Jump to content

sand2minister

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sand2minister
    Hey, everything seems to be doing fine. I'm thinking it's been cured. Thanks again Maniac.
  2. sand2minister
    I haven't had any of the redirection since the last fix, but MBAM still showed PUP.BitMiner aftewards. It was removed successfully, according to MBAM, but I'm going to give it a few days before I'd say everything's fixed for sure. Maniac, thank you very much for your help.
  3. sand2minister
    Alright, so, I ran ComboFix using the script you gave me, and CF asked to update, and I allowed it to. Once the scan was completed it said that it would reboot the PC, and to not reboot the PC manually... So, the computer shuts down and hangs, fans running, lights on, but there's nothing on the monitor. The monitor was receiving a 'signal' from the PC, but there wasn't anything to display. Because CF told me not to reboot I hung around for a while and waited. The PC shut itself down after 20 or 30 minutes, but it became clear that it wasn't turning back on. I manually started it up again and ComboFix popped up after logging in, along with some sort of small error window that disappeared too quickly to read. It tried to generate a log but after 5 minutes or so it exited without any report. I ran ComboFix again with the same script, the scan ran smoothly, and it didn't need to reboot. It might be worth mentioning that I remember the first run of CF saying it was going to delete C:\windows\system64 and consrv.dll. Anyways, here's the log: ComboFix 11-12-10.01 - SypherPhoenix 12/11/2011 10:25:02.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3053 [GMT -5:00] Running from: c:\users\SypherPhoenix\Desktop\ComboFix.exe Command switches used :: c:\users\SypherPhoenix\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\consrv.dll . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll . ((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 ))))))))))))))))))))))))))))))) . . 2011-12-11 15:32 . 2011-12-11 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-08 20:30 . 2011-12-08 20:30 -------- d-----w- C:\_OTL 2011-12-06 13:39 . 2011-12-06 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 11:13 . 2011-12-06 11:13 -------- d-----w- c:\users\SypherPhoenix\AppData\Roaming\NVIDIA 2011-12-06 03:50 . 2011-12-11 15:21 -------- d-----w- c:\users\UpdatusUser 2011-11-26 17:26 . 2011-11-26 17:26 -------- d-----w- c:\windows\system32\Macromed 2011-11-18 21:32 . 2011-11-18 17:26 735744 ----a-w- c:\windows\system32\LameACM.acm 2011-11-18 19:36 . 2011-11-18 20:14 -------- d-----w- c:\program files (x86)\Mozilla Firefox 8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-06 23:27 . 2010-05-28 22:00 3764 --sha-w- c:\programdata\KGyGaAvL.sys 2011-11-26 17:26 . 2011-05-14 01:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 08:53 . 2011-01-08 01:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-08 01:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-08 01:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-01-08 01:48 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-08 01:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2009-08-17 06:39 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2009-08-16 16:57 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-12-09_16.23.54 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-06 13:40 . 2011-12-11 14:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-12-06 13:40 . 2011-12-09 02:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-12-06 15:02 . 2011-12-09 01:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat + 2011-12-06 15:02 . 2011-12-11 14:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat + 2011-12-11 08:53 . 2011-12-11 14:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121120111212\index.dat + 2011-12-11 00:54 . 2011-12-11 02:53 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121020111211\index.dat + 2011-12-09 18:58 . 2011-12-09 22:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011120920111210\index.dat + 2011-12-06 13:40 . 2011-12-11 14:38 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat - 2011-12-06 13:40 . 2011-12-09 02:10 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2009-07-14 05:10 . 2011-12-11 15:21 42034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-12-09 16:02 42034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-27 04:31 . 2011-12-11 15:21 14820 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-155282373-3850656327-2735796575-1000_UserData.bin - 2010-05-27 07:25 . 2011-12-09 16:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-27 07:25 . 2011-12-11 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-27 07:25 . 2011-12-09 16:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-27 07:25 . 2011-12-11 15:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-12-09 16:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-12-11 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-27 11:00 . 2011-12-11 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-27 11:00 . 2011-12-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-27 11:00 . 2011-12-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-27 11:00 . 2011-12-11 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-11 14:44 . 2011-12-11 14:44 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAQL3ZFD\setup_MightyMagoo_v1[1].exe + 2010-06-01 19:35 . 2011-12-10 04:17 2166 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-12-11 00:05 . 2011-12-11 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-09 16:14 . 2011-12-09 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-09 16:14 . 2011-12-09 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-11 00:05 . 2011-12-11 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2011-12-11 14:38 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 02:36 . 2011-12-09 16:19 661172 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-12-11 15:24 661172 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-12-09 16:19 121090 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-12-11 15:24 121090 c:\windows\system32\perfc009.dat + 2009-07-14 05:12 . 2011-12-11 15:20 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2011-12-09 16:16 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-12-07 21:12 . 2011-12-11 00:05 223744 c:\windows\assembly\temp\kwrd.dll - 2011-12-07 21:12 . 2011-12-09 15:44 223744 c:\windows\assembly\temp\kwrd.dll + 2009-07-14 04:54 . 2011-12-11 14:38 3784704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-12-11 14:38 5586944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 02:34 . 2011-12-06 04:19 10092544 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-12-09 22:19 10092544 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693] "CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC20.exe [2010-5-27 1172992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSearchInternetInStartMenu"= 1 (0x1) "NoCloseDragDropBands"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\Drivers\EMSLink_amd64.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-27 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176] R3 rt70x64;BUFFALO RT2500 USB Wireless Driver;c:\windows\system32\DRIVERS\netr7064.sys [x] R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-30 74392] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-05-18 21:54 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10] . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10] . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job - c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29] . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job - c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoveShowDesktopButton"="c:\windows\w7sdbr" [X] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.20.1 FF - ProfilePath - c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . HKLM-Run-combofix - c:\combofix\CF9484.3XE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-155282373-3850656327-2735796575-1000\Software\SecuROM\License information*] "datasecu"=hex:bc,6c,72,5a,ff,d6,95,46,3f,db,19,98,8e,1d,db,2b,5c,31,86,7e,e8, 08,08,a9,34,97,ad,ae,f3,30,9a,7c,83,86,65,34,ec,e4,5f,ad,c9,d3,76,a9,91,33,\ "rkeysecu"=hex:f7,05,6f,e2,24,81,2e,48,4a,44,86,9b,80,57,6c,cd . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-12-11 10:33:59 ComboFix-quarantined-files.txt 2011-12-11 15:33 ComboFix2.txt 2011-12-09 16:26 . Pre-Run: 75,831,959,552 bytes free Post-Run: 75,769,724,928 bytes free . - - End Of File - - E34C7829ED1D61CFA0ECFEAFF4D9B275
  4. sand2minister
    ComboFix 11-12-09.02 - SypherPhoenix 12/09/2011 11:10:12.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3055 [GMT -5:00] Running from: c:\users\SypherPhoenix\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\SypherPhoenix\AppData\Roaming\Adobe\plugs c:\users\SypherPhoenix\AppData\Roaming\Adobe\shed c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\searchplugins\bing-zugo.xml c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 ))))))))))))))))))))))))))))))) . . 2011-12-09 16:13 . 2011-12-09 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-08 20:30 . 2011-12-08 20:30 -------- d-----w- C:\_OTL 2011-12-06 13:39 . 2011-12-06 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 11:13 . 2011-12-06 11:13 -------- d-----w- c:\users\SypherPhoenix\AppData\Roaming\NVIDIA 2011-12-06 03:50 . 2011-12-06 03:51 -------- d-----w- c:\users\UpdatusUser 2011-11-26 17:26 . 2011-11-26 17:26 -------- d-----w- c:\windows\system32\Macromed 2011-11-18 21:32 . 2011-11-18 17:26 735744 ----a-w- c:\windows\system32\LameACM.acm 2011-11-18 19:36 . 2011-11-18 20:14 -------- d-----w- c:\program files (x86)\Mozilla Firefox 8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-06 23:27 . 2010-05-28 22:00 3764 --sha-w- c:\programdata\KGyGaAvL.sys 2011-11-26 17:26 . 2011-05-14 01:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 08:53 . 2011-01-08 01:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-08 01:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-08 01:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-01-08 01:48 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-08 01:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2009-08-17 06:39 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2009-08-16 16:57 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2010-11-17 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll . [-] 2010-11-17 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693] "CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC20.exe [2010-5-27 1172992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSearchInternetInStartMenu"= 1 (0x1) "NoCloseDragDropBands"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\Drivers\EMSLink_amd64.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-27 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176] R3 rt70x64;BUFFALO RT2500 USB Wireless Driver;c:\windows\system32\DRIVERS\netr7064.sys [x] R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-30 74392] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-05-18 21:54 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job - c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job - c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoveShowDesktopButton"="c:\windows\w7sdbr" [X] "combofix"="c:\combofix\CF16643.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.20.1 FF - ProfilePath - c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . SafeBoot-36027474.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PHANTASY STAR ONLINE Blue Burst_is1 - c:\program files (x86)\SEGA\PHANTASY STAR ONLINE Blue Burst\uninst\unins000.exe AddRemove-SCHTHACK PSOBB - c:\program files (x86)\SCHTHACK PSOBB\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-155282373-3850656327-2735796575-1000\Software\SecuROM\License information*] "datasecu"=hex:bc,6c,72,5a,ff,d6,95,46,3f,db,19,98,8e,1d,db,2b,5c,31,86,7e,e8, 08,08,a9,34,97,ad,ae,f3,30,9a,7c,83,86,65,34,ec,e4,5f,ad,c9,d3,76,a9,91,33,\ "rkeysecu"=hex:f7,05,6f,e2,24,81,2e,48,4a,44,86,9b,80,57,6c,cd . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\CTXFISPI.EXE . ************************************************************************** . Completion time: 2011-12-09 11:26:23 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-09 16:26 . Pre-Run: 76,229,201,920 bytes free Post-Run: 77,173,772,288 bytes free . - - End Of File - - 894A22E3F1CA5CFF17318D93D0499C87
  5. sand2minister
