Jump to content

PUP.Bitminer Infection, residual of a "System Fix" virus

sand2minister
 Share

Recommended Posts

sand2minister

sand2minister

Posted
Posted

Last night System Fix hit me and I spent quite a while trying to clean things up. Using a combination of MBAM, tdsskiller, and rkill, I got the situation under control and am able to use my computer. When I run a full scan using MBAM, though, it sometimes lists PUP.Bitminer as a current infection, though it is always unchecked by default in the removal/quarantine screen. Since my last scan and attempted removal, it has not shown up in any MBAM scans, but I am still experiencing the random browser redirection (typically with Google results) that is associated with this malware. I've reached the end of my knowledge when it comes to malware removal and because of the huge security risk PUP.Bitminer poses I need some experienced help.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by SypherPhoenix at 18:44:31 on 2011-12-06

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2596 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\No-IP\DUC20.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = *.local

BHO: AutorunsDisabled - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\SYPHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\SYPHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC20.exe

uPolicies-explorer: NoSearchInternetInStartMenu = 1 (0x1)

uPolicies-explorer: NoCloseDragDropBands = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.20.1

TCP: Interfaces\{6B37B166-E013-453C-AEAC-976CDC4B4E82} : DhcpNameServer = 192.168.20.1

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: AutorunsDisabled - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-6 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-5 2253120]

R2 regi;regi;C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EMSLink;EMS Inter-Link driver V3.0;C:\Windows\system32\Drivers\EMSLink_amd64.sys --> C:\Windows\system32\Drivers\EMSLink_amd64.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-17 136176]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-27 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-27 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-17 136176]

S3 rt70x64;BUFFALO RT2500 USB Wireless Driver;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?]

S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-10-3 74392]

S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-06 13:39:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-06 11:13:47 -------- d-----w- C:\Users\SypherPhoenix\AppData\Roaming\NVIDIA

2011-12-06 09:50:08 -------- d-----we C:\Windows\system64

2011-11-18 21:32:59 735744 ----a-w- C:\Windows\System32\LameACM.acm

2011-11-18 19:36:53 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 8

.

==================== Find3M ====================

.

2011-12-06 23:27:23 3764 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-11-26 17:26:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 18:44:52.19 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 5/27/2010 12:28:19 AM

System Uptime: 12/6/2011 5:12:38 PM (1 hours ago)

.

Motherboard: XFX | | XFX nForce 790i Ultra 3-Way SLI

Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 298 GiB total, 65.157 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 101.651 GiB free.

E: is FIXED (NTFS) - 149 GiB total, 104.092 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 186 GiB total, 26.189 GiB free.

I: is Removable

J: is Removable

K: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Video Controller

Device ID: PCI\VEN_BDBD&DEV_A117&SUBSYS_A117BDBD&REV_00\0000000100000A3500

Manufacturer:

Name: Multimedia Video Controller

PNP Device ID: PCI\VEN_BDBD&DEV_A117&SUBSYS_A117BDBD&REV_00\0000000100000A3500

Service:

.

==== System Restore Points ===================

.

RP260: 11/14/2011 12:00:01 AM - Scheduled Checkpoint

RP261: 11/21/2011 12:26:12 AM - Scheduled Checkpoint

RP262: 11/28/2011 1:26:15 AM - Scheduled Checkpoint

RP263: 12/5/2011 2:06:50 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Common File Installer

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 9 ActiveX

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS2

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Setup

Adobe Shockwave Player 11.6

Adobe SING CS3

Adobe Stock Photos 1.0

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

AIM 6

AOL Instant Messenger

ASIO4ALL

Audacity 1.3.12 (Unicode)

Auslogics BoostSpeed

AviSynth 2.5

Cheat Engine 5.6

Chipamp

Command & Conquer Generals

Command and ConquerTM Generals Zero Hour

Compatibility Pack for the 2007 Office system

Corel WinDVD 9

Creative Audio Control Panel

Creative Sound Blaster Properties x64 Edition

Creative System Information

DC++ 0.781

DivX Setup

Dolby Digital Live Pack

DTS Connect Pack

FL Studio 9

FLAC 1.2.1b (remove only)

GGPO

Google Chrome

Google Earth

Google Update Helper

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Hardcore

HiJackThis

Hot Keyboard 2.7

IL Download Manager

ImgBurn

Java Auto Updater

Java 6 Update 26

Lame ACM MP3 Codec

League of Legends

LightScribe System Software

LOLReplay

Malwarebytes' Anti-Malware version 1.51.2.1300

Maya 8.5

Maya 8.5 Documentation (en_US)

Microsoft GIF Animator

Microsoft Office Professional Edition 2003

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MKVtoolnix 3.4.0

Mozilla Firefox (3.6.24)

