwise....but infection

caused many problems.
I do have my win 7 disc, however I bought my HP with vista 64 installed and got a HP win 7 upgrade disc a few months later and

custom installed it....I was prompted (During Installation) to make a backup of my vista first, so I did and made 3 DVDs....Many

Thanks!!!!!!

#6 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 19 December 2011 - 01:13 AM

PS: Ran aswMBR.exe......but it would stop about 10min during scan...."Unexpected Error...." Windows had me shut the program down.....Security Essentials was Disabled...should I run It in safe mode??
I will post a OTL Log, a RKreport, and a TDSSKiller Log......hope this helps......my HP SEEMS normal except for the aforementioned system problems. I think that I am still Infected....one more log:
ComboFix-quarantined-files Log.......Thank You :)

OTL logfile created on: 12/13/11 11:38:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

8.00 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 75.93% Memory free
10.00 Gb Paging File | 8.06 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 211.79 Gb Free Space | 36.33% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe (Ant.com)
PRC - C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ASRservice) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe (IObit)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L6UX1) -- C:\Windows\SysNative\drivers\L6UX164.sys (Line 6)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (L6PODX3) -- C:\Windows\SysNative\drivers\L6PODX364.sys (Line 6)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVIDIA Corp.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 15:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 06:18:58 | 000,000,000 | ---D | M]

[2010/07/15 23:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\anttoolbar@ant.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\cybersearch@cybernetnews.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\foxdie_ext_ocelot@foxdie.us
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\googletube@googletube.com
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/11/11 16:36:31 | 000,002,325 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage-ssl.xml
[2011/12/08 20:22:16 | 000,005,457 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage.xml
[2011/11/28 15:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/20 20:53:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/28 15:50:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/20 20:52:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/09 02:46:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/09 02:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 02:46:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/09 02:46:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/09 02:46:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/07 22:30:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64.exe - Shortcut.lnk = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O8 - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 11:31:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2011/12/12 02:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/12/12 02:27:38 | 000,000,000 | ---D | C] -- C:\WinDDK
[2011/12/12 01:39:29 | 004,425,880 | ---- | C] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
[2011/12/12 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/12 00:16:23 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/12/12 00:16:22 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/12/12 00:16:22 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/12/12 00:16:22 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/12/12 00:16:22 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/12/12 00:12:54 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/12/12 00:12:54 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/12/12 00:12:54 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/12/12 00:12:49 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/12/12 00:12:49 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/12/12 00:12:49 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/12/12 00:12:49 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/12/12 00:12:48 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/12/12 00:12:48 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/12/12 00:12:48 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/12/12 00:12:48 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/12/12 00:12:48 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/12/12 00:12:48 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/12/12 00:12:48 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/12/12 00:12:48 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/12/12 00:12:48 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/12/12 00:12:48 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/12/12 00:12:48 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/12/12 00:12:48 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/12/12 00:12:48 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/12/12 00:12:48 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/12/12 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\NVIDIA Corporation
[2011/12/11 23:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/12/11 22:35:38 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/12/11 22:35:38 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/12/11 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
[2011/12/11 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
[2011/12/11 03:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/11 03:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/09 05:45:54 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\IObit
[2011/12/09 05:22:02 | 000,000,000 | ---D | C] -- C:\41f7dcba618342895cab
[2011/12/08 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/08 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/12/08 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2011/12/07 22:31:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/07 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/12/07 22:28:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/07 22:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 22:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 22:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 22:20:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/07 21:24:36 | 004,331,784 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/07 03:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/07 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover
[2011/12/06 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
[2011/12/04 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn825699552
[2011/11/30 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-CRA-Info+Forms
[2011/11/29 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\$60 COST EACH
[2011/11/29 23:08:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\10 Bags=$490+$55=$544+$31=$576
[2011/11/28 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-IE-Help and Info
[2011/11/28 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Robin\CyberLink
[2011/11/28 17:12:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zoomintoIE
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoominto IePlugin
[2011/11/28 16:17:56 | 000,000,000 | R--D | C] -- C:\Users\Robin\pentadactyl
[2011/11/28 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\S7H0W4
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\selling5699552stuff
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn82@gmail.com
[2011/11/25 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
[2011/11/25 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
[2011/11/24 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Saskatoon Country Western Music Association
[2011/11/22 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
[2011/11/22 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
[2011/11/20 00:11:01 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Metis-Info
[2011/11/19 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Banking-Credit Card & Credit-Info
[2011/11/18 02:49:31 | 000,000,000 | ---D | C] -- C:\Users\Robin\.gimp-2.6
[2011/11/18 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/17 22:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/11/17 22:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/17 21:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/17 21:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/11/17 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/11/17 14:28:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\TAKE LEARNERS TEST!!!
[2011/11/14 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Kijiji-Stuff
[2011/11/13 21:50:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\VSOBlurayConverter
[2011/11/13 21:33:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\DVDFab Passkey
[2011/11/13 21:29:09 | 000,079,232 | ---- | C] (Fengtao Software Inc.) -- C:\Windows\SysNative\drivers\dvdfab.sys
[2011/11/13 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab Passkey
[2011/11/13 20:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011/11/13 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011/11/13 20:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2010/01/30 21:06:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2009/10/11 19:26:40 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
[2009/10/11 19:26:35 | 000,442,368 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-DX 5.7.dll
[2009/10/11 19:26:24 | 000,417,792 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.2.dll
[2009/10/11 19:26:19 | 000,098,304 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.0.dll
[2009/10/11 19:26:14 | 000,557,056 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.7.dll
[2009/10/11 19:26:09 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.5.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 11:31:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2011/12/13 11:18:29 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 11:18:29 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 11:11:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
[2011/12/13 11:09:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 04:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 01:30:02 | 000,001,854 | ---- | M] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 22:49:57 | 000,198,656 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 20:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
[2011/12/12 17:25:08 | 005,075,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 12:47:12 | 000,000,850 | ---- | M] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cd
[2011/12/12 01:39:32 | 004,425,880 | ---- | M] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 00:12:15 | 000,001,996 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/12/11 20:41:06 | 000,007,616 | ---- | M] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/11 03:48:40 | 000,001,598 | ---- | M] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:24:56 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/08 23:11:02 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/07 22:30:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/07 18:07:04 | 004,331,784 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 15:02:56 | 000,684,297 | ---- | M] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/06 23:00:26 | 000,754,176 | ---- | M] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/04 11:06:50 | 000,081,183 | ---- | M] () -- C:\Users\Robin\Desktop\01-Black With Red Bows Corset-EBAY-$64.JPG
[2011/12/02 21:48:02 | 014,857,716 | ---- | M] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/11/29 10:53:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 15:51:53 | 000,001,905 | ---- | M] () -- C:\Users\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 09:44:49 | 000,000,000 | ---- | M] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | M] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/13 20:55:16 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/11/13 20:43:25 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2011/11/13 20:43:25 | 000,007,859 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2011/11/13 20:43:25 | 000,001,167 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/12 19:19:42 | 000,754,176 | ---- | C] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/12 12:47:12 | 000,000,850 | ---- | C] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 12:46:23 | 000,001,854 | ---- | C] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | C] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cd
[2011/12/11 03:48:40 | 000,001,598 | ---- | C] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:32:32 | 000,007,616 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/10 23:24:56 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:23 | 000,000,194 | ---- | C] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/10 16:28:53 | 000,684,297 | ---- | C] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/10 16:28:33 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\iExplore.exe
[2011/12/10 16:28:22 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\rkill.exe
[2011/12/08 23:10:41 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/07 23:19:03 | 000,014,726 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Shortcut Icons.JPG
[2011/12/07 23:19:03 | 000,009,804 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Apps Currently Running-NOT MANY.JPG
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:20:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 22:20:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 22:20:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 22:20:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 22:20:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/04 11:13:28 | 000,081,183 | ---- | C] () -- C:\Users\Robin\Desktop\01-Black With Red Bows Corset-EBAY-$64.JPG
[2011/12/02 21:47:11 | 014,857,716 | ---- | C] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/11/28 09:44:49 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | C] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/17 16:20:23 | 091,121,388 | ---- | C] () -- C:\Users\Robin\Desktop\The Jack [Live].wav
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 17:27:11 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/09 17:27:11 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/09 17:27:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/09 17:27:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/09 17:27:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/30 15:59:21 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/09/22 15:36:20 | 000,001,996 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/28 20:44:36 | 000,000,377 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/11 00:28:11 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2010/12/19 22:41:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/23 21:04:44 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\prvlcl.dat
[2010/09/13 19:43:27 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/09/02 01:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 01:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/14 22:21:12 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/06/14 22:21:12 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/04/29 09:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/15 14:54:46 | 000,023,336 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/04 23:31:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/02/04 23:28:03 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/01/30 21:06:32 | 000,007,859 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2010/01/30 21:06:32 | 000,001,167 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2010/01/27 20:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/27 15:51:20 | 000,198,656 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 15:24:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/12/15 15:24:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/10/16 12:27:30 | 000,000,486 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat
[2009/10/10 22:38:21 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/10/08 22:41:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/03 15:39:02 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/03 15:39:02 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/04/18 23:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[1980/01/01 01:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\bootstat.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

< End of report >

#7 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 19 December 2011 - 01:15 AM

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Robin [Admin rights]
Mode: Scan -- Date : 12/14/2011 07:33:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