    While µTorrent is a perfectly legal program in my country of residence, and is often used for legal file sharing, I'm not here to argue with the Malwarebytes staff. µTorrent has been uninstalled per forum policy and your request. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: SypherPhoenix ->Temp folder emptied: 57878409 bytes ->Temporary Internet Files folder emptied: 23903110 bytes ->Java cache emptied: 154569 bytes ->FireFox cache emptied: 722674474 bytes ->Google Chrome cache emptied: 470098442 bytes ->Flash cache emptied: 175666 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 105737238 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84994 bytes RecycleBin emptied: 2151812 bytes Total Files Cleaned = 1,319.00 mb HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.31.0 log created on 12082011_153035 Files\Folders moved on Reboot... C:\Users\SypherPhoenix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  6. sand2minister
    Oh, and I'm not jdwharton, though I'm sure it was just a copy/paste oversight. OTL logfile created on: 12/7/2011 4:27:04 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SypherPhoenix\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.61% Memory free 8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.09 Gb Total Space | 64.99 Gb Free Space | 21.80% Space Free | Partition Type: NTFS Drive D: | 149.04 Gb Total Space | 101.65 Gb Free Space | 68.20% Space Free | Partition Type: NTFS Drive E: | 149.04 Gb Total Space | 104.09 Gb Free Space | 69.84% Space Free | Partition Type: NTFS Drive G: | 186.31 Gb Total Space | 26.19 Gb Free Space | 14.06% Space Free | Partition Type: NTFS Computer Name: PHOENIXNEST | User Name: SypherPhoenix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\SypherPhoenix\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () MOD - C:\Windows\SysWOW64\CTXFIRES.DLL () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (EMSLink) -- C:\Windows\SysNative\drivers\EMSLink_amd64.sys (EMS Production Limited.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (rt70x64) -- C:\Windows\SysNative\drivers\netr7064.sys (Ralink Technology Inc.) DRV:64bit: - (RT2500) -- C:\Windows\SysNative\drivers\RT2500.sys (Ralink Technology Inc.) DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 36 9C 5D B5 40 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox/" FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.8.4 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.8.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24 FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 11:08:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 11:08:51 | 000,000,000 | ---D | M] [2010/05/27 02:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Extensions [2010/05/27 02:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/12/07 02:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions [2010/05/27 02:36:19 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010/07/29 03:32:54 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} [2011/11/04 16:59:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} [2011/11/26 12:47:59 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [2011/11/12 06:12:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/12/04 19:11:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/10/30 17:50:27 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011/11/12 06:12:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/08/17 15:37:34 | 000,000,000 | ---D | M] (NicoFox) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\nicofox@littlebtc [2011/12/05 05:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\staged-xpis [2011/04/04 15:48:16 | 000,001,919 | ---- | M] () -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\searchplugins\bing-zugo.xml [2011/12/07 02:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/13 11:08:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/09/21 15:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/07/06 06:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/11/13 11:08:51 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2011/11/13 11:08:51 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/11/13 11:08:51 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2003/07/14 21:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010/04/01 10:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2010/04/01 10:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010/04/01 10:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010/04/01 10:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2010/04/01 10:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2010/04/01 10:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2010/04/01 10:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\ CHR - Extension: AT_RebeccaTaylor = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj\3_0\ CHR - Extension: Poppit = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ Hosts file not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RemoveShowDesktopButton] C:\Windows\w7sdbr.exe () O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - Startup: C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B37B166-E013-453C-AEAC-976CDC4B4E82}: DhcpNameServer = 192.168.20.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/10/03 01:40:17 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006/10/10 16:42:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/07 16:24:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\SypherPhoenix\Desktop\OTL.exe [2011/12/07 16:19:01 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SypherPhoenix\Desktop\tdsskiller.exe [2011/12/06 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Desktop\mbpup [2011/12/06 08:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/06 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/06 06:13:47 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\AppData\Roaming\NVIDIA [2011/12/06 05:13:51 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011/12/06 05:04:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\SypherPhoenix\Documents\mbam-setup-1.51.2.1300.exe [2011/12/06 04:50:08 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011/12/05 22:49:44 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011/12/05 22:49:44 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011/12/05 22:49:44 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011/12/05 22:49:44 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011/12/05 22:49:44 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011/12/05 22:49:44 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011/12/05 22:49:44 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011/12/05 22:49:44 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011/12/05 22:49:44 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011/12/05 22:49:44 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011/12/05 22:49:44 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011/12/05 22:49:44 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011/12/05 22:49:44 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011/12/05 22:49:44 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011/12/05 22:49:44 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011/12/05 22:49:44 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2011/12/05 22:49:44 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2011/12/05 22:49:44 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011/12/05 22:49:44 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011/12/05 19:00:50 | 155,182,440 | ---- | C] (NVIDIA Corporation) -- C:\Users\SypherPhoenix\Documents\285.62-desktop-win7-winvista-64bit-english-whql.exe [2011/11/26 12:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011/11/18 16:32:59 | 000,735,744 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysNative\LameACM.acm [2011/11/18 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 8 [2011/11/17 01:26:10 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Documents\AdobeStockPhotos [2011/11/16 23:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/11/08 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Desktop\New folder [2010/06/09 00:27:05 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL [2010/05/27 00:04:11 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010/05/27 00:04:11 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/07 16:24:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SypherPhoenix\Desktop\OTL.exe [2011/12/07 16:19:12 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/07 16:19:12 | 000,661,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/07 16:19:12 | 000,121,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/07 16:19:01 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SypherPhoenix\Desktop\tdsskiller.exe [2011/12/07 16:13:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/07 16:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/07 16:12:37 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys [2011/12/07 04:29:39 | 000,062,884 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2011/12/07 04:29:39 | 000,062,884 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2011/12/07 04:29:39 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2011/12/07 04:10:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job [2011/12/07 03:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/12/07 01:12:42 | 000,098,162 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\floorplan.psd [2011/12/06 22:10:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job [2011/12/06 18:27:23 | 000,003,764 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011/12/06 05:18:16 | 001,008,114 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\rkill.exe [2011/12/06 05:13:52 | 000,000,678 | ---- | M] () -- C:\Users\SypherPhoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/06 05:03:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\SypherPhoenix\Documents\mbam-setup-1.51.2.1300.exe [2011/12/06 00:44:07 | 1459,978,240 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\Super Smash Bros. Melee.gcm [2011/12/05 23:55:01 | 000,010,016 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/05 23:55:01 | 000,010,016 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/05 22:53:01 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2011/12/05 19:08:52 | 155,182,440 | ---- | M] (NVIDIA Corporation) -- C:\Users\SypherPhoenix\Documents\285.62-desktop-win7-winvista-64bit-english-whql.exe [2011/12/05 17:45:25 | 000,995,049 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\buddyIcons.rar [2011/12/05 17:30:31 | 209,585,325 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Tencent Art Pack v6.7.zip [2011/11/26 14:02:18 | 000,969,607 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\LOLReplay-0.7.3.4.exe [2011/11/26 13:49:42 | 000,123,588 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\EfFxData.dat [2011/11/26 12:26:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/23 02:24:41 | 001,666,139 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\VirtualDubMod_1_5_10_2_b2542.zip [2011/11/18 20:56:41 | 000,189,810 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\libmp3lame-win-3.98.2.zip [2011/11/18 16:37:37 | 006,546,936 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\gf2.avi [2011/11/18 16:18:22 | 004,572,344 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\gf1.avi [2011/11/18 12:26:10 | 000,735,744 | ---- | M] (http://www.mp3dev.org/) -- C:\Windows\SysNative\LameACM.acm [2011/11/17 00:22:24 | 351,350,536 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\vidz.avi [2011/11/15 12:06:25 | 000,023,033 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Pokemon_series_-_The_Missingno_Tracks.torrent [2011/11/14 04:44:30 | 002,368,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/11/14 04:42:22 | 000,000,702 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Rebuild_Icon_Cache.bat [2011/11/13 08:56:54 | 004,385,485 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\0999 - Castlevania - Aria of Sorrow (U)(GBATemp).zip [2011/11/09 10:19:27 | 000,266,144 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Master Hand 1.09.rar [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/06 23:50:03 | 000,098,162 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\floorplan.psd [2011/12/06 05:19:57 | 001,008,114 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\rkill.exe [2011/12/06 05:13:52 | 000,000,678 | ---- | C] () -- C:\Users\SypherPhoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/05 17:45:25 | 000,995,049 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\buddyIcons.rar [2011/12/05 17:28:34 | 209,585,325 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Tencent Art Pack v6.7.zip [2011/11/26 14:02:17 | 000,969,607 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\LOLReplay-0.7.3.4.exe [2011/11/26 13:40:49 | 000,123,588 