23:51:28.0351 1420 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:51:28.0398 1420 ============================================================
23:51:28.0398 1420 Current date / time: 2011/12/06 23:51:28.0398
23:51:28.0398 1420 SystemInfo:
23:51:28.0398 1420
23:51:28.0398 1420 OS Version: 6.1.7601 ServicePack: 1.0
23:51:28.0398 1420 Product type: Workstation
23:51:28.0398 1420 ComputerName: ROBIN-HP
23:51:28.0398 1420 UserName: Robin
23:51:28.0398 1420 Windows directory: C:\Windows
23:51:28.0398 1420 System windows directory: C:\Windows
23:51:28.0398 1420 Running under WOW64
23:51:28.0398 1420 Processor architecture: Intel x64
23:51:28.0398 1420 Number of processors: 3
23:51:28.0398 1420 Page size: 0x1000
23:51:28.0398 1420 Boot type: Safe boot
23:51:28.0398 1420 ============================================================
23:51:29.0740 1420 Initialize success
23:51:45.0184 1192 ============================================================
23:51:45.0184 1192 Scan started
23:51:45.0184 1192 Mode: Manual;
23:51:45.0184 1192 ============================================================
23:51:46.0400 1192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:51:46.0400 1192 1394ohci - ok
23:51:46.0416 1192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:51:46.0416 1192 ACPI - ok
23:51:46.0432 1192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:51:46.0432 1192 AcpiPmi - ok
23:51:46.0510 1192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:46.0510 1192 adp94xx - ok
23:51:46.0572 1192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:51:46.0572 1192 adpahci - ok
23:51:46.0588 1192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:51:46.0588 1192 adpu320 - ok
23:51:46.0634 1192 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:51:46.0650 1192 AFD - ok
23:51:46.0681 1192 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
23:51:46.0681 1192 AgereSoftModem - ok
23:51:46.0712 1192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:51:46.0712 1192 agp440 - ok
23:51:46.0728 1192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:51:46.0728 1192 aliide - ok
23:51:46.0744 1192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:51:46.0744 1192 amdide - ok
23:51:46.0759 1192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:51:46.0759 1192 AmdK8 - ok
23:51:46.0900 1192 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:47.0009 1192 amdkmdag - ok
23:51:47.0040 1192 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:51:47.0040 1192 amdkmdap - ok
23:51:47.0071 1192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:51:47.0087 1192 AmdPPM - ok
23:51:47.0118 1192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:51:47.0118 1192 amdsata - ok
23:51:47.0134 1192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:47.0134 1192 amdsbs - ok
23:51:47.0165 1192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:51:47.0165 1192 amdxata - ok
23:51:47.0258 1192 AnyDVD (8286917a791a7c58948d83dec8b8b37f) C:\Windows\system32\Drivers\AnyDVD.sys
23:51:47.0258 1192 AnyDVD - ok
23:51:47.0290 1192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:51:47.0290 1192 AppID - ok
23:51:47.0321 1192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:51:47.0321 1192 arc - ok
23:51:47.0336 1192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:51:47.0336 1192 arcsas - ok
23:51:47.0352 1192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:47.0352 1192 AsyncMac - ok
23:51:47.0383 1192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:51:47.0383 1192 atapi - ok
23:51:47.0508 1192 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:47.0555 1192 atikmdag - ok
23:51:47.0602 1192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:47.0602 1192 b06bdrv - ok
23:51:47.0617 1192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:47.0617 1192 b57nd60a - ok
23:51:47.0648 1192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:51:47.0648 1192 Beep - ok
23:51:47.0680 1192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:47.0680 1192 blbdrive - ok
23:51:47.0711 1192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:51:47.0711 1192 bowser - ok
23:51:47.0726 1192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:47.0742 1192 BrFiltLo - ok
23:51:47.0758 1192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:47.0758 1192 BrFiltUp - ok
23:51:47.0758 1192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:51:47.0758 1192 Brserid - ok
23:51:47.0773 1192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:47.0789 1192 BrSerWdm - ok
23:51:47.0804 1192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:47.0804 1192 BrUsbMdm - ok
23:51:47.0820 1192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:47.0820 1192 BrUsbSer - ok
23:51:47.0851 1192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:47.0851 1192 BTHMODEM - ok
23:51:47.0882 1192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:51:47.0882 1192 cdfs - ok
23:51:47.0898 1192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:51:47.0898 1192 cdrom - ok
23:51:47.0914 1192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:51:47.0914 1192 circlass - ok
23:51:47.0945 1192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:51:47.0945 1192 CLFS - ok
23:51:47.0976 1192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:47.0976 1192 CmBatt - ok
23:51:47.0992 1192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:51:47.0992 1192 cmdide - ok
23:51:48.0023 1192 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:51:48.0023 1192 CNG - ok
23:51:48.0038 1192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:51:48.0038 1192 Compbatt - ok
23:51:48.0054 1192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:51:48.0054 1192 CompositeBus - ok
23:51:48.0116 1192 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
23:51:48.0116 1192 cpuz132 - ok
23:51:48.0116 1192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:48.0116 1192 crcdisk - ok
23:51:48.0163 1192 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) C:\Windows\system32\drivers\DefragFS.sys
23:51:48.0163 1192 DefragFS - ok
23:51:48.0194 1192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:51:48.0194 1192 DfsC - ok
23:51:48.0210 1192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:51:48.0210 1192 discache - ok
23:51:48.0226 1192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:51:48.0226 1192 Disk - ok
23:51:48.0257 1192 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:51:48.0272 1192 Dot4 - ok
23:51:48.0304 1192 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:51:48.0304 1192 Dot4Print - ok
23:51:48.0319 1192 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:51:48.0319 1192 dot4usb - ok
23:51:48.0350 1192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:51:48.0350 1192 drmkaud - ok
23:51:48.0413 1192 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
23:51:48.0413 1192 dvdfab - ok
23:51:48.0460 1192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:51:48.0460 1192 DXGKrnl - ok
23:51:48.0538 1192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:51:48.0553 1192 ebdrv - ok
23:51:48.0647 1192 ElbyCDIO (7984a82c1c373923330e6781f762d140) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:51:48.0647 1192 ElbyCDIO - ok
23:51:48.0678 1192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:51:48.0678 1192 elxstor - ok
23:51:48.0740 1192 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
23:51:48.0740 1192 epmntdrv - ok
23:51:48.0772 1192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:51:48.0772 1192 ErrDev - ok
23:51:48.0850 1192 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
23:51:48.0850 1192 EuGdiDrv - ok
23:51:48.0881 1192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:51:48.0896 1192 exfat - ok
23:51:48.0928 1192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:51:48.0928 1192 fastfat - ok
23:51:48.0943 1192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:51:48.0943 1192 fdc - ok
23:51:48.0974 1192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:51:48.0974 1192 FileInfo - ok
23:51:48.0990 1192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:51:48.0990 1192 Filetrace - ok
23:51:49.0037 1192 FKFAP - ok
23:51:49.0068 1192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:49.0068 1192 flpydisk - ok
23:51:49.0099 1192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:51:49.0115 1192 FltMgr - ok
23:51:49.0130 1192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:51:49.0130 1192 FsDepends - ok
23:51:49.0130 1192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:51:49.0130 1192 Fs_Rec - ok
23:51:49.0177 1192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:51:49.0177 1192 fvevol - ok
23:51:49.0193 1192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:49.0193 1192 gagp30kx - ok
23:51:49.0240 1192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:51:49.0240 1192 hcw85cir - ok
23:51:49.0286 1192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:51:49.0286 1192 HdAudAddService - ok
23:51:49.0333 1192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:49.0333 1192 HDAudBus - ok
23:51:49.0349 1192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:49.0349 1192 HidBatt - ok
23:51:49.0364 1192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:51:49.0364 1192 HidBth - ok
23:51:49.0380 1192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:51:49.0380 1192 HidIr - ok
23:51:49.0411 1192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:51:49.0411 1192 HidUsb - ok
23:51:49.0489 1192 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys
23:51:49.0489 1192 hotcore3 - ok
23:51:49.0520 1192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:51:49.0520 1192 HpSAMD - ok
23:51:49.0583 1192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:51:49.0583 1192 HTTP - ok
23:51:49.0614 1192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:51:49.0614 1192 hwpolicy - ok
23:51:49.0630 1192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:51:49.0630 1192 i8042prt - ok
23:51:49.0676 1192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:51:49.0676 1192 iaStorV - ok
23:51:49.0692 1192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:51:49.0692 1192 iirsp - ok
23:51:49.0754 1192 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
23:51:49.0770 1192 IntcAzAudAddService - ok
23:51:49.0786 1192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:51:49.0786 1192 intelide - ok
23:51:49.0817 1192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:51:49.0817 1192 intelppm - ok
23:51:49.0864 1192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:49.0864 1192 IpFilterDriver - ok
23:51:49.0895 1192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:51:49.0895 1192 IPMIDRV - ok
23:51:49.0926 1192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:51:49.0926 1192 IPNAT - ok
23:51:49.0957 1192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:51:49.0957 1192 IRENUM - ok
23:51:49.0973 1192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:51:49.0973 1192 isapnp - ok
23:51:50.0004 1192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:51:50.0004 1192 iScsiPrt - ok
23:51:50.0035 1192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:51:50.0035 1192 kbdclass - ok
23:51:50.0066 1192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:51:50.0066 1192 kbdhid - ok
23:51:50.0082 1192 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:51:50.0082 1192 KSecDD - ok
23:51:50.0113 1192 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:51:50.0113 1192 KSecPkg - ok
23:51:50.0129 1192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:51:50.0129 1192 ksthunk - ok
23:51:50.0160 1192 L6PODX3 (db08799c17af4f23a5ac2a6218a0c8f6) C:\Windows\system32\Drivers\L6PODX364.sys
23:51:50.0176 1192 L6PODX3 - ok
23:51:50.0207 1192 L6TPortGX (9878d1602a503fc92786cebff2951b68) C:\Windows\system32\Drivers\L6TPortGX64.sys
23:51:50.0222 1192 L6TPortGX - ok
23:51:50.0269 1192 L6UX1 (0ffd454efac2882e366d598163cca6e7) C:\Windows\system32\Drivers\L6UX164.sys
23:51:50.0285 1192 L6UX1 - ok
23:51:50.0300 1192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:51:50.0300 1192 lltdio - ok
23:51:50.0347 1192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:50.0347 1192 LSI_FC - ok
23:51:50.0363 1192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:50.0363 1192 LSI_SAS - ok
23:51:50.0363 1192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:50.0378 1192 LSI_SAS2 - ok
23:51:50.0378 1192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:50.0394 1192 LSI_SCSI - ok
23:51:50.0425 1192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:51:50.0425 1192 luafv - ok
23:51:50.0456 1192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:51:50.0456 1192 megasas - ok
23:51:50.0488 1192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:50.0488 1192 MegaSR - ok
23:51:50.0503 1192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:51:50.0503 1192 Modem - ok
23:51:50.0550 1192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:51:50.0550 1192 monitor - ok
23:51:50.0550 1192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:51:50.0550 1192 mouclass - ok
23:51:50.0597 1192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:51:50.0597 1192 mouhid - ok
23:51:50.0628 1192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:51:50.0628 1192 mountmgr - ok
23:51:50.0690 1192 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:51:50.0690 1192 MpFilter - ok
23:51:50.0722 1192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:51:50.0722 1192 mpio - ok
23:51:50.0768 1192 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:51:50.0768 1192 MpNWMon - ok
23:51:50.0784 1192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:51:50.0784 1192 mpsdrv - ok
23:51:50.0815 1192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:51:50.0815 1192 MRxDAV - ok
23:51:50.0846 1192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:50.0846 1192 mrxsmb - ok
23:51:50.0878 1192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:50.0878 1192 mrxsmb10 - ok
23:51:50.0893 1192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:50.0893 1192 mrxsmb20 - ok
23:51:50.0909 1192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:51:50.0909 1192 msahci - ok
23:51:50.0940 1192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:51:50.0940 1192 msdsm - ok
23:51:50.0987 1192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:51:50.0987 1192 Msfs - ok
23:51:51.0002 1192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:51:51.0002 1192 mshidkmdf - ok
23:51:51.0018 1192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:51:51.0018 1192 msisadrv - ok
23:51:51.0049 1192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:51:51.0049 1192 MSKSSRV - ok
23:51:51.0096 1192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:51.0096 1192 MSPCLOCK - ok
23:51:51.0112 1192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:51:51.0112 1192 MSPQM - ok