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\EfFxData.dat [2011/11/23 02:23:39 | 001,666,139 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\VirtualDubMod_1_5_10_2_b2542.zip [2011/11/22 18:16:43 | 000,374,846 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Gctool12b.zip [2011/11/18 20:56:39 | 000,189,810 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\libmp3lame-win-3.98.2.zip [2011/11/18 16:37:30 | 006,546,936 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\gf2.avi [2011/11/18 16:35:11 | 000,000,414 | R--- | C] () -- C:\Windows\SysNative\lame_acm.xml [2011/11/18 16:18:13 | 004,572,344 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\gf1.avi [2011/11/17 08:54:44 | 351,350,536 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\vidz.avi [2011/11/15 12:06:25 | 000,023,033 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Pokemon_series_-_The_Missingno_Tracks.torrent [2011/11/14 04:42:21 | 000,000,702 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Rebuild_Icon_Cache.bat [2011/11/13 08:56:40 | 004,385,485 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\0999 - Castlevania - Aria of Sorrow (U)(GBATemp).zip [2011/11/09 10:19:27 | 000,266,144 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Master Hand 1.09.rar [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/05/13 20:04:08 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/18 13:30:11 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2011/04/18 13:29:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll [2011/04/18 13:29:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011/04/04 16:03:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/02/11 15:58:21 | 000,000,200 | ---- | C] () -- C:\Windows\QCPC80UI.dat [2011/02/09 04:56:07 | 000,000,652 | ---- | C] () -- C:\Users\SypherPhoenix\AppData\Roaming\MPQEditor.ini [2010/11/22 14:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010/10/16 01:12:43 | 000,055,296 | ---- | C] () -- C:\Windows\w7sdbr.exe [2010/08/15 18:55:06 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini [2010/07/17 11:21:10 | 000,000,085 | ---- | C] () -- C:\Windows\lagarith.ini [2010/06/20 19:56:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/06/09 18:49:13 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010/06/08 23:50:06 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll [2010/05/31 12:51:38 | 000,007,597 | ---- | C] () -- C:\Users\SypherPhoenix\AppData\Local\resmon.resmoncfg [2010/05/29 17:00:23 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat [2010/05/28 17:00:14 | 000,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/05/28 17:00:14 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C8888E423.sys [2010/05/28 12:25:53 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/05/28 12:17:59 | 000,067,939 | ---- | C] () -- C:\Windows\SysWow64\x264vfw-uninstall.exe [2010/05/28 12:08:28 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010/05/28 12:03:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/05/28 12:03:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/05/27 02:31:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/05/27 00:04:31 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010/05/27 00:04:31 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010/05/27 00:04:11 | 000,384,428 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010/05/27 00:04:11 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010/05/27 00:04:11 | 000,027,273 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010/05/27 00:04:11 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2010/05/27 00:04:11 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL [2010/05/27 00:04:11 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2010/05/27 00:04:11 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010/04/13 14:16:36 | 003,175,936 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/06/12 00:47:32 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\.Blackmagic_Design [2010/05/27 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\acccore [2010/07/16 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Aim [2011/11/22 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Audacity [2011/09/04 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Auslogics [2011/05/31 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\com.doubleperfect.ggpo [2010/05/27 15:54:12 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1 [2010/05/28 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DAEMON Tools Lite [2011/02/07 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DC++ [2010/08/22 17:49:31 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DVDVideoSoftIEHelpers [2011/07/06 03:25:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Hot Keyboard [2010/08/16 05:03:34 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\ImgBurn [2011/03/13 03:41:28 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\LolClient [2010/06/21 02:53:12 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\mkvtoolnix [2011/09/12 14:36:44 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Mp3tag [2011/12/05 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Mumble [2010/06/15 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Smart Recorder [2011/11/25 02:04:34 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\uTorrent [2011/08/20 22:25:06 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/7/2011 4:27:04 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SypherPhoenix\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.61% Memory free 8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.09 Gb Total Space | 64.99 Gb Free Space | 21.80% Space Free | Partition Type: NTFS Drive D: | 149.04 Gb Total Space | 101.65 Gb Free Space | 68.20% Space Free | Partition Type: NTFS Drive E: | 149.04 Gb Total Space | 104.09 Gb Free Space | 69.84% Space Free | Partition Type: NTFS Drive G: | 186.31 Gb Total Space | 26.19 Gb Free Space | 14.06% Space Free | Partition Type: NTFS Computer Name: PHOENIXNEST | User Name: SypherPhoenix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0d78370e-4086-4292-a82e-f920135dcee4}.sdb" = SCHTHACK PSOBB Compatibility Database "{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "LAGARITH" = Lagarith lossless video codec (Remove Only) "LameACM" = Lame ACM MP3 Codec "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR archiver "XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21 "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5 "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74598B9B-A47F-45D5-96C0-780222C79BDB}" = tio tournament organizer "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card "Adobe AIR" = Adobe AIR "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection "AIM_6" = AIM 6 "AOL Instant Messenger" = AOL Instant Messenger "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "AudioCS" = Creative Audio Control Panel "AviSynth" = AviSynth 2.5 "Cheat Engine 5.6_is1" = Cheat Engine 5.6 "Chipamp" = Chipamp "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "DC++" = DC++ 0.781 "DivX Setup.divx.com" = DivX Setup "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "FL Studio 9" = FL Studio 9 "FLAC" = FLAC 1.2.1b (remove only) "GIF Animator" = Microsoft GIF Animator "Hardcore" = Hardcore "Hot Keyboard_is1" = Hot Keyboard 2.7 "IL Download Manager" = IL Download Manager "ImgBurn" = ImgBurn "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9 "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "LameACM" = Lame ACM MP3 Codec "LOLReplay" = LOLReplay "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "MKVtoolnix" = MKVtoolnix 3.4.0 "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24) "Mp3tag" = Mp3tag v2.49 "No-IP.com DUC" = No-IP.com DUC (remove only) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "PHANTASY STAR ONLINE Blue Burst_is1" = PHANTASY STAR ONLINE Blue Burst "Plants vs. Zombies" = Plants vs. Zombies "PoiZone" = PoiZone "quicktime_lite_is1" = QT Lite 4.1.0 "RADVideo" = RAD Video Tools "reFX Vanguard VSTi_is1" = reFX Vanguard VSTi v1.6.1 "Sakura" = Sakura "Sawer" = Sawer "SCHTHACK PSOBB" = SCHTHACK PSOBB "Steam App 220" = Half-Life 2 "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0 "SysInfo" = Creative System Information "Toxic Biohazard" = Toxic Biohazard "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "World of Warcraft" = World of Warcraft "x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only) "Xilisoft Video Converter" = Xilisoft Video Converter "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "644392d16edde6b0" = OpenSA2 "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  7. sand2minister
    There was no cure option in TDDSKiller, so the results were skipped. Logs had to be divided into two posts due to the character limit. 16:19:05.0194 2068 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06 16:19:05.0384 2068 ============================================================ 16:19:05.0384 2068 Current date / time: 2011/12/07 16:19:05.0384 16:19:05.0384 2068 SystemInfo: 16:19:05.0384 2068 16:19:05.0384 2068 OS Version: 6.1.7600 ServicePack: 0.0 16:19:05.0384 2068 Product type: Workstation 16:19:05.0384 2068 ComputerName: PHOENIXNEST 16:19:05.0385 2068 UserName: SypherPhoenix 16:19:05.0385 2068 Windows directory: C:\Windows 16:19:05.0385 2068 System windows directory: C:\Windows 16:19:05.0385 2068 Running under WOW64 16:19:05.0385 2068 Processor architecture: Intel x64 16:19:05.0385 2068 Number of processors: 2 16:19:05.0385 2068 Page size: 0x1000 16:19:05.0385 2068 Boot type: Normal boot 16:19:05.0385 2068 ============================================================ 16:19:07.0621 2068 Initialize success 16:19:26.0216 2312 ============================================================ 16:19:26.0216 2312 Scan started 16:19:26.0216 2312 Mode: Manual; SigCheck; TDLFS; 16:19:26.0216 2312 ============================================================ 16:19:27.0620 2312 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 16:19:27.0702 2312 1394ohci - ok 16:19:27.0736 2312 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 16:19:27.0746 2312 ACPI - ok 16:19:27.0790 2312 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 16:19:27.0841 2312 AcpiPmi - ok 16:19:27.0910 2312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:19:27.0922 2312 adp94xx - ok 16:19:27.0958 2312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:19:27.0968 2312 adpahci - ok 16:19:27.0982 2312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:19:27.0991 2312 adpu320 - ok 16:19:28.0038 2312 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 16:19:28.0185 2312 AFD - ok 16:19:28.0210 2312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 16:19:28.0217 2312 agp440 - ok 16:19:28.0236 2312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 16:19:28.0242 2312 aliide - ok 16:19:28.0256 2312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 16:19:28.0262 2312 amdide - ok 16:19:28.0289 2312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:19:28.0322 2312 AmdK8 - ok 16:19:28.0346 2312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:19:28.0371 2312 AmdPPM - ok 16:19:28.0401 2312 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 16:19:28.0408 2312 amdsata - ok 16:19:28.0445 2312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:19:28.0453 2312 amdsbs - ok 16:19:28.0511 2312 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 16:19:28.0516 2312 amdxata - ok 16:19:28.0543 2312 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 16:19:28.0611 2312 AppID - ok 16:19:28.0647 2312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:19:28.0653 2312 arc - ok 16:19:28.0665 2312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:19:28.0671 2312 arcsas - ok 16:19:28.0710 2312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:19:28.0756 2312 AsyncMac - ok 16:19:28.0783 2312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 16:19:28.0789 2312 atapi - ok 16:19:28.0936 2312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:19:28.0979 2312 b06bdrv - ok 16:19:29.0022 2312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:19:29.0059 2312 b57nd60a - ok 16:19:29.0086 2312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:19:29.0123 2312 Beep - ok 16:19:29.0155 2312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:19:29.0180 2312 blbdrive - ok 16:19:29.0215 2312 BMDDeckLinkAudio - ok 16:19:29.0236 2312 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 16:19:29.0271 2312 bowser - ok 16:19:29.0301 2312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:19:29.0326 2312 BrFiltLo - ok 16:19:29.0351 2312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:19:29.0360 2312 BrFiltUp - ok 16:19:29.0396 2312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:19:29.0424 