23:51:51.0158 1192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:51:51.0158 1192 MsRPC - ok
23:51:51.0174 1192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:51:51.0174 1192 mssmbios - ok
23:51:51.0205 1192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:51:51.0205 1192 MSTEE - ok
23:51:51.0221 1192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:51.0221 1192 MTConfig - ok
23:51:51.0252 1192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:51:51.0252 1192 Mup - ok
23:51:51.0299 1192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:51:51.0299 1192 NativeWifiP - ok
23:51:51.0346 1192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:51:51.0361 1192 NDIS - ok
23:51:51.0392 1192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:51.0392 1192 NdisCap - ok
23:51:51.0408 1192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:51.0424 1192 NdisTapi - ok
23:51:51.0439 1192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:51.0439 1192 Ndisuio - ok
23:51:51.0486 1192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:51.0486 1192 NdisWan - ok
23:51:51.0517 1192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:51:51.0517 1192 NDProxy - ok
23:51:51.0564 1192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:51:51.0564 1192 NetBIOS - ok
23:51:51.0595 1192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:51:51.0595 1192 NetBT - ok
23:51:51.0642 1192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:51.0642 1192 nfrd960 - ok
23:51:51.0689 1192 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:51:51.0689 1192 NisDrv - ok
23:51:51.0736 1192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:51:51.0736 1192 Npfs - ok
23:51:51.0751 1192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:51:51.0751 1192 nsiproxy - ok
23:51:51.0814 1192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:51:51.0829 1192 Ntfs - ok
23:51:51.0829 1192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:51:51.0829 1192 Null - ok
23:51:51.0860 1192 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:51:51.0876 1192 NVENETFD - ok
23:51:51.0938 1192 NVHDA (7c5b642380b9ade6734721057c03f900) C:\Windows\system32\drivers\nvhda64v.sys
23:51:51.0938 1192 NVHDA - ok
23:51:52.0188 1192 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:51:52.0406 1192 nvlddmkm - ok
23:51:52.0469 1192 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:51:52.0469 1192 NVNET - ok
23:51:52.0469 1192 NVR0FLASHDev - ok
23:51:52.0500 1192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:51:52.0500 1192 nvraid - ok
23:51:52.0531 1192 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
23:51:52.0531 1192 nvrd64 - ok
23:51:52.0562 1192 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
23:51:52.0562 1192 nvsmu - ok
23:51:52.0578 1192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:51:52.0578 1192 nvstor - ok
23:51:52.0594 1192 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
23:51:52.0594 1192 nvstor64 - ok
23:51:52.0656 1192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:51:52.0656 1192 nv_agp - ok
23:51:52.0703 1192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:51:52.0703 1192 ohci1394 - ok
23:51:52.0750 1192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:51:52.0750 1192 Parport - ok
23:51:52.0765 1192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:51:52.0765 1192 partmgr - ok
23:51:52.0781 1192 PcdrNdisuio - ok
23:51:52.0796 1192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:51:52.0796 1192 pci - ok
23:51:52.0828 1192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:51:52.0828 1192 pciide - ok
23:51:52.0843 1192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:52.0843 1192 pcmcia - ok
23:51:52.0890 1192 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:51:52.0890 1192 pcouffin - ok
23:51:52.0906 1192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:51:52.0906 1192 pcw - ok
23:51:52.0921 1192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:51:52.0937 1192 PEAUTH - ok
23:51:52.0999 1192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:51:52.0999 1192 PptpMiniport - ok
23:51:53.0015 1192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:51:53.0015 1192 Processor - ok
23:51:53.0062 1192 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
23:51:53.0062 1192 Ps2 - ok
23:51:53.0093 1192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:51:53.0093 1192 Psched - ok
23:51:53.0155 1192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:51:53.0155 1192 ql2300 - ok
23:51:53.0186 1192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:53.0186 1192 ql40xx - ok
23:51:53.0218 1192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:51:53.0218 1192 QWAVEdrv - ok
23:51:53.0233 1192 RapportKE64 - ok
23:51:53.0264 1192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:51:53.0264 1192 RasAcd - ok
23:51:53.0311 1192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:53.0311 1192 RasAgileVpn - ok
23:51:53.0327 1192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:53.0327 1192 Rasl2tp - ok
23:51:53.0358 1192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:53.0358 1192 RasPppoe - ok
23:51:53.0405 1192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:51:53.0405 1192 RasSstp - ok
23:51:53.0436 1192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:51:53.0436 1192 rdbss - ok
23:51:53.0436 1192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:53.0436 1192 rdpbus - ok
23:51:53.0467 1192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:53.0467 1192 RDPCDD - ok
23:51:53.0467 1192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:51:53.0467 1192 RDPENCDD - ok
23:51:53.0498 1192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:51:53.0498 1192 RDPREFMP - ok
23:51:53.0530 1192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:51:53.0530 1192 RDPWD - ok
23:51:53.0576 1192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:51:53.0576 1192 rdyboost - ok
23:51:53.0623 1192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:51:53.0623 1192 rspndr - ok
23:51:53.0779 1192 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
23:51:53.0795 1192 SASDIFSV - ok
23:51:53.0842 1192 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
23:51:53.0842 1192 SASKUTIL - ok
23:51:53.0998 1192 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
23:51:53.0998 1192 SbieDrv - ok
23:51:54.0060 1192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:51:54.0060 1192 sbp2port - ok
23:51:54.0107 1192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:51:54.0107 1192 scfilter - ok
23:51:54.0138 1192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:51:54.0138 1192 secdrv - ok
23:51:54.0169 1192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:51:54.0169 1192 Serenum - ok
23:51:54.0216 1192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:51:54.0216 1192 Serial - ok
23:51:54.0232 1192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:51:54.0232 1192 sermouse - ok
23:51:54.0294 1192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:51:54.0294 1192 sffdisk - ok
23:51:54.0294 1192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:51:54.0294 1192 sffp_mmc - ok
23:51:54.0310 1192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:51:54.0310 1192 sffp_sd - ok
23:51:54.0325 1192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:54.0325 1192 sfloppy - ok
23:51:54.0388 1192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:54.0388 1192 SiSRaid2 - ok
23:51:54.0403 1192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:54.0403 1192 SiSRaid4 - ok
23:51:54.0419 1192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:51:54.0419 1192 Smb - ok
23:51:54.0419 1192 speedfan - ok
23:51:54.0466 1192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:51:54.0466 1192 spldr - ok
23:51:54.0497 1192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:51:54.0512 1192 srv - ok
23:51:54.0512 1192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:51:54.0528 1192 srv2 - ok
23:51:54.0528 1192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:51:54.0528 1192 srvnet - ok
23:51:54.0590 1192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:51:54.0590 1192 stexstor - ok
23:51:54.0622 1192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:51:54.0622 1192 swenum - ok
23:51:54.0746 1192 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:51:54.0746 1192 Tcpip - ok
23:51:54.0793 1192 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:51:54.0809 1192 TCPIP6 - ok
23:51:54.0856 1192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:51:54.0856 1192 tcpipreg - ok
23:51:54.0980 1192 Tcpz-x64 - ok
23:51:55.0012 1192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:51:55.0012 1192 TDPIPE - ok
23:51:55.0027 1192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:51:55.0027 1192 TDTCP - ok
23:51:55.0074 1192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:51:55.0074 1192 tdx - ok
23:51:55.0105 1192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:51:55.0105 1192 TermDD - ok
23:51:55.0152 1192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:55.0152 1192 tssecsrv - ok
23:51:55.0183 1192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:51:55.0183 1192 TsUsbFlt - ok
23:51:55.0230 1192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:51:55.0230 1192 tunnel - ok
23:51:55.0246 1192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:51:55.0246 1192 uagp35 - ok
23:51:55.0292 1192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:51:55.0292 1192 udfs - ok
23:51:55.0370 1192 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys
23:51:55.0370 1192 UimBus - ok
23:51:55.0402 1192 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys
23:51:55.0417 1192 Uim_IM - ok
23:51:55.0448 1192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:51:55.0448 1192 uliagpkx - ok
23:51:55.0464 1192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:51:55.0464 1192 umbus - ok
23:51:55.0495 1192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:51:55.0495 1192 UmPass - ok
23:51:55.0573 1192 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:51:55.0573 1192 usbaudio - ok
23:51:55.0620 1192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:55.0620 1192 usbccgp - ok
23:51:55.0651 1192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:51:55.0651 1192 usbcir - ok
23:51:55.0682 1192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:51:55.0698 1192 usbehci - ok
23:51:55.0714 1192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:51:55.0714 1192 usbhub - ok
23:51:55.0745 1192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:51:55.0745 1192 usbohci - ok
23:51:55.0776 1192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:51:55.0776 1192 usbprint - ok
23:51:55.0807 1192 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:51:55.0807 1192 usbscan - ok
23:51:55.0838 1192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:51:55.0838 1192 USBSTOR - ok
23:51:55.0854 1192 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:51:55.0854 1192 usbuhci - ok
23:51:55.0916 1192 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:51:55.0916 1192 VBoxNetAdp - ok
23:51:55.0948 1192 VBoxNetFlt - ok
23:51:55.0994 1192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:51:55.0994 1192 vdrvroot - ok
23:51:56.0010 1192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:56.0026 1192 vga - ok
23:51:56.0041 1192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:51:56.0041 1192 VgaSave - ok
23:51:56.0072 1192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:51:56.0072 1192 vhdmp - ok
23:51:56.0104 1192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:51:56.0104 1192 viaide - ok
23:51:56.0119 1192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:51:56.0119 1192 volmgr - ok
23:51:56.0150 1192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:51:56.0150 1192 volmgrx - ok
23:51:56.0213 1192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:51:56.0213 1192 volsnap - ok
23:51:56.0244 1192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:56.0244 1192 vsmraid - ok
23:51:56.0275 1192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:51:56.0275 1192 vwifibus - ok
23:51:56.0322 1192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:51:56.0322 1192 WacomPen - ok
23:51:56.0353 1192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:51:56.0353 1192 WANARP - ok
23:51:56.0353 1192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:51:56.0353 1192 Wanarpv6 - ok
23:51:56.0400 1192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:51:56.0400 1192 Wd - ok
23:51:56.0447 1192 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:51:56.0447 1192 WDC_SAM - ok
23:51:56.0494 1192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:51:56.0509 1192 Wdf01000 - ok
23:51:56.0572 1192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:56.0572 1192 WfpLwf - ok
23:51:56.0587 1192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:51:56.0587 1192 WIMMount - ok
23:51:56.0650 1192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:51:56.0650 1192 WmiAcpi - ok
23:51:56.0681 1192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:51:56.0681 1192 ws2ifsl - ok
23:51:56.0712 1192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:51:56.0728 1192 WudfPf - ok
23:51:56.0728 1192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:56.0728 1192 WUDFRd - ok
23:51:56.0759 1192 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
23:51:56.0946 1192 \Device\Harddisk0\DR0 - ok
23:51:56.0962 1192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:51:56.0962 1192 \Device\Harddisk1\DR1 - ok
23:51:56.0962 1192 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
23:51:56.0977 1192 \Device\Harddisk4\DR4 - ok
23:51:56.0977 1192 Boot (0x1200) (4d00c673ac3ae071e187f8aaeafdf9f4) \Device\Harddisk0\DR0\Partition0
23:51:56.0977 1192 \Device\Harddisk0\DR0\Partition0 - ok
23:51:56.0993 1192 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
23:51:56.0993 1192 \Device\Harddisk0\DR0\Partition1 - ok
23:51:56.0993 1192 Boot (0x1200) (2c7b73fafdad923e1d829442b1346fd8) \Device\Harddisk1\DR1\Partition0
23:51:56.0993 1192 \Device\Harddisk1\DR1\Partition0 - ok
23:51:57.0008 1192 Boot (0x1200) (c77d7510dd683831cf1df0e461efa144) \Device\Harddisk1\DR1\Partition1
23:51:57.0008 1192 \Device\Harddisk1\DR1\Partition1 - ok
23:51:57.0008 1192 Boot (0x1200) (50e9b6e51fd5798940fe245b779c347e) \Device\Harddisk4\DR4\Partition0
23:51:57.0008 1192 \Device\Harddisk4\DR4\Partition0 - ok
23:51:57.0008 1192 ============================================================
23:51:57.0008 1192 Scan finished
23:51:57.0008 1192 ============================================================
23:51:57.0024 1544 Detected object count: 0
23:51:57.0024 1544 Actual detected object count: 0
23:52:19.0020 1524 ============================================================