2312 Brserid - ok 16:19:29.0446 2312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:19:29.0474 2312 BrSerWdm - ok 16:19:29.0522 2312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:19:29.0536 2312 BrUsbMdm - ok 16:19:29.0548 2312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:19:29.0574 2312 BrUsbSer - ok 16:19:29.0607 2312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:19:29.0616 2312 BTHMODEM - ok 16:19:29.0646 2312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:19:29.0669 2312 cdfs - ok 16:19:29.0701 2312 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 16:19:29.0725 2312 cdrom - ok 16:19:29.0766 2312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:19:29.0798 2312 circlass - ok 16:19:29.0901 2312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:19:29.0919 2312 CLFS - ok 16:19:29.0952 2312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:19:29.0978 2312 CmBatt - ok 16:19:29.0998 2312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 16:19:30.0004 2312 cmdide - ok 16:19:30.0026 2312 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 16:19:30.0040 2312 CNG - ok 16:19:30.0053 2312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:19:30.0058 2312 Compbatt - ok 16:19:30.0077 2312 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:19:30.0104 2312 CompositeBus - ok 16:19:30.0126 2312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:19:30.0132 2312 crcdisk - ok 16:19:30.0185 2312 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 16:19:30.0230 2312 CSC - ok 16:19:30.0440 2312 CT20XUT (ec6e627726458cea756e23d50d0a9317) C:\Windows\system32\drivers\CT20XUT.SYS 16:19:30.0589 2312 CT20XUT - ok 16:19:30.0727 2312 CT20XUT.SYS (ec6e627726458cea756e23d50d0a9317) C:\Windows\System32\drivers\CT20XUT.SYS 16:19:30.0732 2312 CT20XUT.SYS - ok 16:19:31.0008 2312 ctac32k (7e5632b884b1c4672efe245dafc0beea) C:\Windows\system32\drivers\ctac32k.sys 16:19:31.0025 2312 ctac32k - ok 16:19:31.0275 2312 ctaud2k (4e7d47fe0204c84acde44a68038c4444) C:\Windows\system32\drivers\ctaud2k.sys 16:19:31.0285 2312 ctaud2k - ok 16:19:31.0596 2312 CTEXFIFX (05210b19e4155114931fa79bc6536cf7) C:\Windows\system32\drivers\CTEXFIFX.SYS 16:19:31.0613 2312 CTEXFIFX - ok 16:19:31.0800 2312 CTEXFIFX.SYS (05210b19e4155114931fa79bc6536cf7) C:\Windows\System32\drivers\CTEXFIFX.SYS 16:19:31.0817 2312 CTEXFIFX.SYS - ok 16:19:31.0949 2312 CTHWIUT (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\system32\drivers\CTHWIUT.SYS 16:19:31.0954 2312 CTHWIUT - ok 16:19:32.0034 2312 CTHWIUT.SYS (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\System32\drivers\CTHWIUT.SYS 16:19:32.0039 2312 CTHWIUT.SYS - ok 16:19:32.0155 2312 ctprxy2k (abbc4148947befd2e8eada93cbe4bce5) C:\Windows\system32\drivers\ctprxy2k.sys 16:19:32.0158 2312 ctprxy2k - ok 16:19:32.0285 2312 ctsfm2k (9a1316b48404f6840cec030a1f95df96) C:\Windows\system32\drivers\ctsfm2k.sys 16:19:32.0290 2312 ctsfm2k - ok 16:19:32.0434 2312 DeckLink - ok 16:19:32.0578 2312 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 16:19:32.0624 2312 DfsC - ok 16:19:32.0779 2312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:19:32.0829 2312 discache - ok 16:19:33.0003 2312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:19:33.0020 2312 Disk - ok 16:19:33.0213 2312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:19:33.0242 2312 drmkaud - ok 16:19:33.0563 2312 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys 16:19:33.0623 2312 DXGKrnl - ok 16:19:34.0242 2312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:19:34.0303 2312 ebdrv - ok 16:19:34.0801 2312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:19:34.0821 2312 elxstor - ok 16:19:35.0069 2312 EMSLink (fc4c0e4260b72babb7d76ae089a91573) C:\Windows\system32\Drivers\EMSLink_amd64.sys 16:19:35.0071 2312 EMSLink - ok 16:19:35.0177 2312 emupia (8eca8c2f31bbbb1ac3acbcdfa9ab286f) C:\Windows\system32\drivers\emupia2k.sys 16:19:35.0182 2312 emupia - ok 16:19:35.0306 2312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 16:19:35.0356 2312 ErrDev - ok 16:19:35.0440 2312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:19:35.0503 2312 exfat - ok 16:19:35.0608 2312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:19:35.0657 2312 fastfat - ok 16:19:35.0750 2312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:19:35.0782 2312 fdc - ok 16:19:35.0902 2312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:19:35.0922 2312 FileInfo - ok 16:19:36.0017 2312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:19:36.0057 2312 Filetrace - ok 16:19:36.0192 2312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:19:36.0217 2312 flpydisk - ok 16:19:36.0354 2312 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 16:19:36.0370 2312 FltMgr - ok 16:19:36.0753 2312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:19:36.0773 2312 FsDepends - ok 16:19:36.0878 2312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:19:36.0883 2312 Fs_Rec - ok 16:19:37.0091 2312 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 16:19:37.0117 2312 fvevol - ok 16:19:37.0241 2312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:19:37.0262 2312 gagp30kx - ok 16:19:38.0003 2312 ha20x22k (7464c4d841c61e36a6177a6cb8f4aa2e) C:\Windows\system32\drivers\ha20x22k.sys 16:19:38.0022 2312 ha20x22k - ok 16:19:38.0418 2312 ha20x2k (d93cefe9932de9f969bb5d18c38e9566) C:\Windows\system32\drivers\ha20x2k.sys 16:19:38.0446 2312 ha20x2k - ok 16:19:39.0015 2312 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys 16:19:39.0028 2312 Hardlock ( UnsignedFile.Multi.Generic ) - warning 16:19:39.0028 2312 Hardlock - detected UnsignedFile.Multi.Generic (1) 16:19:39.0133 2312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:19:39.0165 2312 hcw85cir - ok 16:19:39.0374 2312 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 16:19:39.0408 2312 HdAudAddService - ok 16:19:39.0578 2312 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:19:39.0612 2312 HDAudBus - ok 16:19:39.0696 2312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:19:39.0730 2312 HidBatt - ok 16:19:39.0824 2312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:19:39.0880 2312 HidBth - ok 16:19:40.0122 2312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:19:40.0160 2312 HidIr - ok 16:19:40.0335 2312 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 16:19:40.0374 2312 HidUsb - ok 16:19:40.0649 2312 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 16:19:40.0673 2312 HpSAMD - ok 16:19:40.0856 2312 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 16:19:40.0899 2312 HTTP - ok 16:19:41.0237 2312 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 16:19:41.0242 2312 hwpolicy - ok 16:19:41.0421 2312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 16:19:41.0441 2312 i8042prt - ok 16:19:41.0640 2312 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 16:19:41.0656 2312 iaStorV - ok 16:19:41.0992 2312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:19:42.0013 2312 iirsp - ok 16:19:42.0177 2312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 16:19:42.0196 2312 intelide - ok 16:19:42.0316 2312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:19:42.0346 2312 intelppm - ok 16:19:42.0427 2312 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:19:42.0461 2312 IpFilterDriver - ok 16:19:42.0535 2312 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 16:19:42.0555 2312 IPMIDRV - ok 16:19:42.0693 2312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:19:42.0738 2312 IPNAT - ok 16:19:42.0873 2312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:19:43.0323 2312 IRENUM - ok 16:19:43.0748 2312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 16:19:43.0769 2312 isapnp - ok 16:19:43.0911 2312 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 16:19:43.0933 2312 iScsiPrt - ok 16:19:44.0121 2312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:19:44.0126 2312 kbdclass - ok 16:19:44.0273 2312 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 16:19:44.0306 2312 kbdhid - ok 16:19:44.0411 2312 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 16:19:44.0434 2312 KSecDD - ok 16:19:44.0560 2312 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 16:19:44.0568 2312 KSecPkg - ok 16:19:44.0759 2312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:19:44.0860 2312 ksthunk - ok 16:19:45.0351 2312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:19:45.0398 2312 lltdio - ok 16:19:45.0612 2312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:19:45.0635 2312 LSI_FC - ok 16:19:45.0689 2312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:19:45.0696 2312 LSI_SAS - ok 16:19:45.0828 2312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:19:45.0845 2312 LSI_SAS2 - ok 16:19:45.0925 2312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:19:45.0932 2312 LSI_SCSI - ok 16:19:45.0951 2312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:19:45.0988 2312 luafv - ok 16:19:46.0064 2312 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 16:19:46.0070 2312 MBAMProtector - ok 16:19:46.0106 2312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:19:46.0112 2312 megasas - ok 16:19:46.0137 2312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:19:46.0146 2312 MegaSR - ok 16:19:46.0168 2312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:19:46.0209 2312 Modem - ok 16:19:46.0606 2312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:19:46.0651 2312 monitor - ok 16:19:46.0689 2312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:19:46.0694 2312 mouclass - ok 16:19:46.0722 2312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:19:46.0730 2312 mouhid - ok 16:19:46.0781 2312 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 16:19:46.0788 2312 mountmgr - ok 16:19:46.0813 2312 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 16:19:46.0821 2312 mpio - ok 16:19:46.0843 2312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:19:46.0884 2312 mpsdrv - ok 16:19:46.0912 2312 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 16:19:46.0936 2312 MRxDAV - ok 16:19:46.0961 2312 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:19:47.0012 2312 mrxsmb - ok 16:19:47.0030 2312 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:19:47.0056 2312 mrxsmb10 - ok 16:19:47.0066 2312 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:19:47.0090 2312 mrxsmb20 - ok 16:19:47.0101 2312 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 16:19:47.0107 2312 msahci - ok 16:19:47.0148 2312 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 16:19:47.0168 2312 msdsm - ok 16:19:47.0181 2312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:19:47.0204 2312 Msfs - ok 16:19:47.0221 2312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:19:47.0257 2312 mshidkmdf - ok 16:19:47.0276 2312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 16:19:47.0281 2312 msisadrv - ok 16:19:47.0307 2312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:19:47.0343 2312 MSKSSRV - ok 16:19:47.0366 2312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:19:47.0389 2312 MSPCLOCK - ok 16:19:47.0403 2312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:19:47.0441 2312 MSPQM - ok 16:19:47.0490 2312 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 16:19:47.0505 2312 MsRPC - ok 16:19:47.0518 2312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:19:47.0524 2312 mssmbios - ok 16:19:47.0539 2312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:19:47.0579 2312 MSTEE - ok 16:19:47.0599 2312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:19:47.0637 2312 MTConfig - ok 16:19:47.0664 2312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:19:47.0669 2312 Mup - ok 16:19:47.0704 2312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:19:47.0733 2312 NativeWifiP - ok 16:19:47.0778 2312 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 16:19:47.0806 2312 NDIS - ok 16:19:47.0823 2312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:19:47.0846 2312 NdisCap - ok 16:19:47.0870 2312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:19:47.0912 2312 NdisTapi - ok 16:19:47.0949 2312 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 16:19:47.0985 2312 Ndisuio - ok 16:19:48.0024 2312 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:19:48.0058 2312 NdisWan - ok 16:19:48.0074 2312 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 16:19:48.0097 2312 NDProxy - ok 16:19:48.0112 2312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:19:48.0149 2312 NetBIOS - ok 16:19:48.0172 2312 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 16:19:48.0211 2312 NetBT - ok 16:19:48.0252 2312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:19:48.0258 2312 nfrd960 - ok 16:19:48.0284 2312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:19:48.0307 2312 Npfs - ok 16:19:48.0323 2312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:19:48.0364 2312 nsiproxy - ok 16:19:48.0422 2312 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 16:19:48.0462 2312 Ntfs - ok 16:19:48.0475 2312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:19:48.0514 2312 Null - ok 16:19:48.0587 2312 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 16:19:48.0635 2312 NVENETFD - ok 16:19:48.0963 2312 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:19:49.0098 2312 nvlddmkm - ok 16:19:49.0406 2312 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 16:19:49.0418 2312 nvraid - ok 16:19:49.0440 2312 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 16:19:49.0447 2312 nvstor - ok 16:19:49.0487 2312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 16:19:49.0494 2312 nv_agp - ok 16:19:49.0507 2312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 16:19:49.0518 2312 ohci1394 - ok 16:19:49.0580 2312 ossrv (44a8cf12bf79e62a65a5f9e3087964c9) C:\Windows\system32\drivers\ctoss2k.sys 16:19:49.0584 2312 ossrv - ok 16:19:49.0629 2312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:19:49.0651 2312 Parport - ok 16:19:49.0672 2312 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 16:19:49.0678 2312 partmgr - ok 16:19:49.0691 2312 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 16:19:49.0698 2312 pci - ok 16:19:49.0714 2312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 16:19:49.0719 2312 pciide - ok 16:19:49.0739 2312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:19:49.0747 2312 pcmcia - ok 16:19:49.0762 2312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:19:49.0768 2312 pcw - ok 16:19:49.0792 2312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:19:49.0830 2312 PEAUTH - ok 16:19:49.0904 2312 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 16:19:49.0946 2312 PptpMiniport - ok 16:19:49.0975 2312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:19:50.0001 2312 Processor - ok 16:19:50.0037 2312 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 16:19:50.0075 2312 Psched - ok 16:19:50.0142 2312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:19:50.0194 2312 ql2300 - ok 16:19:50.0217 2312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:19:50.0224 2312 ql40xx - ok 16:19:50.0241 2312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:19:50.0251 2312 QWAVEdrv - ok 16:19:50.0269 2312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:19:50.0291 2312 RasAcd - ok 16:19:50.0336 2312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:19:50.0359 2312 RasAgileVpn - ok 16:19:50.0378 2312 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:19:50.0420 2312 Rasl2tp - ok 16:19:50.0448 2312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:19:50.0487 2312 RasPppoe - ok 16:19:50.0533 2312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:19:50.0576 2312 RasSstp - ok 16:19:50.0605 2312 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 16:19:50.0649 2312 rdbss - ok 16:19:50.0670 2312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:19:50.0679 2312 rdpbus - ok 16:19:50.0685 2312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:19:50.0726 2312 RDPCDD - ok 16:19:50.0755 2312 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 16:19:50.0779 2312 RDPDR - ok 16:19:50.0813 2312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:19:50.0834 2312 RDPENCDD - ok 16:19:50.0851 2312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:19:50.0874 2312 RDPREFMP - ok 16:19:50.0920 2312 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 16:19:50.0979 2312 RDPWD - ok 16:19:51.0004 2312 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 16:19:51.0012 2312 rdyboost - ok 16:19:51.0063 2312 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 16:19:51.0067 2312 regi - ok 16:19:51.0094 2312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:19:51.0132 2312 rspndr - ok 16:19:51.0232 2312 RT2500 (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys 16:19:51.0271 2312 RT2500 - ok 16:19:51.0344 2312 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys 16:19:51.0392 2312 rt61x64 - ok 16:19:51.0430 2312 rt70x64 (ab19660a0d9adfe9b65f8f24571dd75b) C:\Windows\system32\DRIVERS\netr7064.sys 16:19:51.0453 2312 rt70x64 - ok 16:19:51.0498 2312 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 16:19:51.0533 2312 s3cap - ok 16:19:51.0552 2312 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 16:19:51.0559 2312 sbp2port - ok 16:19:51.0574 2312 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 16:19:51.0614 2312 scfilter - ok 16:19:51.0672 2312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:19:51.0714 2312 secdrv - ok 16:19:51.0742 2312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:19:51.0750 2312 Serenum - ok 16:19:51.0765 2312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:19:51.0791 2312 Serial - ok 16:19:51.0820 2312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:19:51.0840 2312 sermouse - ok 16:19:51.0863 2312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 16:19:51.0888 2312 sffdisk - ok 16:19:51.0906 2312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 16:19:51.0932 2312 sffp_mmc - ok 16:19:51.0954 2312 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 16:19:51.0978 2312 sffp_sd - ok 16:19:52.0003 2312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:19:52.0011 2312 sfloppy - ok 16:19:52.0049 2312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:19:52.0056 2312 SiSRaid2 - ok 16:19:52.0076 2312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:19:52.0082 2312 SiSRaid4 - ok 16:19:52.0117 2312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:19:52.0141 2312 Smb - ok 16:19:52.0161 2312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:19:52.0167 2312 spldr - ok 16:19:52.0200 2312 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys 16:19:52.0227 2312 srv - ok 16:19:52.0254 2312 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 16:19:52.0281 2312 srv2 - ok 16:19:52.0306 2312 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys 16:19:52.0347 2312 srvnet - ok 16:19:52.0406 2312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:19:52.0412 2312 stexstor - ok 16:19:52.0485 2312 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 16:19:52.0491 2312 storflt - ok 16:19:52.0771 2312 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 16:19:52.0778 2312 storvsc - ok 16:19:53.0044 2312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:19:53.0050 2312 swenum - ok 16:19:53.0359 2312 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys 16:19:53.0413 2312 Tcpip - ok 16:19:53.0649 2312 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys 16:19:53.0672 2312 TCPIP6 - ok 16:19:53.0873 2312 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 16:19:53.0904 2312 tcpipreg - ok 16:19:54.0083 2312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:19:54.0130 2312 TDPIPE - ok 16:19:54.0305 2312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 16:19:54.0327 2312 TDTCP - ok 16:19:54.0536 2312 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 16:19:54.0580 2312 tdx - ok 16:19:54.0684 2312 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 16:19:54.0690 2312 TermDD - ok 16:19:54.0720 2312 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:19:54.0758 2312 tssecsrv - ok 16:19:54.0799 2312 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 16:19:54.0841 2312 tunnel - ok 16:19:54.0867 2312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:19:54.0873 2312 uagp35 - ok 16:19:54.0899 2312 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 16:19:54.0942 2312 udfs - ok 16:19:54.0973 2312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 16:19:54.0990 2312 uliagpkx - ok 16:19:55.0015 2312 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 16:19:55.0040 2312 umbus - ok 16:19:55.0060 2312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:19:55.0083 2312 UmPass - ok 16:19:55.0112 2312 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 16:19:55.0137 2312 usbccgp - ok 16:19:55.0176 2312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 16:19:55.0202 2312 usbcir - ok 16:19:55.0224 2312 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 16:19:55.0232 2312 usbehci - ok 16:19:55.0252 2312 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 16:19:55.0263 2312 usbhub - ok 16:19:55.0301 2312 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 16:19:55.0314 2312 usbohci - ok 16:19:55.0348 2312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:19:55.0369 2312 usbprint - ok 16:19:55.0426 2312 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:19:55.0440 2312 USBSTOR - ok 16:19:55.0453 2312 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 16:19:55.0461 2312 usbuhci - ok 16:19:55.0482 2312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 16:19:55.0487 2312 vdrvroot - ok 16:19:55.0506 2312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:19:55.0515 2312 vga - ok 16:19:55.0527 2312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:19:55.0562 2312 VgaSave - ok 16:19:55.0586 2312 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 16:19:55.0608 2312 vhdmp - ok 16:19:55.0626 2312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 16:19:55.0632 2312 viaide - ok 16:19:55.0649 2312 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 16:19:55.0657 2312 vmbus - ok 16:19:55.0673 2312 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 16:19:55.0692 2312 VMBusHID - ok 16:19:55.0717 2312 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 16:19:55.0723 2312 volmgr - ok 16:19:55.0745 2312 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 16:19:55.0755 2312 volmgrx - ok 16:19:55.0768 2312 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 16:19:55.0777 2312 volsnap - ok 16:19:55.0848 2312 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys 16:19:55.0928 2312 vpcbus - ok 16:19:55.0947 2312 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys 16:19:55.0953 2312 vpcnfltr - ok 16:19:56.0015 2312 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys 16:19:56.0023 2312 vpcusb - ok 16:19:56.0070 2312 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys 16:19:56.0079 2312 vpcvmm - ok 16:19:56.0111 2312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:19:56.0119 2312 vsmraid - ok 16:19:56.0137 2312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:19:56.0146 2312 vwifibus - ok 16:19:56.0170 2312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:19:56.0193 2312 vwififlt - ok 16:19:56.0218 2312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:19:56.0236 2312 WacomPen - ok 16:19:56.0260 2312 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:19:56.0295 2312 WANARP - ok 16:19:56.0309 2312 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:19:56.0332 2312 Wanarpv6 - ok 16:19:56.0368 2312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:19:56.0373 2312 Wd - ok 16:19:56.0403 2312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:19:56.0426 2312 Wdf01000 - ok 16:19:56.0451 2312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:19:56.0473 2312 WfpLwf - ok 16:19:56.0494 2312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:19:56.0500 2312 WIMMount - ok 16:19:56.0536 2312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:19:56.0556 2312 WmiAcpi - ok 16:19:56.0591 2312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:19:56.0614 2312 ws2ifsl - ok 16:19:56.0631 2312 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 16:19:56.0691 2312 WudfPf - ok 16:19:56.0710 2312 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:19:56.0753 2312 WUDFRd - ok 16:19:56.0814 2312 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys 16:19:56.0839 2312 xnacc - ok 16:19:56.0864 2312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:19:56.0929 2312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 16:19:56.0929 2312 \Device\Harddisk0\DR0 - detected TDSS File System (1) 16:19:56.0932 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 16:19:57.0091 2312 \Device\Harddisk1\DR1 - ok 16:19:57.0099 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 16:19:57.0277 2312 \Device\Harddisk2\DR2 - ok 16:19:57.0280 2312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3 16:19:57.0720 2312 \Device\Harddisk3\DR3 - ok 16:19:57.0731 2312 Boot (0x1200) (a23c2af6b185cc02ed245d5f37c7cf75) \Device\Harddisk0\DR0\Partition0 16:19:57.0732 2312 \Device\Harddisk0\DR0\Partition0 - ok 16:19:57.0733 2312 Boot (0x1200) (7299c1c8df3f2a0f8287bfe935068d19) \Device\Harddisk1\DR1\Partition0 16:19:57.0734 2312 \Device\Harddisk1\DR1\Partition0 - ok 16:19:57.0736 2312 Boot (0x1200) (0cc6d5ae683b783b3283e5393857925f) \Device\Harddisk2\DR2\Partition0 16:19:57.0737 2312 \Device\Harddisk2\DR2\Partition0 - ok 16:19:57.0739 2312 Boot (0x1200) (bef6f33be0d4893646212ea58b6b053a) \Device\Harddisk3\DR3\Partition0 16:19:57.0740 2312 \Device\Harddisk3\DR3\Partition0 - ok 16:19:57.0740 2312 ============================================================ 16:19:57.0740 2312 Scan finished 16:19:57.0740 2312 ============================================================ 16:19:57.0746 2976 Detected object count: 2 16:19:57.0746 2976 Actual detected object count: 2 16:20:44.0909 2976 Hardlock ( UnsignedFile.Multi.Generic ) - skipped by user 16:20:44.0909 2976 Hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:20:44.0909 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 16:20:44.0909 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 16:21:24.0243 2464 ============================================================ 16:21:24.0243 2464 Scan started 16:21:24.0243 2464 Mode: Manual; SigCheck; TDLFS; 16:21:24.0243 2464 ============================================================ 16:21:25.0047 2464 Scan interrupted by user! 16:21:25.0047 2464 Scan interrupted by user! 16:21:25.0047 2464 Scan interrupted by user! 16:21:25.0047 2464 ============================================================ 16:21:25.0047 2464 Scan finished 16:21:25.0047 2464 ============================================================ 16:21:25.0051 2284 Detected object count: 0 16:21:25.0051 2284 Actual detected object count: 0 16:21:27.0356 1892 ============================================================ 16:21:27.0356 1892 Scan started 16:21:27.0356 1892 Mode: Manual; SigCheck; TDLFS; 16:21:27.0356 1892 ============================================================ 16:21:27.0656 1892 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 16:21:27.0669 1892 1394ohci - ok 16:21:27.0697 1892 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 16:21:27.0706 1892 ACPI - ok 16:21:27.0718 1892 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 16:21:27.0726 1892 AcpiPmi - ok 16:21:27.0755 1892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:21:27.0764 1892 adp94xx - ok 16:21:27.0786 1892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:21:27.0794 1892 adpahci - ok 16:21:27.0811 1892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:21:27.0818 1892 adpu320 - ok 16:21:27.0841 1892 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 16:21:27.0866 1892 AFD - ok 16:21:27.0880 1892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 16:21:27.0886 1892 agp440 - ok 16:21:27.0898 1892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 16:21:27.0903 1892 aliide - ok 16:21:27.0917 1892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 16:21:27.0923 1892 amdide - ok 16:21:27.0934 1892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:21:27.0941 1892 AmdK8 - ok 16:21:27.0957 1892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:21:27.0964 1892 AmdPPM - ok 16:21:27.0979 1892 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 16:21:27.0985 1892 amdsata - ok 16:21:28.0006 1892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:21:28.0013 1892 amdsbs - ok 16:21:28.0030 1892 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 16:21:28.0036 1892 amdxata - ok 16:21:28.0055 1892 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 16:21:28.0065 1892 AppID - ok 16:21:28.0083 1892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:21:28.0089 1892 arc - ok 16:21:28.0101 1892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:21:28.0107 1892 arcsas - ok 16:21:28.0130 1892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:21:28.0152 1892 AsyncMac - ok 16:21:28.0170 1892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 16:21:28.0175 1892 atapi - ok 16:21:28.0197 1892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:21:28.0206 1892 b06bdrv - ok 16:21:28.0225 1892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:21:28.0233 1892 b57nd60a - ok 16:21:28.0256 1892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:21:28.0277 1892 Beep - ok 16:21:28.0292 1892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:21:28.0298 1892 blbdrive - ok 16:21:28.0304 1892 BMDDeckLinkAudio - ok 16:21:28.0322 1892 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 16:21:28.0345 1892 bowser - ok 16:21:28.0351 1892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:21:28.0359 1892 BrFiltLo - ok 16:21:28.0371 1892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:21:28.0379 1892 BrFiltUp - ok 16:21:28.0402 1892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:21:28.0410 1892 Brserid - ok 16:21:28.0424 1892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:21:28.0432 1892 BrSerWdm - ok 16:21:28.0442 1892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:21:28.0450 1892 BrUsbMdm - ok 16:21:28.0460 1892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:21:28.0466 1892 BrUsbSer - ok 16:21:28.0485 1892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:21:28.0494 1892 BTHMODEM - ok 16:21:28.0516 1892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:21:28.0538 1892 cdfs - ok 16:21:28.0555 1892 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 16:21:28.0562 1892 cdrom - ok 16:21:28.0577 1892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:21:28.0585 1892 circlass - ok 16:21:28.0639 1892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:21:28.0648 1892 CLFS - ok 16:21:28.0671 1892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:21:28.0678 1892 CmBatt - ok 16:21:28.0684 1892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 16:21:28.0690 1892 cmdide - ok 16:21:28.0712 1892 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 16:21:28.0724 1892 CNG - ok 16:21:28.0739 1892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:21:28.0744 1892 Compbatt - ok 16:21:28.0764 1892 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:21:28.0772 1892 CompositeBus - ok 16:21:28.0788 1892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:21:28.0793 1892 crcdisk - ok 16:21:28.0822 1892 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 16:21:28.0831 1892 CSC - ok 16:21:28.0885 1892 CT20XUT (ec6e627726458cea756e23d50d0a9317) C:\Windows\system32\drivers\CT20XUT.SYS 16:21:28.0891 1892 CT20XUT - ok 16:21:28.0910 1892 CT20XUT.SYS (ec6e627726458cea756e23d50d0a9317) C:\Windows\System32\drivers\CT20XUT.SYS 16:21:28.0915 1892 CT20XUT.SYS - ok 16:21:28.0968 1892 ctac32k (7e5632b884b1c4672efe245dafc0beea) C:\Windows\system32\drivers\ctac32k.sys 16:21:28.0977 1892 ctac32k - ok 16:21:29.0003 1892 ctaud2k (4e7d47fe0204c84acde44a68038c4444) C:\Windows\system32\drivers\ctaud2k.sys 16:21:29.0013 1892 ctaud2k - ok 16:21:29.0041 1892 CTEXFIFX (05210b19e4155114931fa79bc6536cf7) C:\Windows\system32\drivers\CTEXFIFX.SYS 16:21:29.0058 1892 CTEXFIFX - ok 16:21:29.0091 1892 CTEXFIFX.SYS (05210b19e4155114931fa79bc6536cf7) C:\Windows\System32\drivers\CTEXFIFX.SYS 16:21:29.0108 1892 CTEXFIFX.SYS - ok 16:21:29.0178 1892 CTHWIUT (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\system32\drivers\CTHWIUT.SYS 16:21:29.0182 1892 CTHWIUT - ok 16:21:29.0189 1892 CTHWIUT.SYS (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\System32\drivers\CTHWIUT.SYS 16:21:29.0194 1892 CTHWIUT.SYS - ok 16:21:29.0208 1892 ctprxy2k (abbc4148947befd2e8eada93cbe4bce5) C:\Windows\system32\drivers\ctprxy2k.sys 16:21:29.0211 1892 ctprxy2k - ok 16:21:29.0230 1892 ctsfm2k (9a1316b48404f6840cec030a1f95df96) C:\Windows\system32\drivers\ctsfm2k.sys 16:21:29.0235 1892 ctsfm2k - ok 16:21:29.0244 1892 DeckLink - ok 16:21:29.0256 1892 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 16:21:29.0279 1892 DfsC - ok 16:21:29.0290 1892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:21:29.0312 1892 discache - ok 16:21:29.0323 1892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:21:29.0328 1892 Disk - ok 16:21:29.0383 1892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:21:29.0391 1892 drmkaud - ok 16:21:29.0416 1892 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys 16:21:29.0444 1892 DXGKrnl - ok 16:21:29.0503 1892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:21:29.0533 1892 ebdrv - ok 16:21:29.0558 1892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:21:29.0568 1892 elxstor - ok 16:21:29.0613 1892 EMSLink (fc4c0e4260b72babb7d76ae089a91573) C:\Windows\system32\Drivers\EMSLink_amd64.sys 16:21:29.0616 1892 EMSLink - ok 16:21:29.0630 1892 emupia (8eca8c2f31bbbb1ac3acbcdfa9ab286f) C:\Windows\system32\drivers\emupia2k.sys 16:21:29.0635 1892 emupia - ok 16:21:29.0650 1892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 16:21:29.0657 1892 ErrDev - ok 16:21:29.0677 1892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:21:29.0700 1892 exfat - ok 16:21:29.0719 1892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:21:29.0742 1892 fastfat - ok 16:21:29.0753 1892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:21:29.0760 1892 fdc - ok 16:21:29.0772 1892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:21:29.0778 1892 FileInfo - ok 16:21:29.0795 1892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:21:29.0817 1892 Filetrace - ok 16:21:29.0828 1892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:21:29.0835 1892 flpydisk - ok 16:21:29.0854 1892 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 16:21:29.0863 1892 FltMgr - ok 16:21:29.0881 1892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:21:29.0886 1892 FsDepends - ok 16:21:29.0906 1892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:21:29.0911 1892 Fs_Rec - ok 16:21:29.0961 1892 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 16:21:29.0969 1892 fvevol - ok 16:21:29.0985 1892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:21:29.0991 1892 gagp30kx - ok 16:21:30.0031 1892 ha20x22k (7464c4d841c61e36a6177a6cb8f4aa2e) C:\Windows\system32\drivers\ha20x22k.sys 16:21:30.0050 1892 ha20x22k - ok 16:21:30.0087 1892 ha20x2k (d93cefe9932de9f969bb5d18c38e9566) C:\Windows\system32\drivers\ha20x2k.sys 16:21:30.0105 1892 ha20x2k - ok 16:21:30.0158 1892 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys 16:21:30.0162 1892 Hardlock ( UnsignedFile.Multi.Generic ) - warning 16:21:30.0162 1892 Hardlock - detected UnsignedFile.Multi.Generic (1) 16:21:30.0178 1892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:21:30.0184 1892 hcw85cir - ok 16:21:30.0235 1892 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 16:21:30.0245 1892 HdAudAddService - ok 16:21:30.0256 1892 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:21:30.0265 1892 HDAudBus - ok 16:21:30.0272 1892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:21:30.0279 1892 HidBatt - ok 16:21:30.0293 1892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:21:30.0302 1892 HidBth - ok 16:21:30.0316 1892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:21:30.0325 1892 HidIr - ok 16:21:30.0346 1892 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 16:21:30.0353 1892 HidUsb - ok 16:21:30.0377 1892 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 16:21:30.0383 1892 HpSAMD - ok 16:21:30.0409 1892 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 16:21:30.0435 1892 HTTP - ok 16:21:30.0442 1892 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 16:21:30.0447 1892 hwpolicy - ok 16:21:30.0465 1892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 16:21:30.0472 1892 i8042prt - ok 16:21:30.0525 1892 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 16:21:30.0534 1892 iaStorV - ok 16:21:30.0554 1892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:21:30.0559 1892 iirsp - ok 16:21:30.0571 1892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 16:21:30.0577 1892 intelide - ok 16:21:30.0594 1892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:21:30.0601 1892 intelppm - ok 16:21:30.0622 1892 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:21:30.0644 1892 IpFilterDriver - ok 16:21:30.0663 1892 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 16:21:30.0670 1892 IPMIDRV - ok 16:21:30.0688 1892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:21:30.0710 1892 IPNAT - ok 16:21:30.0725 1892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:21:30.0735 1892 IRENUM - ok 16:21:30.0751 1892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 16:21:30.0757 1892 isapnp - ok 16:21:30.0780 1892 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 16:21:30.0787 1892 iScsiPrt - ok 16:21:30.0807 1892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:21:30.0812 1892 kbdclass - ok 16:21:30.0826 1892 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 16:21:30.0833 1892 kbdhid - ok 16:21:30.0847 1892 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 16:21:30.0853 1892 KSecDD - ok 16:21:30.0900 1892 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 16:21:30.0906 1892 KSecPkg - ok 16:21:30.0920 1892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:21:30.0942 