23:52:19.0020 1524 Scan started
23:52:19.0020 1524 Mode: Manual; SigCheck; TDLFS;
23:52:19.0020 1524 ============================================================
23:52:19.0582 1524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:52:19.0847 1524 1394ohci - ok
23:52:19.0878 1524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:52:19.0894 1524 ACPI - ok
23:52:19.0909 1524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:52:19.0940 1524 AcpiPmi - ok
23:52:19.0987 1524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:52:20.0003 1524 adp94xx - ok
23:52:20.0018 1524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:52:20.0034 1524 adpahci - ok
23:52:20.0050 1524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:52:20.0050 1524 adpu320 - ok
23:52:20.0112 1524 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:52:20.0128 1524 AFD - ok
23:52:20.0174 1524 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
23:52:20.0190 1524 AgereSoftModem - ok
23:52:20.0221 1524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:52:20.0221 1524 agp440 - ok
23:52:20.0237 1524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:52:20.0252 1524 aliide - ok
23:52:20.0284 1524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:52:20.0284 1524 amdide - ok
23:52:20.0299 1524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:52:20.0346 1524 AmdK8 - ok
23:52:20.0471 1524 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:20.0564 1524 amdkmdag - ok
23:52:20.0596 1524 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:52:20.0627 1524 amdkmdap - ok
23:52:20.0658 1524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:52:20.0658 1524 AmdPPM - ok
23:52:20.0689 1524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:52:20.0705 1524 amdsata - ok
23:52:20.0720 1524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:52:20.0736 1524 amdsbs - ok
23:52:20.0767 1524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:52:20.0783 1524 amdxata - ok
23:52:20.0830 1524 AnyDVD (8286917a791a7c58948d83dec8b8b37f) C:\Windows\system32\Drivers\AnyDVD.sys
23:52:21.0095 1524 AnyDVD - ok
23:52:21.0126 1524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:52:21.0204 1524 AppID - ok
23:52:21.0235 1524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:52:21.0251 1524 arc - ok
23:52:21.0266 1524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:52:21.0282 1524 arcsas - ok
23:52:21.0313 1524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:52:21.0360 1524 AsyncMac - ok
23:52:21.0407 1524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:52:21.0407 1524 atapi - ok
23:52:21.0547 1524 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:21.0641 1524 atikmdag - ok
23:52:21.0672 1524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:52:21.0688 1524 b06bdrv - ok
23:52:21.0703 1524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:52:21.0734 1524 b57nd60a - ok
23:52:21.0766 1524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:52:21.0812 1524 Beep - ok
23:52:21.0844 1524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:52:21.0875 1524 blbdrive - ok
23:52:21.0906 1524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:52:21.0922 1524 bowser - ok
23:52:21.0937 1524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:52:22.0015 1524 BrFiltLo - ok
23:52:22.0031 1524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:52:22.0046 1524 BrFiltUp - ok
23:52:22.0062 1524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:52:22.0078 1524 Brserid - ok
23:52:22.0109 1524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:52:22.0124 1524 BrSerWdm - ok
23:52:22.0140 1524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:52:22.0171 1524 BrUsbMdm - ok
23:52:22.0202 1524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:52:22.0218 1524 BrUsbSer - ok
23:52:22.0234 1524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:52:22.0265 1524 BTHMODEM - ok
23:52:22.0296 1524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:52:22.0343 1524 cdfs - ok
23:52:22.0374 1524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:52:22.0405 1524 cdrom - ok
23:52:22.0436 1524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:52:22.0452 1524 circlass - ok
23:52:22.0499 1524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:52:22.0514 1524 CLFS - ok
23:52:22.0530 1524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:52:22.0561 1524 CmBatt - ok
23:52:22.0577 1524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:52:22.0592 1524 cmdide - ok
23:52:22.0624 1524 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:52:22.0655 1524 CNG - ok
23:52:22.0655 1524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:52:22.0670 1524 Compbatt - ok
23:52:22.0702 1524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:52:22.0717 1524 CompositeBus - ok
23:52:22.0748 1524 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
23:52:22.0764 1524 cpuz132 - ok
23:52:22.0764 1524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:52:22.0780 1524 crcdisk - ok
23:52:22.0811 1524 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) C:\Windows\system32\drivers\DefragFS.sys
23:52:22.0826 1524 DefragFS - ok
23:52:22.0842 1524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:52:22.0904 1524 DfsC - ok
23:52:22.0936 1524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:52:22.0967 1524 discache - ok
23:52:22.0982 1524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:52:22.0982 1524 Disk - ok
23:52:23.0014 1524 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:52:23.0060 1524 Dot4 - ok
23:52:23.0076 1524 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:52:23.0107 1524 Dot4Print - ok
23:52:23.0123 1524 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:52:23.0154 1524 dot4usb - ok
23:52:23.0185 1524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:52:23.0216 1524 drmkaud - ok
23:52:23.0248 1524 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
23:52:23.0248 1524 dvdfab - ok
23:52:23.0310 1524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:52:23.0326 1524 DXGKrnl - ok
23:52:23.0404 1524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:52:23.0450 1524 ebdrv - ok
23:52:23.0528 1524 ElbyCDIO (7984a82c1c373923330e6781f762d140) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:52:23.0528 1524 ElbyCDIO - ok
23:52:23.0560 1524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:52:23.0575 1524 elxstor - ok
23:52:23.0622 1524 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
23:52:23.0653 1524 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
23:52:23.0653 1524 epmntdrv - detected UnsignedFile.Multi.Generic (1)
23:52:23.0684 1524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:52:23.0716 1524 ErrDev - ok
23:52:23.0747 1524 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
23:52:23.0762 1524 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
23:52:23.0762 1524 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
23:52:23.0778 1524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:52:23.0840 1524 exfat - ok
23:52:23.0856 1524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:52:23.0918 1524 fastfat - ok
23:52:23.0934 1524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:52:23.0965 1524 fdc - ok
23:52:23.0996 1524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:52:23.0996 1524 FileInfo - ok
23:52:24.0012 1524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:52:24.0074 1524 Filetrace - ok
23:52:24.0106 1524 FKFAP - ok
23:52:24.0121 1524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:52:24.0152 1524 flpydisk - ok
23:52:24.0184 1524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:52:24.0199 1524 FltMgr - ok
23:52:24.0215 1524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:52:24.0230 1524 FsDepends - ok
23:52:24.0230 1524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:52:24.0246 1524 Fs_Rec - ok
23:52:24.0277 1524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:52:24.0277 1524 fvevol - ok
23:52:24.0308 1524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:52:24.0308 1524 gagp30kx - ok
23:52:24.0340 1524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:52:24.0355 1524 hcw85cir - ok
23:52:24.0386 1524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:52:24.0418 1524 HdAudAddService - ok
23:52:24.0449 1524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:52:24.0464 1524 HDAudBus - ok
23:52:24.0496 1524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:52:24.0511 1524 HidBatt - ok
23:52:24.0511 1524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:52:24.0527 1524 HidBth - ok
23:52:24.0542 1524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:52:24.0574 1524 HidIr - ok
23:52:24.0589 1524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:52:24.0620 1524 HidUsb - ok
23:52:24.0667 1524 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys
23:52:24.0667 1524 hotcore3 - ok
23:52:24.0698 1524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:52:24.0714 1524 HpSAMD - ok
23:52:24.0761 1524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:52:24.0823 1524 HTTP - ok
23:52:24.0854 1524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:52:24.0870 1524 hwpolicy - ok
23:52:24.0886 1524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:52:24.0886 1524 i8042prt - ok
23:52:24.0932 1524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:52:24.0948 1524 iaStorV - ok
23:52:24.0979 1524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:52:24.0979 1524 iirsp - ok
23:52:25.0057 1524 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
23:52:25.0088 1524 IntcAzAudAddService - ok
23:52:25.0104 1524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:52:25.0120 1524 intelide - ok
23:52:25.0135 1524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:52:25.0151 1524 intelppm - ok
23:52:25.0198 1524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:52:25.0229 1524 IpFilterDriver - ok
23:52:25.0260 1524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:52:25.0276 1524 IPMIDRV - ok
23:52:25.0291 1524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:52:25.0338 1524 IPNAT - ok
23:52:25.0369 1524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:52:25.0400 1524 IRENUM - ok
23:52:25.0416 1524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:52:25.0416 1524 isapnp - ok
23:52:25.0447 1524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:52:25.0447 1524 iScsiPrt - ok
23:52:25.0478 1524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:52:25.0494 1524 kbdclass - ok
23:52:25.0525 1524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:52:25.0541 1524 kbdhid - ok
23:52:25.0572 1524 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:52:25.0572 1524 KSecDD - ok
23:52:25.0603 1524 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:52:25.0619 1524 KSecPkg - ok
23:52:25.0634 1524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:52:25.0697 1524 ksthunk - ok
23:52:25.0744 1524 L6PODX3 (db08799c17af4f23a5ac2a6218a0c8f6) C:\Windows\system32\Drivers\L6PODX364.sys
23:52:25.0759 1524 L6PODX3 - ok
23:52:25.0806 1524 L6TPortGX (9878d1602a503fc92786cebff2951b68) C:\Windows\system32\Drivers\L6TPortGX64.sys
23:52:25.0822 1524 L6TPortGX - ok
23:52:25.0868 1524 L6UX1 (0ffd454efac2882e366d598163cca6e7) C:\Windows\system32\Drivers\L6UX164.sys
23:52:25.0884 1524 L6UX1 - ok
23:52:25.0915 1524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:52:25.0962 1524 lltdio - ok
23:52:25.0993 1524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:52:25.0993 1524 LSI_FC - ok
23:52:26.0009 1524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:52:26.0024 1524 LSI_SAS - ok
23:52:26.0040 1524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:52:26.0040 1524 LSI_SAS2 - ok
23:52:26.0056 1524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:52:26.0071 1524 LSI_SCSI - ok
23:52:26.0102 1524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:52:26.0149 1524 luafv - ok
23:52:26.0165 1524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:52:26.0165 1524 megasas - ok
23:52:26.0196 1524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:52:26.0212 1524 MegaSR - ok
23:52:26.0227 1524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:52:26.0274 1524 Modem - ok
23:52:26.0290 1524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:52:26.0321 1524 monitor - ok
23:52:26.0352 1524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:52:26.0368 1524 mouclass - ok
23:52:26.0414 1524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:52:26.0414 1524 mouhid - ok
23:52:26.0446 1524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:52:26.0461 1524 mountmgr - ok
23:52:26.0492 1524 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:52:26.0492 1524 MpFilter - ok
23:52:26.0539 1524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:52:26.0539 1524 mpio - ok
23:52:26.0570 1524 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:52:26.0570 1524 MpNWMon - ok
23:52:26.0602 1524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:52:26.0648 1524 mpsdrv - ok
23:52:26.0695 1524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:52:26.0726 1524 MRxDAV - ok
23:52:26.0758 1524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:52:26.0773 1524 mrxsmb - ok
23:52:26.0804 1524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:52:26.0804 1524 mrxsmb10 - ok
23:52:26.0820 1524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:52:26.0836 1524 mrxsmb20 - ok
23:52:26.0851 1524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:52:26.0867 1524 msahci - ok
23:52:26.0882 1524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:52:26.0898 1524 msdsm - ok
23:52:26.0945 1524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:52:26.0976 1524 Msfs - ok
23:52:26.0992 1524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:52:27.0038 1524 mshidkmdf - ok
23:52:27.0054 1524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:52:27.0070 1524 msisadrv - ok
23:52:27.0101 1524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:52:27.0148 1524 MSKSSRV - ok
23:52:27.0163 1524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:52:27.0210 1524 MSPCLOCK - ok
23:52:27.0226 1524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:52:27.0288 1524 MSPQM - ok
23:52:27.0335 1524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:52:27.0350 1524 MsRPC - ok
23:52:27.0366 1524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:52:27.0366 1524 mssmbios - ok
23:52:27.0397 1524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:52:27.0444 1524 MSTEE - ok
23:52:27.0460 1524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:52:27.0475 1524 MTConfig - ok
23:52:27.0506 1524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:52:27.0522 1524 Mup - ok
23:52:27.0553 1524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:52:27.0584 1524 NativeWifiP - ok