1892 ksthunk - ok 16:21:30.0962 1892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:21:30.0984 1892 lltdio - ok 16:21:31.0007 1892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:21:31.0013 1892 LSI_FC - ok 16:21:31.0025 1892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:21:31.0031 1892 LSI_SAS - ok 16:21:31.0048 1892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:21:31.0053 1892 LSI_SAS2 - ok 16:21:31.0069 1892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:21:31.0076 1892 LSI_SCSI - ok 16:21:31.0095 1892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:21:31.0118 1892 luafv - ok 16:21:31.0167 1892 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 16:21:31.0172 1892 MBAMProtector - ok 16:21:31.0192 1892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:21:31.0198 1892 megasas - ok 16:21:31.0215 1892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:21:31.0223 1892 MegaSR - ok 16:21:31.0237 1892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:21:31.0260 1892 Modem - ok 16:21:31.0276 1892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:21:31.0284 1892 monitor - ok 16:21:31.0300 1892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:21:31.0305 1892 mouclass - ok 16:21:31.0317 1892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:21:31.0324 1892 mouhid - ok 16:21:31.0333 1892 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 16:21:31.0340 1892 mountmgr - ok 16:21:31.0358 1892 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 16:21:31.0364 1892 mpio - ok 16:21:31.0387 1892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:21:31.0410 1892 mpsdrv - ok 16:21:31.0431 1892 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 16:21:31.0441 1892 MRxDAV - ok 16:21:31.0464 1892 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:21:31.0486 1892 mrxsmb - ok 16:21:31.0500 1892 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:21:31.0524 1892 mrxsmb10 - ok 16:21:31.0535 1892 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:21:31.0558 1892 mrxsmb20 - ok 16:21:31.0571 1892 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 16:21:31.0576 1892 msahci - ok 16:21:31.0595 1892 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 16:21:31.0602 1892 msdsm - ok 16:21:31.0612 1892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:21:31.0635 1892 Msfs - ok 16:21:31.0649 1892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:21:31.0671 1892 mshidkmdf - ok 16:21:31.0687 1892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 16:21:31.0692 1892 msisadrv - ok 16:21:31.0709 1892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:21:31.0731 1892 MSKSSRV - ok 16:21:31.0744 1892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:21:31.0766 1892 MSPCLOCK - ok 16:21:31.0773 1892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:21:31.0795 1892 MSPQM - ok 16:21:31.0815 1892 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 16:21:31.0823 1892 MsRPC - ok 16:21:31.0838 1892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:21:31.0843 1892 mssmbios - ok 16:21:31.0859 1892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:21:31.0881 1892 MSTEE - ok 16:21:31.0894 1892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:21:31.0900 1892 MTConfig - ok 16:21:31.0916 1892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:21:31.0922 1892 Mup - ok 16:21:31.0940 1892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:21:31.0951 1892 NativeWifiP - ok 16:21:31.0973 1892 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 16:21:31.0987 1892 NDIS - ok 16:21:32.0001 1892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:21:32.0023 1892 NdisCap - ok 16:21:32.0039 1892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:21:32.0061 1892 NdisTapi - ok 16:21:32.0077 1892 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 16:21:32.0099 1892 Ndisuio - ok 16:21:32.0116 1892 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:21:32.0139 1892 NdisWan - ok 16:21:32.0152 1892 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 16:21:32.0174 1892 NDProxy - ok 16:21:32.0190 1892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:21:32.0213 1892 NetBIOS - ok 16:21:32.0225 1892 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 16:21:32.0248 1892 NetBT - ok 16:21:32.0271 1892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:21:32.0277 1892 nfrd960 - ok 16:21:32.0295 1892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:21:32.0317 1892 Npfs - ok 16:21:32.0334 1892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:21:32.0356 1892 nsiproxy - ok 16:21:32.0408 1892 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 16:21:32.0429 1892 Ntfs - ok 16:21:32.0469 1892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:21:32.0491 1892 Null - ok 16:21:32.0548 1892 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 16:21:32.0557 1892 NVENETFD - ok 16:21:32.0740 1892 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:21:32.0873 1892 nvlddmkm - ok 16:21:32.0895 1892 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 16:21:32.0902 1892 nvraid - ok 16:21:32.0918 1892 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 16:21:32.0925 1892 nvstor - ok 16:21:32.0948 1892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 16:21:32.0955 1892 nv_agp - ok 16:21:32.0968 1892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 16:21:32.0975 1892 ohci1394 - ok 16:21:33.0024 1892 ossrv (44a8cf12bf79e62a65a5f9e3087964c9) C:\Windows\system32\drivers\ctoss2k.sys 16:21:33.0029 1892 ossrv - ok 16:21:33.0048 1892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:21:33.0056 1892 Parport - ok 16:21:33.0075 1892 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 16:21:33.0081 1892 partmgr - ok 16:21:33.0098 1892 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 16:21:33.0104 1892 pci - ok 16:21:33.0116 1892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 16:21:33.0122 1892 pciide - ok 16:21:33.0175 1892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:21:33.0182 1892 pcmcia - ok 16:21:33.0198 1892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:21:33.0204 1892 pcw - ok 16:21:33.0228 1892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:21:33.0255 1892 PEAUTH - ok 16:21:33.0282 1892 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 16:21:33.0304 1892 PptpMiniport - ok 16:21:33.0319 1892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:21:33.0326 1892 Processor - ok 16:21:33.0348 1892 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 16:21:33.0372 1892 Psched - ok 16:21:33.0411 1892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:21:33.0431 1892 ql2300 - ok 16:21:33.0453 1892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:21:33.0460 1892 ql40xx - ok 16:21:33.0477 1892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:21:33.0487 1892 QWAVEdrv - ok 16:21:33.0505 1892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:21:33.0527 1892 RasAcd - ok 16:21:33.0573 1892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:21:33.0595 1892 RasAgileVpn - ok 16:21:33.0614 1892 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:21:33.0638 1892 Rasl2tp - ok 16:21:33.0651 1892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:21:33.0673 1892 RasPppoe - ok 16:21:33.0686 1892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:21:33.0708 1892 RasSstp - ok 16:21:33.0725 1892 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 16:21:33.0748 1892 rdbss - ok 16:21:33.0764 1892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:21:33.0772 1892 rdpbus - ok 16:21:33.0783 1892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:21:33.0805 1892 RDPCDD - ok 16:21:33.0832 1892 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 16:21:33.0839 1892 RDPDR - ok 16:21:33.0857 1892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:21:33.0879 1892 RDPENCDD - ok 16:21:33.0896 1892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:21:33.0918 1892 RDPREFMP - ok 16:21:33.0939 1892 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 16:21:33.0963 1892 RDPWD - ok 16:21:33.0982 1892 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 16:21:33.0989 1892 rdyboost - ok 16:21:34.0040 1892 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 16:21:34.0045 1892 regi - ok 16:21:34.0063 1892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:21:34.0085 1892 rspndr - ok 16:21:34.0134 1892 RT2500 (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys 16:21:34.0141 1892 RT2500 - ok 16:21:34.0197 1892 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys 16:21:34.0205 1892 rt61x64 - ok 16:21:34.0232 1892 rt70x64 (ab19660a0d9adfe9b65f8f24571dd75b) C:\Windows\system32\DRIVERS\netr7064.sys 16:21:34.0239 1892 rt70x64 - ok 16:21:34.0301 1892 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 16:21:34.0307 1892 s3cap - ok 16:21:34.0330 1892 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 16:21:34.0336 1892 sbp2port - ok 16:21:34.0360 1892 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 16:21:34.0384 1892 scfilter - ok 16:21:34.0400 1892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:21:34.0422 1892 secdrv - ok 16:21:34.0445 1892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:21:34.0452 1892 Serenum - ok 16:21:34.0467 1892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:21:34.0475 1892 Serial - ok 16:21:34.0489 1892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:21:34.0496 1892 sermouse - ok 16:21:34.0516 1892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 16:21:34.0524 1892 sffdisk - ok 16:21:34.0534 1892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 16:21:34.0542 1892 sffp_mmc - ok 16:21:34.0556 1892 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 16:21:34.0565 1892 sffp_sd - ok 16:21:34.0581 1892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:21:34.0588 1892 sfloppy - ok 16:21:34.0602 1892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:21:34.0608 1892 SiSRaid2 - ok 16:21:34.0628 1892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:21:34.0634 1892 SiSRaid4 - ok 16:21:34.0653 1892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:21:34.0676 1892 Smb - ok 16:21:34.0697 1892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:21:34.0702 1892 spldr - ok 16:21:34.0728 1892 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys 16:21:34.0752 1892 srv - ok 16:21:34.0773 1892 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 16:21:34.0798 1892 srv2 - ok 16:21:34.0809 1892 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys 16:21:34.0832 1892 srvnet - ok 16:21:34.0850 1892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:21:34.0856 1892 stexstor - ok 16:21:34.0871 1892 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 16:21:34.0877 1892 storflt - ok 16:21:34.0890 1892 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 16:21:34.0896 1892 storvsc - ok 16:21:34.0914 1892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:21:34.0919 1892 swenum - ok 16:21:34.0967 1892 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys 16:21:34.0991 1892 Tcpip - ok 16:21:35.0026 1892 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys 16:21:35.0049 1892 TCPIP6 - ok 16:21:35.0068 1892 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 16:21:35.0090 1892 tcpipreg - ok 16:21:35.0111 1892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:21:35.0133 1892 TDPIPE - ok 16:21:35.0149 1892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 16:21:35.0171 1892 TDTCP - ok 16:21:35.0188 1892 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 16:21:35.0211 1892 tdx - ok 16:21:35.0228 1892 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 16:21:35.0234 1892 TermDD - ok 16:21:35.0256 1892 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:21:35.0278 1892 tssecsrv - ok 16:21:35.0293 1892 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 16:21:35.0316 1892 tunnel - ok 16:21:35.0336 1892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:21:35.0342 1892 uagp35 - ok 16:21:35.0364 1892 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 16:21:35.0389 1892 udfs - ok 16:21:35.0409 1892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 16:21:35.0415 1892 uliagpkx - ok 16:21:35.0434 1892 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 16:21:35.0441 1892 umbus - ok 16:21:35.0454 1892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:21:35.0461 1892 UmPass - ok 16:21:35.0482 1892 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 16:21:35.0489 1892 usbccgp - ok 16:21:35.0512 1892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 16:21:35.0520 1892 usbcir - ok 16:21:35.0535 1892 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 16:21:35.0542 1892 usbehci - ok 16:21:35.0597 1892 