23:52:27.0631 1524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:52:27.0662 1524 NDIS - ok
23:52:27.0678 1524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:52:27.0725 1524 NdisCap - ok
23:52:27.0756 1524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:52:27.0803 1524 NdisTapi - ok
23:52:27.0850 1524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:52:27.0896 1524 Ndisuio - ok
23:52:27.0928 1524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:52:27.0959 1524 NdisWan - ok
23:52:27.0974 1524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:52:28.0021 1524 NDProxy - ok
23:52:28.0037 1524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:52:28.0084 1524 NetBIOS - ok
23:52:28.0115 1524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:52:28.0162 1524 NetBT - ok
23:52:28.0193 1524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:52:28.0208 1524 nfrd960 - ok
23:52:28.0255 1524 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:52:28.0271 1524 NisDrv - ok
23:52:28.0302 1524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:52:28.0349 1524 Npfs - ok
23:52:28.0380 1524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:52:28.0427 1524 nsiproxy - ok
23:52:28.0489 1524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:52:28.0520 1524 Ntfs - ok
23:52:28.0520 1524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:52:28.0583 1524 Null - ok
23:52:28.0614 1524 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:52:28.0630 1524 NVENETFD - ok
23:52:28.0661 1524 NVHDA (7c5b642380b9ade6734721057c03f900) C:\Windows\system32\drivers\nvhda64v.sys
23:52:28.0676 1524 NVHDA - ok
23:52:28.0926 1524 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:52:29.0129 1524 nvlddmkm - ok
23:52:29.0176 1524 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:52:29.0176 1524 NVNET - ok
23:52:29.0176 1524 NVR0FLASHDev - ok
23:52:29.0207 1524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:52:29.0222 1524 nvraid - ok
23:52:29.0254 1524 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
23:52:29.0254 1524 nvrd64 - ok
23:52:29.0285 1524 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
23:52:29.0285 1524 nvsmu - ok
23:52:29.0300 1524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:52:29.0316 1524 nvstor - ok
23:52:29.0316 1524 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
23:52:29.0332 1524 nvstor64 - ok
23:52:29.0363 1524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:52:29.0378 1524 nv_agp - ok
23:52:29.0394 1524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:52:29.0425 1524 ohci1394 - ok
23:52:29.0456 1524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:52:29.0488 1524 Parport - ok
23:52:29.0519 1524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:52:29.0534 1524 partmgr - ok
23:52:29.0534 1524 PcdrNdisuio - ok
23:52:29.0550 1524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:52:29.0566 1524 pci - ok
23:52:29.0581 1524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:52:29.0597 1524 pciide - ok
23:52:29.0612 1524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:52:29.0628 1524 pcmcia - ok
23:52:29.0675 1524 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:52:29.0675 1524 pcouffin - ok
23:52:29.0690 1524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:52:29.0706 1524 pcw - ok
23:52:29.0722 1524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:52:29.0768 1524 PEAUTH - ok
23:52:29.0831 1524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:52:29.0878 1524 PptpMiniport - ok
23:52:29.0893 1524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:52:29.0924 1524 Processor - ok
23:52:29.0956 1524 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
23:52:29.0956 1524 Ps2 - ok
23:52:29.0987 1524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:52:30.0049 1524 Psched - ok
23:52:30.0096 1524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:52:30.0127 1524 ql2300 - ok
23:52:30.0143 1524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:52:30.0143 1524 ql40xx - ok
23:52:30.0174 1524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:52:30.0205 1524 QWAVEdrv - ok
23:52:30.0221 1524 RapportKE64 - ok
23:52:30.0236 1524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:52:30.0283 1524 RasAcd - ok
23:52:30.0314 1524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:52:30.0361 1524 RasAgileVpn - ok
23:52:30.0392 1524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:30.0455 1524 Rasl2tp - ok
23:52:30.0470 1524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:30.0502 1524 RasPppoe - ok
23:52:30.0533 1524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:52:30.0580 1524 RasSstp - ok
23:52:30.0611 1524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:52:30.0673 1524 rdbss - ok
23:52:30.0673 1524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:52:30.0689 1524 rdpbus - ok
23:52:30.0704 1524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:30.0767 1524 RDPCDD - ok
23:52:30.0767 1524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:52:30.0814 1524 RDPENCDD - ok
23:52:30.0829 1524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:52:30.0876 1524 RDPREFMP - ok
23:52:30.0892 1524 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:52:30.0938 1524 RDPWD - ok
23:52:30.0970 1524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:52:30.0985 1524 rdyboost - ok
23:52:31.0016 1524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:52:31.0063 1524 rspndr - ok
23:52:31.0204 1524 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
23:52:31.0219 1524 SASDIFSV - ok
23:52:31.0266 1524 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
23:52:31.0266 1524 SASKUTIL - ok
23:52:31.0406 1524 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
23:52:31.0422 1524 SbieDrv - ok
23:52:31.0469 1524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:52:31.0484 1524 sbp2port - ok
23:52:31.0531 1524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:52:31.0578 1524 scfilter - ok
23:52:31.0625 1524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:52:31.0687 1524 secdrv - ok
23:52:31.0718 1524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:52:31.0718 1524 Serenum - ok
23:52:31.0765 1524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:52:31.0765 1524 Serial - ok
23:52:31.0796 1524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:52:31.0812 1524 sermouse - ok
23:52:31.0859 1524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:52:31.0874 1524 sffdisk - ok
23:52:31.0890 1524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:52:31.0906 1524 sffp_mmc - ok
23:52:31.0906 1524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:52:31.0921 1524 sffp_sd - ok
23:52:31.0952 1524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:31.0968 1524 sfloppy - ok
23:52:31.0999 1524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:31.0999 1524 SiSRaid2 - ok
23:52:32.0030 1524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:32.0030 1524 SiSRaid4 - ok
23:52:32.0046 1524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:52:32.0077 1524 Smb - ok
23:52:32.0093 1524 speedfan - ok
23:52:32.0124 1524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:52:32.0140 1524 spldr - ok
23:52:32.0171 1524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:52:32.0186 1524 srv - ok
23:52:32.0202 1524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:52:32.0233 1524 srv2 - ok
23:52:32.0233 1524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:52:32.0249 1524 srvnet - ok
23:52:32.0280 1524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:52:32.0296 1524 stexstor - ok
23:52:32.0327 1524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:52:32.0327 1524 swenum - ok
23:52:32.0420 1524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:52:32.0452 1524 Tcpip - ok
23:52:32.0498 1524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:52:32.0530 1524 TCPIP6 - ok
23:52:32.0576 1524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:52:32.0639 1524 tcpipreg - ok
23:52:32.0732 1524 Tcpz-x64 - ok
23:52:32.0764 1524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:52:32.0795 1524 TDPIPE - ok
23:52:32.0826 1524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:52:32.0857 1524 TDTCP - ok
23:52:32.0904 1524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:52:32.0951 1524 tdx - ok
23:52:32.0982 1524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:52:32.0998 1524 TermDD - ok
23:52:33.0029 1524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:33.0076 1524 tssecsrv - ok
23:52:33.0107 1524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:52:33.0107 1524 TsUsbFlt - ok
23:52:33.0154 1524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:52:33.0185 1524 tunnel - ok
23:52:33.0216 1524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:52:33.0232 1524 uagp35 - ok
23:52:33.0263 1524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:52:33.0310 1524 udfs - ok
23:52:33.0356 1524 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys
23:52:33.0356 1524 UimBus - ok
23:52:33.0403 1524 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys
23:52:33.0403 1524 Uim_IM - ok
23:52:33.0450 1524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:52:33.0450 1524 uliagpkx - ok
23:52:33.0481 1524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:52:33.0497 1524 umbus - ok
23:52:33.0512 1524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:52:33.0544 1524 UmPass - ok
23:52:33.0575 1524 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:52:33.0590 1524 usbaudio - ok
23:52:33.0637 1524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:33.0637 1524 usbccgp - ok
23:52:33.0653 1524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:52:33.0684 1524 usbcir - ok
23:52:33.0715 1524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:52:33.0746 1524 usbehci - ok
23:52:33.0778 1524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:52:33.0793 1524 usbhub - ok
23:52:33.0809 1524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:52:33.0824 1524 usbohci - ok
23:52:33.0856 1524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:52:33.0871 1524 usbprint - ok
23:52:33.0918 1524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:52:33.0934 1524 usbscan - ok
23:52:33.0965 1524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:33.0980 1524 USBSTOR - ok
23:52:33.0996 1524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:34.0012 1524 usbuhci - ok
23:52:34.0074 1524 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:52:34.0074 1524 VBoxNetAdp - ok
23:52:34.0090 1524 VBoxNetFlt - ok
23:52:34.0121 1524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:52:34.0136 1524 vdrvroot - ok
23:52:34.0152 1524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:34.0168 1524 vga - ok
23:52:34.0199 1524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:52:34.0246 1524 VgaSave - ok
23:52:34.0308 1524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:52:34.0308 1524 vhdmp - ok
23:52:34.0339 1524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:52:34.0339 1524 viaide - ok
23:52:34.0370 1524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:52:34.0370 1524 volmgr - ok
23:52:34.0402 1524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:52:34.0417 1524 volmgrx - ok
23:52:34.0433 1524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:52:34.0433 1524 volsnap - ok
23:52:34.0464 1524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:34.0480 1524 vsmraid - ok
23:52:34.0511 1524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:52:34.0558 1524 vwifibus - ok
23:52:34.0573 1524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:52:34.0604 1524 WacomPen - ok
23:52:34.0636 1524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:34.0682 1524 WANARP - ok
23:52:34.0698 1524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:34.0729 1524 Wanarpv6 - ok
23:52:34.0760 1524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:52:34.0760 1524 Wd - ok
23:52:34.0823 1524 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:52:34.0823 1524 WDC_SAM - ok
23:52:34.0870 1524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:52:34.0885 1524 Wdf01000 - ok
23:52:34.0916 1524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:34.0963 1524 WfpLwf - ok
23:52:34.0994 1524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:52:34.0994 1524 WIMMount - ok
23:52:35.0057 1524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:52:35.0088 1524 WmiAcpi - ok
23:52:35.0135 1524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:52:35.0182 1524 ws2ifsl - ok
23:52:35.0213 1524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:52:35.0260 1524 WudfPf - ok
23:52:35.0275 1524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:35.0306 1524 WUDFRd - ok
23:52:35.0338 1524 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
23:52:35.0587 1524 \Device\Harddisk0\DR0 - ok
23:52:35.0587 1524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:52:35.0650 1524 \Device\Harddisk1\DR1 - ok
23:52:35.0665 1524 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
23:52:35.0915 1524 \Device\Harddisk4\DR4 - ok
23:52:35.0915 1524 Boot (0x1200) (4d00c673ac3ae071e187f8aaeafdf9f4) \Device\Harddisk0\DR0\Partition0
23:52:35.0915 1524 \Device\Harddisk0\DR0\Partition0 - ok
23:52:35.0930 1524 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
23:52:35.0930 1524 \Device\Harddisk0\DR0\Partition1 - ok
23:52:35.0962 1524 Boot (0x1200) (2c7b73fafdad923e1d829442b1346fd8) \Device\Harddisk1\DR1\Partition0
23:52:35.0962 1524 \Device\Harddisk1\DR1\Partition0 - ok
23:52:35.0977 1524 Boot (0x1200) (c77d7510dd683831cf1df0e461efa144) \Device\Harddisk1\DR1\Partition1
23:52:35.0977 1524 \Device\Harddisk1\DR1\Partition1 - ok
23:52:35.0977 1524 Boot (0x1200) (50e9b6e51fd5798940fe245b779c347e) \Device\Harddisk4\DR4\Partition0
23:52:35.0977 1524 \Device\Harddisk4\DR4\Partition0 - ok
23:52:35.0977 1524 ============================================================
23:52:35.0977 1524 Scan finished
23:52:35.0977 1524 ============================================================
23:52:35.0993 1172 Detected object count: 2
23:52:35.0993 1172 Actual detected object count: 2
23:55:18.0326 1172 HKLM\SYSTEM\ControlSet002\services\epmntdrv - will be deleted on reboot
23:55:18.0342 1172 HKLM\SYSTEM\ControlSet003\services\epmntdrv - will be deleted on reboot
23:55:18.0358 1172 C:\Windows\system32\epmntdrv.sys - will be deleted on reboot
23:55:18.0358 1172 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:55:18.0358 1172 HKLM\SYSTEM\ControlSet002\services\EuGdiDrv - will be deleted on reboot
23:55:18.0358 1172 HKLM\SYSTEM\ControlSet003\services\EuGdiDrv - will be deleted on reboot
23:55:18.0358 1172 C:\Windows\system32\EuGdiDrv.sys - will be deleted on reboot
23:55:18.0358 1172 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:55:32.0866 1424 Deinitialize success