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 16:21:35.0605 1892 usbhub - ok 16:21:35.0621 1892 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 16:21:35.0627 1892 usbohci - ok 16:21:35.0642 1892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:21:35.0651 1892 usbprint - ok 16:21:35.0670 1892 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:21:35.0677 1892 USBSTOR - ok 16:21:35.0689 1892 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 16:21:35.0696 1892 usbuhci - ok 16:21:35.0718 1892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 16:21:35.0723 1892 vdrvroot - ok 16:21:35.0742 1892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:21:35.0750 1892 vga - ok 16:21:35.0763 1892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:21:35.0785 1892 VgaSave - ok 16:21:35.0805 1892 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 16:21:35.0812 1892 vhdmp - ok 16:21:35.0829 1892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 16:21:35.0834 1892 viaide - ok 16:21:35.0852 1892 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 16:21:35.0859 1892 vmbus - ok 16:21:35.0876 1892 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 16:21:35.0882 1892 VMBusHID - ok 16:21:35.0895 1892 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 16:21:35.0900 1892 volmgr - ok 16:21:35.0922 1892 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 16:21:35.0931 1892 volmgrx - ok 16:21:35.0945 1892 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 16:21:35.0953 1892 volsnap - ok 16:21:36.0008 1892 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys 16:21:36.0015 1892 vpcbus - ok 16:21:36.0041 1892 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys 16:21:36.0048 1892 vpcnfltr - ok 16:21:36.0101 1892 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys 16:21:36.0108 1892 vpcusb - ok 16:21:36.0139 1892 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys 16:21:36.0148 1892 vpcvmm - ok 16:21:36.0172 1892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:21:36.0179 1892 vsmraid - ok 16:21:36.0187 1892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:21:36.0196 1892 vwifibus - ok 16:21:36.0215 1892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:21:36.0224 1892 vwififlt - ok 16:21:36.0245 1892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:21:36.0252 1892 WacomPen - ok 16:21:36.0271 1892 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:21:36.0293 1892 WANARP - ok 16:21:36.0296 1892 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:21:36.0319 1892 Wanarpv6 - ok 16:21:36.0337 1892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:21:36.0342 1892 Wd - ok 16:21:36.0364 1892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:21:36.0376 1892 Wdf01000 - ok 16:21:36.0395 1892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:21:36.0417 1892 WfpLwf - ok 16:21:36.0430 1892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:21:36.0436 1892 WIMMount - ok 16:21:36.0455 1892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:21:36.0462 1892 WmiAcpi - ok 16:21:36.0485 1892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:21:36.0507 1892 ws2ifsl - ok 16:21:36.0525 1892 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 16:21:36.0547 1892 WudfPf - ok 16:21:36.0563 1892 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:21:36.0586 1892 WUDFRd - ok 16:21:36.0616 1892 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys 16:21:36.0629 1892 xnacc - ok 16:21:36.0650 1892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:21:36.0687 1892 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 16:21:36.0687 1892 \Device\Harddisk0\DR0 - detected TDSS File System (1) 16:21:36.0689 1892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 16:21:36.0806 1892 \Device\Harddisk1\DR1 - ok 16:21:36.0816 1892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 16:21:36.0994 1892 \Device\Harddisk2\DR2 - ok 16:21:36.0996 1892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3 16:21:37.0426 1892 \Device\Harddisk3\DR3 - ok 16:21:37.0429 1892 Boot (0x1200) (a23c2af6b185cc02ed245d5f37c7cf75) \Device\Harddisk0\DR0\Partition0 16:21:37.0430 1892 \Device\Harddisk0\DR0\Partition0 - ok 16:21:37.0432 1892 Boot (0x1200) (7299c1c8df3f2a0f8287bfe935068d19) \Device\Harddisk1\DR1\Partition0 16:21:37.0432 1892 \Device\Harddisk1\DR1\Partition0 - ok 16:21:37.0434 1892 Boot (0x1200) (0cc6d5ae683b783b3283e5393857925f) \Device\Harddisk2\DR2\Partition0 16:21:37.0435 1892 \Device\Harddisk2\DR2\Partition0 - ok 16:21:37.0437 1892 Boot (0x1200) (bef6f33be0d4893646212ea58b6b053a) \Device\Harddisk3\DR3\Partition0 16:21:37.0438 1892 \Device\Harddisk3\DR3\Partition0 - ok 16:21:37.0438 1892 ============================================================ 16:21:37.0438 1892 Scan finished 16:21:37.0438 1892 ============================================================ 16:21:37.0442 1700 Detected object count: 2 16:21:37.0442 1700 Actual detected object count: 2
  8. sand2minister
    Last night System Fix hit me and I spent quite a while trying to clean things up. Using a combination of MBAM, tdsskiller, and rkill, I got the situation under control and am able to use my computer. When I run a full scan using MBAM, though, it sometimes lists PUP.Bitminer as a current infection, though it is always unchecked by default in the removal/quarantine screen. Since my last scan and attempted removal, it has not shown up in any MBAM scans, but I am still experiencing the random browser redirection (typically with Google results) that is associated with this malware. I've reached the end of my knowledge when it comes to malware removal and because of the huge security risk PUP.Bitminer poses I need some experienced help. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by SypherPhoenix at 18:44:31 on 2011-12-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2596 [GMT -5:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\No-IP\DUC20.exe C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = *.local BHO: AutorunsDisabled - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\SYPHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\SYPHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC20.exe uPolicies-explorer: NoSearchInternetInStartMenu = 1 (0x1) uPolicies-explorer: NoCloseDragDropBands = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: HideFastUserSwitching = 1 (0x1) IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.20.1 TCP: Interfaces\{6B37B166-E013-453C-AEAC-976CDC4B4E82} : DhcpNameServer = 192.168.20.1 SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: AutorunsDisabled - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q= FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-6 366152] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-5 2253120] R2 regi;regi;C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EMSLink;EMS Inter-Link driver V3.0;C:\Windows\system32\Drivers\EMSLink_amd64.sys --> C:\Windows\system32\Drivers\EMSLink_amd64.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-17 136176] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-27 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-27 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-17 136176] S3 rt70x64;BUFFALO RT2500 USB Wireless Driver;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?] S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-10-3 74392] S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-06 13:39:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-12-06 11:13:47 -------- d-----w- C:\Users\SypherPhoenix\AppData\Roaming\NVIDIA 2011-12-06 09:50:08 -------- d-----we C:\Windows\system64 2011-11-18 21:32:59 735744 ----a-w- C:\Windows\System32\LameACM.acm 2011-11-18 19:36:53 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 8 . ==================== Find3M ==================== . 2011-12-06 23:27:23 3764 --sha-w- C:\ProgramData\KGyGaAvL.sys 2011-11-26 17:26:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 18:44:52.19 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 5/27/2010 12:28:19 AM System Uptime: 12/6/2011 5:12:38 PM (1 hours ago) . Motherboard: XFX | | XFX nForce 790i Ultra 3-Way SLI Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 298 GiB total, 65.157 GiB free. D: is FIXED (NTFS) - 149 GiB total, 101.651 GiB free. E: is FIXED (NTFS) - 149 GiB total, 104.092 GiB free. F: is CDROM () G: is FIXED (NTFS) - 186 GiB total, 26.189 GiB free. I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Multimedia Video Controller Device ID: PCI\VEN_BDBD&DEV_A117&SUBSYS_A117BDBD&REV_00\0000000100000A3500 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_BDBD&DEV_A117&SUBSYS_A117BDBD&REV_00\0000000100000A3500 Service: . ==== System Restore Points =================== . RP260: 11/14/2011 12:00:01 AM - Scheduled Checkpoint RP261: 11/21/2011 12:26:12 AM - Scheduled Checkpoint RP262: 11/28/2011 1:26:15 AM - Scheduled Checkpoint RP263: 12/5/2011 2:06:50 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 8 Professional Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Third Party Content Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge 1.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 9 ActiveX Adobe Fonts All Adobe Help Center 1.0 Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS2 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Setup Adobe Shockwave Player 11.6 Adobe SING CS3 Adobe Stock Photos 1.0 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 AHV content for Acrobat and Flash AIM 6 AOL Instant Messenger ASIO4ALL Audacity 1.3.12 (Unicode) Auslogics BoostSpeed AviSynth 2.5 Cheat Engine 5.6 Chipamp Command & Conquer Generals Command and ConquerTM Generals Zero Hour Compatibility Pack for the 2007 Office system Corel WinDVD 9 Creative Audio Control Panel Creative Sound Blaster Properties x64 Edition Creative System Information DC++ 0.781 DivX Setup Dolby Digital Live Pack DTS Connect Pack FL Studio 9 FLAC 1.2.1b (remove only) GGPO Google Chrome Google Earth Google Update Helper Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Hardcore HiJackThis Hot Keyboard 2.7 IL Download Manager ImgBurn Java Auto Updater Java 6 Update 26 Lame ACM MP3 Codec League of Legends LightScribe System Software LOLReplay Malwarebytes' Anti-Malware version 1.51.2.1300 Maya 8.5 Maya 8.5 Documentation (en_US) Microsoft GIF Animator Microsoft Office Professional Edition 2003 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MKVtoolnix 3.4.0 Mozilla Firefox (3.6.24) Mp3tag v2.49 Mumble 1.2.3 No-IP.com DUC (remove only) NVIDIA Photoshop Plug-ins NVIDIA Photoshop Plug-ins 64 bit NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenSA2 PCSX2 - Playstation 2 Emulator Pcsx2 0.9.6 PDF Settings PHANTASY STAR ONLINE Blue Burst Plants vs. Zombies PoiZone Pokemon Online 1.0.21 Portal Project64 1.6 QT Lite 4.1.0 RAD Video Tools Ralink RT6x Wireless LAN Card reFX Vanguard VSTi v1.6.1 Sakura Sawer SCHTHACK PSOBB Skype™ 4.2 Sound Blaster X-Fi Steam Steinberg Hypersonic v1.0 SureThing CD Labeler Deluxe 5 tio tournament organizer Toxic Biohazard VC80CRTRedist - 8.0.50727.4053 VLC media player 1.1.11 Winamp Winamp Detector Plug-in Windows Installer Clean Up World of Warcraft x264vfw - H.264/MPEG-4 AVC codec (remove only) Xilisoft Video Converter Xvid 1.2.2 final uninstall . ==== Event Viewer Messages From Past Week ======== . 12/6/2011 8:49:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/6/2011 8:49:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/6/2011 8:49:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/6/2011 8:49:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/6/2011 8:48:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6 12/6/2011 8:48:53 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 8:29:39 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:38:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/6/2011 5:19:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:19:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/6/2011 5:19:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/6/2011 5:17:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2011 5:16:17 AM, Error: sptd [4] - Driver detected an internal error in its data structures for . 12/6/2011 5:14:11 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 12/6/2011 5:13:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 12/6/2011 5:13:10 PM, Error: Service Control Manager [7000] - The Hardlock service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 12/6/2011 5:13:08 PM, Error: Service Control Manager [7000] - The EMS Inter-Link driver V3.0 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 12/6/2011 5:06:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd vpcvmm Wanarpv6 12/5/2011 10:53:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.