2011-12-08 04:35:11 . 2011-12-08 04:35:11 1,974 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1.reg.dat
2011-12-08 04:34:53 . 2011-12-08 04:34:53 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}.reg.dat
2011-12-08 04:34:46 . 2011-12-08 04:34:46 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-60989253.sys.reg.dat
2011-12-08 04:26:47 . 2011-12-08 04:26:47 4,399 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-08 04:20:57 . 2011-12-08 04:20:57 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-18 04:32:35 . 2011-11-18 04:32:36 366,516 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.txt.vir
2010-07-16 04:30:22 . 2010-07-16 04:30:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event.vir
2010-02-11 07:11:20 . 2009-07-14 01:45:55 1,898,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\tcpip.copy.vir
2010-01-31 03:08:09 . 2011-10-27 01:00:59 668 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\vso_ts_preview.xml.vir
2010-01-31 03:06:32 . 2011-11-14 02:43:25 99,384 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\inst.exe.vir

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:25 AM

Posted 19 December 2011 - 08:43 PM

Okay, stop posting logs. Please only post what I am asking for otherwise this becomes impossible.

aswMBR fails so let's try another option

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 20 December 2011 - 08:09 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NC818AAR-ABA a6724c
Logical Drives Mask: 0x0000f03f

Kernel Drivers (total 154):
0x03602000 \SystemRoot\system32\ntoskrnl.exe
0x03BEB000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00C0A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C17000 \SystemRoot\system32\PSHED.dll
0x00C2B000 \SystemRoot\system32\CLFS.SYS
0x00C89000 \SystemRoot\system32\CI.dll
0x00D49000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC4000 \SystemRoot\system32\drivers\ACPI.sys
0x00F1B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F24000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F2E000 \SystemRoot\system32\drivers\pci.sys
0x00F61000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F6E000 \SystemRoot\System32\drivers\partmgr.sys
0x00F83000 \SystemRoot\system32\drivers\volmgr.sys
0x00F98000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nvrd64.sys
0x00E78000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00EA8000 \SystemRoot\System32\drivers\mountmgr.sys
0x0101B000 \SystemRoot\system32\drivers\nvraid.sys
0x01043000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01081000 \SystemRoot\system32\DRIVERS\storport.sys
0x010E4000 \SystemRoot\system32\drivers\amdxata.sys
0x010EF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01212000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0114F000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014B8000 \SystemRoot\System32\Drivers\cng.sys
0x0152A000 \SystemRoot\System32\drivers\pcw.sys
0x0153B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01644000 \SystemRoot\system32\drivers\ndis.sys
0x01737000 \SystemRoot\system32\drivers\NETIO.SYS
0x01797000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018FC000 \SystemRoot\System32\drivers\tcpip.sys
0x01B00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B4A000 \SystemRoot\system32\drivers\volsnap.sys
0x01B96000 \SystemRoot\System32\Drivers\spldr.sys
0x01B9E000 \SystemRoot\SysWOW64\speedfan.sys
0x01BA5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BDF000 \SystemRoot\System32\Drivers\mup.sys
0x01BF1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x0180C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01846000 \SystemRoot\system32\DRIVERS\disk.sys
0x018C5000 \SystemRoot\system32\drivers\cdrom.sys
0x017C2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018EF000 \SystemRoot\System32\Drivers\Null.SYS
0x017F3000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x0160E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01633000 \SystemRoot\System32\drivers\watchdog.sys
0x01545000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0154E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01557000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01560000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0156B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0157C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0159E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x015AB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x01489000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01492000 \SystemRoot\system32\DRIVERS\pacer.sys
0x015F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x013D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02E9A000 \SystemRoot\System32\Drivers\Uim_IMx64.sys
0x02F1E000 \SystemRoot\System32\Drivers\UimFIO.SYS
0x02F85000 \SystemRoot\system32\DRIVERS\uimx64.sys
0x02F94000 \SystemRoot\system32\drivers\termdd.sys
0x02FA8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02FB2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x02E68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x02E73000 \SystemRoot\System32\drivers\discache.sys
0x02FBC000 \SystemRoot\System32\Drivers\dfsc.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011AD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02FEB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x011D3000 \SystemRoot\system32\drivers\i8042prt.sys
0x02E82000 \SystemRoot\system32\DRIVERS\PS2.sys
0x02E8B000 \SystemRoot\system32\drivers\kbdclass.sys
0x013EB000 \SystemRoot\system32\drivers\mouclass.sys
0x01200000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x011F1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x038CD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03923000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03934000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03958000 \SystemRoot\system32\drivers\1394ohci.sys
0x03996000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x03800000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0F2BB000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x046BE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x047B2000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A7C000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x04BAE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04BB0000 \SystemRoot\system32\drivers\modem.sys
0x04BBF000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04BC8000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04BD8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04A7A000 \SystemRoot\system32\drivers\swenum.sys
0x0463B000 \SystemRoot\system32\drivers\ks.sys
0x04BEE000 \SystemRoot\system32\drivers\umbus.sys
0x0FF32000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0467E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05005000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0FF8C000 \SystemRoot\system32\drivers\portcls.sys
0x04693000 \SystemRoot\system32\drivers\drmk.sys
0x051E6000 \SystemRoot\system32\drivers\ksthunk.sys
0x0FFC9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x051EC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0FFE4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0F200000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x0F23E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0F251000 \SystemRoot\System32\drivers\Dxapi.sys
0x0F25D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x0F26B000 \SystemRoot\system32\drivers\luafv.sys
0x0F28E000 \SystemRoot\system32\drivers\WudfPf.sys
0x03852000 \SystemRoot\System32\Drivers\DefragFS.SYS
0x0386E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03883000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0665B000 \SystemRoot\system32\drivers\HTTP.sys
0x06724000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06742000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0675A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06787000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x067D5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06600000 \??\C:\Windows\system32\drivers\cpuz132_x64.sys
0x06A0A000 \??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys
0x06CBE000 \SystemRoot\system32\drivers\peauth.sys
0x06D64000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DA0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0727D000 \SystemRoot\System32\DRIVERS\srv.sys
0x07315000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x07325000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x07348000 \SystemRoot\System32\drivers\ipnat.sys
0x073E8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76FA0000 \Windows\System32\ntdll.dll
0x477E0000 \Windows\System32\smss.exe
0xFF2C0000 \Windows\System32\apisetschema.dll

Processes (total 60):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
420 csrss.exe
476 C:\Windows\System32\wininit.exe
512 csrss.exe
540 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\nvvsvc.exe
800 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
844 C:\Windows\System32\svchost.exe
916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
992 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
436 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1148 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1164 C:\Windows\System32\nvvsvc.exe
1276 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\spoolsv.exe
1540 C:\Windows\System32\svchost.exe
1700 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1740 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1764 C:\Program Files\LSI SoftModem\agr64svc.exe
1824 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1856 C:\Windows\System32\svchost.exe
1908 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1980 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
1204 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
1352 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
1416 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1624 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
1580 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2096 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2188 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2556 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2760 C:\Windows\System32\taskhost.exe
2904 C:\Windows\System32\dwm.exe
2952 C:\Windows\explorer.exe
3068 C:\Program Files\Microsoft Security Client\msseces.exe
740 C:\Program Files\Sandboxie\SbieCtrl.exe
3120 C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
3616 C:\Windows\System32\SearchIndexer.exe
4052 C:\Windows\System32\svchost.exe
3296 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3452 dllhost.exe
3448 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2812 C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
3728 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3424 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
1492 C:\Windows\System32\wuauclt.exe
1252 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
3272 C:\Windows\System32\notepad.exe
1780 C:\Windows\System32\audiodg.exe
1752 C:\Users\Robin\Desktop\MBRCheck.exe
3908 C:\Windows\System32\conhost.exe
840 C:\Windows\System32\dllhost.exe

\\.\A: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\B: --> \\.\PhysicalDrive1 at offset 0x00000021`f0a00000 (NTFS)
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`c1149800 (NTFS)

PhysicalDrive1 Model Number: WDC WD5001AALS-00L3B, Rev: 01.0
PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:25 AM

Posted 20 December 2011 - 09:38 PM

That's okay. Please run OTL, this is a scanner at this stage

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 20 December 2011 - 10:10 PM

OTL logfile created on: 12/20/11 9:04:54 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

7.75 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 77.01% Memory free
9.75 Gb Paging File | 8.15 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 241.58 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robin\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L6UX1) -- C:\Windows\SysNative\drivers\L6UX164.sys (Line 6)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (L6PODX3) -- C:\Windows\SysNative\drivers\L6PODX364.sys (Line 6)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/16 15:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 15:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 20:35:34 | 000,000,000 | ---D | M]

[2010/07/15 23:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions
[2010/07/15 23:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/12/17 23:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\anttoolbar@ant.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\cybersearch@cybernetnews.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\foxdie_ext_ocelot@foxdie.us
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\googletube@googletube.com
[2011/12/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\staged
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/11/11 16:36:31 | 000,002,325 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage-ssl.xml
[2011/12/17 23:34:46 | 000,005,457 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage.xml
[2011/12/14 11:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/28 15:50:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/28 15:50:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/20 20:52:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/05 11:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/11/09 06:18:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/11/09 06:18:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/09 06:18:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/09 06:18:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/09 06:18:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/09 06:18:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/09 06:18:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/09 02:46:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/04 11:49:16 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2010/10/27 21:57:16 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2011/10/09 02:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 02:46:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/04 11:49:16 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/09 02:46:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/09 02:46:17 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/10/09 02:46:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/09 02:46:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/18 04:37:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Zoominto.IEPlugin.ZoomintoMain) - {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64.exe - Shortcut.lnk = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O8 - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 18:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/20 18:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/12/20 18:21:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Robin\Desktop\erunt-setup.exe
[2011/12/19 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/12/19 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/12/19 21:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/12/19 21:13:16 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/12/19 21:13:16 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/12/19 21:13:16 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/12/19 21:13:15 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/12/19 21:13:15 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/12/19 21:10:05 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/12/19 21:10:05 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/12/19 21:10:05 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/12/19 21:10:05 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/12/19 21:10:05 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/12/19 21:10:05 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/12/19 21:10:05 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/12/19 21:10:05 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/12/19 21:10:05 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/12/19 21:10:05 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/12/19 21:10:05 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/12/19 21:10:05 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/12/19 21:10:05 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/12/19 21:10:05 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/12/19 21:10:05 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/12/19 21:10:05 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/12/19 21:10:05 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/12/19 21:10:05 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/12/19 21:10:05 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/12/19 21:10:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/12/19 12:20:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/18 22:30:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 12:38:02 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 06:17:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 04:42:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 22:45:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Student Loan-Info
[2011/12/17 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{C5BCC622-9AA3-40AB-A625-1DA1BB0FF156}
[2011/12/17 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{FA612BA2-9B45-43EC-8491-CE323E1A936A}
[2011/12/12 02:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/12/12 02:27:38 | 000,000,000 | ---D | C] -- C:\WinDDK
[2011/12/12 01:39:29 | 004,425,880 | ---- | C] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
[2011/12/12 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/12 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\NVIDIA Corporation
[2011/12/11 23:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/12/11 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
[2011/12/11 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
[2011/12/11 03:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/11 03:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/09 05:22:02 | 000,000,000 | ---D | C] -- C:\41f7dcba618342895cab
[2011/12/08 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/08 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/12/08 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2011/12/07 22:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 22:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 22:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 22:20:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/07 21:24:36 | 004,342,882 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/07 03:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/07 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/06 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
[2011/12/04 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn825699552
[2011/11/30 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-CRA-Info+Forms
[2011/11/28 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-IE-Help and Info
[2011/11/28 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Robin\CyberLink
[2011/11/28 17:12:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zoomintoIE
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoominto IePlugin
[2011/11/28 16:17:56 | 000,000,000 | R--D | C] -- C:\Users\Robin\pentadactyl
[2011/11/28 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\S7H0W4
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\selling5699552stuff
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn82@gmail.com
[2011/11/25 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
[2011/11/25 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
[2011/11/24 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Saskatoon Country Western Music Association
[2011/11/22 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
[2011/11/22 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
[2010/01/30 21:06:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2009/10/11 19:26:40 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
[2009/10/11 19:26:35 | 000,442,368 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-DX 5.7.dll
[2009/10/11 19:26:24 | 000,417,792 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.2.dll
[2009/10/11 19:26:19 | 000,098,304 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.0.dll
[2009/10/11 19:26:14 | 000,557,056 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.7.dll
[2009/10/11 19:26:09 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.5.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 21:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 20:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
[2011/12/20 20:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
[2011/12/20 20:00:55 | 000,006,400 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 20:00:55 | 000,006,400 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 19:53:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 19:00:29 | 000,080,384 | ---- | M] () -- C:\Users\Robin\Desktop\MBRCheck.exe
[2011/12/20 18:35:17 | 000,000,886 | ---- | M] () -- C:\Users\Robin\Desktop\NTREGOPT.lnk
[2011/12/20 18:35:17 | 000,000,867 | ---- | M] () -- C:\Users\Robin\Desktop\ERUNT.lnk
[2011/12/20 18:21:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Robin\Desktop\erunt-setup.exe
[2011/12/19 21:51:38 | 000,208,896 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 12:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/18 22:30:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 12:38:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 04:37:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/18 04:22:03 | 004,342,882 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/18 04:08:15 | 000,771,072 | ---- | M] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/12/15 22:15:22 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2011/12/15 22:15:22 | 000,007,859 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2011/12/15 22:15:22 | 000,001,167 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2011/12/14 08:04:02 | 000,458,240 | ---- | M] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/13 01:30:02 | 000,001,854 | ---- | M] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 17:25:08 | 005,075,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 12:47:12 | 000,000,850 | ---- | M] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cd
[2011/12/12 01:39:32 | 004,425,880 | ---- | M] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/11 20:41:06 | 000,007,616 | ---- | M] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/11 03:48:40 | 000,001,598 | ---- | M] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:24:56 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/08 23:11:02 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/07 15:02:56 | 000,684,297 | ---- | M] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/06 16:29:32 | 000,896,046 | ---- | M] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/11/29 10:53:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 15:51:53 | 000,001,905 | ---- | M] () -- C:\Users\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 09:44:49 | 000,000,000 | ---- | M] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 19:00:28 | 000,080,384 | ---- | C] () -- C:\Users\Robin\Desktop\MBRCheck.exe
[2011/12/20 18:35:17 | 000,000,886 | ---- | C] () -- C:\Users\Robin\Desktop\NTREGOPT.lnk
[2011/12/20 18:35:17 | 000,000,867 | ---- | C] () -- C:\Users\Robin\Desktop\ERUNT.lnk
[2011/12/19 23:34:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/19 17:43:12 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/19 17:42:52 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/18 04:07:58 | 000,771,072 | ---- | C] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/12/16 21:49:28 | 000,896,046 | ---- | C] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/16 20:35:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/14 08:04:02 | 000,458,240 | ---- | C] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/12 12:47:12 | 000,000,850 | ---- | C] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 12:46:23 | 000,001,854 | ---- | C] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | C] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cd
[2011/12/11 03:48:40 | 000,001,598 | ---- | C] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:32:32 | 000,007,616 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/10 23:24:56 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:23 | 000,000,194 | ---- | C] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/10 16:28:53 | 000,684,297 | ---- | C] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/10 16:28:33 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\iExplore.exe
[2011/12/10 16:28:22 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\rkill.exe
[2011/12/08 23:10:41 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/07 23:19:03 | 000,014,726 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Shortcut Icons.JPG
[2011/12/07 23:19:03 | 000,009,804 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Apps Currently Running-NOT MANY.JPG
[2011/12/07 22:32:11 | 000,006,400 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:32:11 | 000,006,400 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:20:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 22:20:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 22:20:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 22:20:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 22:20:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 09:44:49 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | C] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 17:27:11 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/09 17:27:11 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/09 17:27:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/09 17:27:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/09 17:27:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/30 15:59:21 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/01/28 20:44:36 | 000,000,377 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/11 00:28:11 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2010/12/19 22:41:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/23 21:04:44 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\prvlcl.dat
[2010/09/13 19:43:27 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/09/02 01:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 01:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/14 22:21:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/06/14 22:21:12 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/04/29 09:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/15 14:54:46 | 000,023,336 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/04 23:31:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/02/04 23:28:03 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/01/30 21:06:32 | 000,007,859 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2010/01/30 21:06:32 | 000,001,167 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2010/01/27 15:51:20 | 000,208,896 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 15:24:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/12/15 15:24:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/10/16 12:27:30 | 000,000,486 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat
[2009/10/10 22:38:21 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/10/08 22:41:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/03 15:39:02 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/03 15:39:02 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/04/18 23:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[1980/01/01 01:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\bootstat.dat

========== LOP Check ==========

[2010/09/30 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\01A5FE8FAF991582AE7E33D515AB0BC2
[2011/10/21 01:02:51 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\AnvSoft
[2010/08/26 21:18:00 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Ashampoo
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Auslogics
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Blue Cat Audio
[2010/12/03 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Boilsoft
[2011/01/11 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Broderbund
[2010/12/22 21:49:56 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Cakewalk
[2011/11/18 00:10:02 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/08 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2010/12/03 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DVDFab
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\FXpansion
[2011/03/12 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ImgBurn
[2010/07/16 15:12:02 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Line 6
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Ludia
[2011/02/20 22:51:59 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Moyea
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\NCH Swift Sound
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\NetMedia Providers
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\PACE Anti-Piracy
[2011/10/22 19:44:31 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\proDAD
[2010/07/16 15:12:04 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Publish Providers
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Template
[2011/08/16 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Trusteer
[2011/12/15 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Vso
[2010/07/15 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Waves Audio
[2011/11/28 17:12:51 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/12/14 09:01:09 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

< End of report >

OTL Extras logfile created on: 12/20/11 7:58:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

7.75 Gb Total Physical Memory | 6.15 Gb Available Physical Memory | 79.35% Memory free
9.75 Gb Paging File | 8.08 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 241.60 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}" = Blue Cat's Stereo Flanger VST 2.4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner Pro v1.8.0.225
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE03D46-ACE6-467E-9B15-1CB1ACAF69CD}" = Blue Cat's Flanger VST 2.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{43DD482E-0A99-43F6-AC8F-E00C7156BAAB}" = Blue Cat's Phaser VST 2.4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{5620D5AF-A931-4ce5-B533-F70861266BC4}" = Blue Cat's Freeware Pack VST 1.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711B5A2A-73A0-4AFF-BC47-8B84E80FEA00}" = Blue Cat's Gain Suite VST 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74EA8572-283C-45DA-97E7-2EA75B95D893}" = Blue Cat's Triple EQ VST 3.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A687852A-B864-408F-96B7-439A46B2E64B}" = Blue Cat's Chorus - VST
"{A71F3F58-30B3-4A65-A653-71784E4C2F51}" = Blue Cat's FreqAnalyst VST 1.3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8CFEA15-A660-4742-9AAB-BC659C491046}" = ZoomInto
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 (Advanced) Free
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93399F6-C902-47E8-B2A4-9C38ACAC03B5}" = EZplayer
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E699454B-70AE-4483-A6ED-8C9AC9E23446}" = Blue Cat's Stereo Chorus VST 3.4
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED3BFB52-21FA-406F-A1F1-E915169E9C03}" = Ant.com IE add-on
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F181EED0-8A75-4615-8351-AB9CC018BA39}" = Windows7SBS
"{F18FB90C-2DC4-4CFF-908F-2FB7DEEF26E0}" = Musical Scales
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F571A2CC-57D3-4AB6-9FD5-5AF14775E516}" = Ant.com IE add-on
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.94
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Addictive Drums" = Addictive Drums
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"alotToolbar" = ALOT Toolbar
"Ant.com IE add-on" = Ant.com IE add-on
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 1.2.6
"AudioCreator_is1" = Audio Creator LE 1.5
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"Belarc Advisor" = Belarc Advisor 8.1
"Blu-ray to DVD_is1" = Blu-ray to DVD 1.2.0.14
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Brainworx BX Digital VST_is1" = Brainworx BX Digital VST v1.09
"Cakewalk Dimension Pro_is1" = Dimension Pro
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeStuff Starter" = CodeStuff Starter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DelinvFile_is1" = DelinvFile - 4.03
"DreamStation DXi2" = DreamStation DXi2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"Game Booster_is1" = Game Booster
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Photo Creations" = HP Photo Creations
"ImgBurn" = ImgBurn
"Indeo® software" = Indeo® software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Line 6 Uninstaller" = Line 6 Uninstaller
"LookInMyPC" = LookInMyPC
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 2.1.1
"Recover Keys_is1" = Recover Keys
"ReValver Mk III_is1" = ReValver Mk III
"Revo Uninstaller" = Revo Uninstaller 1.93
"Roger Nichols Digital FREQUAL-IZER VST RTAS_is1" = Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"SONARHome7_is1" = SONAR Home Studio 7
"Sonitus:fx Plugin Suite" = Sonitus:fx Plugin Suite
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"sp41099" = sp41099
"SpeedFan" = SpeedFan (remove only)
"Ultra DVD Creator_is1" = Ultra DVD Creator 2.7.0827
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 1.0.5
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"VST Bridge_is1" = VST Bridge 1.1
"Waves Mercury Bundle" = Waves Mercury Bundle
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.3.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/11 11:46:40 PM | Computer Name = Robin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: nvcplui.exe, version: 3.9.731.0, time stamp:
0x4e991f88 Faulting module name: NVCPL.DLL, version: 8.17.12.8562, time stamp: 0x4e992483
Exception
code: 0xc0000005 Fault offset: 0x00000000000858ff Faulting process id: 0x1600 Faulting
application start time: 0x01ccbec9f3b2e040 Faulting application path: C:\Program
Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting module path:
C:\Windows\system32\NVCPL.DLL Report Id: 396a7080-2abd-11e1-8300-002354f13228

Error - 12/19/11 11:47:13 PM | Computer Name = Robin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: nvcplui.exe, version: 3.9.731.0, time stamp:
0x4e991f88 Faulting module name: NVCPL.DLL, version: 8.17.12.8562, time stamp: 0x4e992483
Exception
code: 0xc0000005 Fault offset: 0x00000000000858ff Faulting process id: 0x17d8 Faulting
application start time: 0x01ccbec9ffc6fa60 Faulting application path: C:\Program
Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting module path:
C:\Windows\system32\NVCPL.DLL Report Id: 4d0dc880-2abd-11e1-8300-002354f13228

Error - 12/20/11 1:21:54 AM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 1:21:54 AM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 1:29:30 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 1:29:30 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 8:30:24 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 8:30:24 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 9:57:57 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/20/11 9:57:57 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

[ Media Center Events ]
Error - 5/04/10 12:15:11 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 PM - Error connecting to the internet. 10:15:06 PM - Unable
to contact server..

Error - 5/04/10 1:41:38 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:38 PM - Error connecting to the internet. 11:41:38 PM - Unable
to contact server..

Error - 5/04/10 1:41:45 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:43 PM - Error connecting to the internet. 11:41:43 PM - Unable
to contact server..

Error - 5/04/10 3:29:12 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:11 AM - Error connecting to the internet. 1:29:11 AM - Unable
to contact server..

Error - 5/04/10 3:29:18 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:17 AM - Error connecting to the internet. 1:29:17 AM - Unable
to contact server..

Error - 5/08/10 1:07:21 PM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:07:06 AM - Error connecting to the internet. 11:07:07 AM - Unable
to contact server..

Error - 5/09/10 2:01:24 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:24 AM - Error connecting to the internet. 12:01:24 AM - Unable
to contact server..

Error - 5/09/10 2:01:35 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:29 AM - Error connecting to the internet. 12:01:29 AM - Unable
to contact server..

Error - 5/09/10 3:01:40 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:40 AM - Error connecting to the internet. 1:01:40 AM - Unable
to contact server..

Error - 5/09/10 3:01:47 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:46 AM - Error connecting to the internet. 1:01:46 AM - Unable
to contact server..


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:25 AM

Posted 21 December 2011 - 07:47 PM

Please find and post the Combofix log

Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.


Please uninstall Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now download and run a fresh copy

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 22 December 2011 - 01:07 AM

C:\QooBox\Add-Remove Programs.txt
C:\QooBox\BackEnv
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\Quarantine
C:\QooBox\SnapShot@2011-12-08_04.30.18.dat
C:\QooBox\SnapShot_2011-12-14_14.40.15.dat
C:\QooBox\Quarantine\C
C:\QooBox\Quarantine\catchme.log
C:\QooBox\Quarantine\Registry_backups
C:\QooBox\Quarantine\C\Users
C:\QooBox\Quarantine\C\Windows
C:\QooBox\Quarantine\C\Users\Robin
C:\QooBox\Quarantine\C\Users\Robin\AppData
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\inst.exe.vir
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\vso_ts_preview.xml.vir
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows\Recent
C:\QooBox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event.vir
C:\QooBox\Quarantine\C\Windows\System32
C:\QooBox\Quarantine\C\Windows\System32\drivers
C:\QooBox\Quarantine\C\Windows\System32\drivers\etc
C:\QooBox\Quarantine\C\Windows\System32\drivers\tcpip.copy.vir
C:\QooBox\Quarantine\C\Windows\System32\drivers\etc\hosts.txt.vir
C:\QooBox\Quarantine\Registry_backups\AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1.reg.dat
C:\QooBox\Quarantine\Registry_backups\AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80}.reg.dat
C:\QooBox\Quarantine\Registry_backups\AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}.reg.dat
C:\QooBox\Quarantine\Registry_backups\AddRemove-{33691AFF-9ABF-4278-BDB6-902EE07D9237}.reg.dat
C:\QooBox\Quarantine\Registry_backups\AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}.reg.dat
C:\QooBox\Quarantine\Registry_backups\SafeBoot-60989253.sys.reg.dat
C:\QooBox\Quarantine\Registry_backups\tcpip.reg
C:\QooBox\Quarantine\Registry_backups\WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}.reg.dat

Edited by Robinsky123, 22 December 2011 - 01:40 AM.


#14 Robinsky123

Robinsky123
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saskatoon, Saskatchewan, Canada
  • Local time:05:25 AM

Posted 22 December 2011 - 01:39 AM

ComboFix 11-12-21.02 - Robin 12/22/11 0:44.5.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7935.6397 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 06:54 . 2011-12-22 06:54 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8159D070-51A3-43C5-8732-DC0CED3BB53A}\offreg.dll
2011-12-22 06:53 . 2011-12-22 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-22 06:53 . 2011-12-22 06:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 06:53 . 2011-12-22 06:53 -------- d-----w- c:\users\Da Hood\AppData\Local\temp
2011-12-22 06:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8159D070-51A3-43C5-8732-DC0CED3BB53A}\mpengine.dll
2011-12-21 15:49 . 2011-12-21 15:49 -------- d-----w- C:\_OTL
2011-12-21 00:35 . 2011-12-21 00:35 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-20 05:34 . 2009-10-09 01:27 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-12-20 05:21 . 2011-12-20 05:21 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2011-12-20 03:14 . 2011-12-20 03:14 -------- d-----w- c:\users\UpdatusUser.ROBIN-HP
2011-12-20 03:13 . 2011-12-22 06:54 -------- d-----w- c:\programdata\NVIDIA
2011-12-20 03:13 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-20 03:13 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-20 03:13 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-20 03:13 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-20 03:13 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-20 03:13 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-12 08:42 . 2011-12-12 08:42 0 ----a-w- c:\windows\system32\windbg.exe
2011-12-12 08:27 . 2011-12-12 08:27 -------- d-----w- C:\WinDDK
2011-12-12 08:03 . 2011-12-12 08:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-12 07:09 . 2011-12-20 17:57 -------- d-----w- c:\users\Robin\AppData\Local\ElevatedDiagnostics
2011-12-12 06:07 . 2011-12-20 02:41 -------- d-----w- c:\users\Robin\AppData\Local\NVIDIA Corporation
2011-12-11 09:14 . 2011-12-11 09:14 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-09 11:22 . 2011-12-09 11:22 -------- d-----w- C:\41f7dcba618342895cab
2011-12-09 02:06 . 2011-12-09 02:07 -------- d-----w- c:\program files\7-Zip
2011-12-09 00:13 . 2011-12-09 05:20 -------- d-----w- c:\users\TEMP
2011-12-08 06:35 . 2011-12-08 06:38 -------- d-----w- c:\users\Robin\AppData\Roaming\DeepBurner Pro
2011-12-08 04:34 . 2011-12-22 06:40 5326 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-08 03:47 . 2011-12-08 03:47 -------- d-----w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-07 09:33 . 2011-12-18 10:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-07 05:49 . 2011-12-07 05:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 23:15 . 2011-11-28 23:15 -------- d-----w- c:\users\Public\CyberLink
2011-11-28 23:15 . 2011-11-28 23:15 -------- d-----w- c:\users\Robin\CyberLink
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\program files (x86)\zoomintoIE
2011-11-28 22:17 . 2011-12-11 05:26 -------- d-----r- c:\users\Robin\pentadactyl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 06:57 . 2009-03-03 21:49 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-16 04:15 . 2010-01-31 03:06 82816 ----a-w- c:\users\Robin\AppData\Roaming\pcouffin.sys
2011-12-14 04:49 . 2010-02-22 17:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-12 08:03 . 2010-01-25 05:16 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-12 08:03 . 2010-01-25 05:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-29 16:53 . 2011-05-19 19:49 414368 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2010-12-20 22:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ------w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ------w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 06:54 . 2011-10-15 06:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 18:56 . 2011-10-11 18:56 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A64552E0-5EFC-4868-944A-ECE595E015ED}\gapaengine.dll
2011-09-29 16:29 . 2011-11-09 06:24 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 06:24 3144704 ----a-w- c:\windows\system32\win32k.sys
2006-03-26 20:24 . 2009-10-12 01:26 557056 ----a-w- c:\program files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23 . 2009-10-12 01:26 442368 ----a-w- c:\program files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15 . 2009-10-12 01:26 98304 ----a-w- c:\program files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26 . 2009-10-12 01:26 417792 ----a-w- c:\program files (x86)\WaveShell-VST 5.2.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-22_06.25.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 23:07 . 2011-12-22 06:38 71792 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-22 04:37 52960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-22 06:38 52960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-24 22:18 . 2011-12-22 06:38 20962 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-488319240-1603442040-3962435957-1000_UserData.bin
+ 2009-07-14 05:01 . 2011-12-22 06:53 492868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-22 06:21 492868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-06 23:26 . 2011-12-22 06:53 26840740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-488319240-1603442040-3962435957-1000-4096.dat
- 2011-04-06 23:26 . 2011-12-22 06:21 26840740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-488319240-1603442040-3962435957-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ACDF77A9-9EDA-407f-969F-B3BCBE3217D0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RAVCpl64.exe - Shortcut.lnk - c:\program files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe [2009-3-3 6564384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FKFAP;FKFAP;c:\program files (x86)\Perfect Uninstaller\FKFAP.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 343856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\Robin\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiA
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - TfFsMon
*Deregistered* - TfNetMon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Zoom Into - c:\program files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files (x86)\Ant.com\IE add-on\Download.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2E924F4F-67F0-4BD8-9560-49F468E843D2}"=hex:51,66,7a,6c,4c,1d,38,12,21,4c,81,
2a,c2,29,b6,0e,ea,76,0a,b4,6d,b6,07,c6
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}"=hex:51,66,7a,6c,4c,1d,38,12,5f,dd,7c,
30,cb,91,e4,04,ef,de,f9,71,d9,c1,b6,fb
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ACDF77A9-9EDA-407F-969F-B3BCBE3217D0}"=hex:51,66,7a,6c,4c,1d,38,12,c7,74,cc,
a8,e8,d0,11,05,e9,89,f0,fc,bb,6c,53,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,5d,5b,3b,23,ae,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-12-22 01:00:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 07:00
ComboFix2.txt 2011-12-22 06:31
ComboFix3.txt 2011-12-18 10:42
.
Pre-Run: 258,586,714,112 bytes free
Post-Run: 258,465,894,400 bytes free
.
- - End Of File - - 2F57B4C2C19682A8EEEF07F1B5D00232

Edited by Robinsky123, 22 December 2011 - 02:13 AM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:25 AM

Posted 22 December 2011 - 08:32 PM

The log shows that Combofix has done the trick and the new run shows that nothing remains.

Please scan with ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users