Mp3tag v2.49

Mumble 1.2.3

No-IP.com DUC (remove only)

NVIDIA Photoshop Plug-ins

NVIDIA Photoshop Plug-ins 64 bit

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

OpenSA2

PCSX2 - Playstation 2 Emulator

Pcsx2 0.9.6

PDF Settings

PHANTASY STAR ONLINE Blue Burst

Plants vs. Zombies

PoiZone

Pokemon Online 1.0.21

Portal

Project64 1.6

QT Lite 4.1.0

RAD Video Tools

Ralink RT6x Wireless LAN Card

reFX Vanguard VSTi v1.6.1

Sakura

Sawer

SCHTHACK PSOBB

Skype™ 4.2

Sound Blaster X-Fi

Steam

Steinberg Hypersonic v1.0

SureThing CD Labeler Deluxe 5

tio tournament organizer

Toxic Biohazard

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.11

Winamp

Winamp Detector Plug-in

Windows Installer Clean Up

World of Warcraft

x264vfw - H.264/MPEG-4 AVC codec (remove only)

Xilisoft Video Converter

Xvid 1.2.2 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

12/6/2011 8:49:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/6/2011 8:49:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/6/2011 8:49:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/6/2011 8:49:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/6/2011 8:48:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6

12/6/2011 8:48:53 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 8:29:39 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:38:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/6/2011 5:19:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:19:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/6/2011 5:19:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/6/2011 5:17:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 5:17:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 5:16:17 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

12/6/2011 5:14:11 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/6/2011 5:13:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

12/6/2011 5:13:10 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/6/2011 5:13:10 PM, Error: Service Control Manager [7000] - The Hardlock service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

12/6/2011 5:13:08 PM, Error: Service Control Manager [7000] - The EMS Inter-Link driver V3.0 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

12/6/2011 5:06:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd vpcvmm Wanarpv6

12/5/2011 10:53:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello jdwharton! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Manually delete your copy of TDSSKiller.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites
sand2minister

sand2minister

Posted
  • Author
Posted

There was no cure option in TDDSKiller, so the results were skipped. Logs had to be divided into two posts due to the character limit.

16:19:05.0194 2068 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

16:19:05.0384 2068 ============================================================

16:19:05.0384 2068 Current date / time: 2011/12/07 16:19:05.0384

16:19:05.0384 2068 SystemInfo:

16:19:05.0384 2068

16:19:05.0384 2068 OS Version: 6.1.7600 ServicePack: 0.0

16:19:05.0384 2068 Product type: Workstation

16:19:05.0384 2068 ComputerName: PHOENIXNEST

16:19:05.0385 2068 UserName: SypherPhoenix

16:19:05.0385 2068 Windows directory: C:\Windows

16:19:05.0385 2068 System windows directory: C:\Windows

16:19:05.0385 2068 Running under WOW64

16:19:05.0385 2068 Processor architecture: Intel x64

16:19:05.0385 2068 Number of processors: 2

16:19:05.0385 2068 Page size: 0x1000

16:19:05.0385 2068 Boot type: Normal boot

16:19:05.0385 2068 ============================================================

16:19:07.0621 2068 Initialize success

16:19:26.0216 2312 ============================================================

16:19:26.0216 2312 Scan started

16:19:26.0216 2312 Mode: Manual; SigCheck; TDLFS;

16:19:26.0216 2312 ============================================================

16:19:27.0620 2312 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

16:19:27.0702 2312 1394ohci - ok

16:19:27.0736 2312 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

16:19:27.0746 2312 ACPI - ok

16:19:27.0790 2312 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

16:19:27.0841 2312 AcpiPmi - ok

16:19:27.0910 2312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:19:27.0922 2312 adp94xx - ok

16:19:27.0958 2312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:19:27.0968 2312 adpahci - ok

16:19:27.0982 2312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:19:27.0991 2312 adpu320 - ok

16:19:28.0038 2312 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

16:19:28.0185 2312 AFD - ok

16:19:28.0210 2312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

16:19:28.0217 2312 agp440 - ok

16:19:28.0236 2312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

16:19:28.0242 2312 aliide - ok

16:19:28.0256 2312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

16:19:28.0262 2312 amdide - ok

16:19:28.0289 2312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:19:28.0322 2312 AmdK8 - ok

16:19:28.0346 2312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:19:28.0371 2312 AmdPPM - ok

16:19:28.0401 2312 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

16:19:28.0408 2312 amdsata - ok

16:19:28.0445 2312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:19:28.0453 2312 amdsbs - ok

16:19:28.0511 2312 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

16:19:28.0516 2312 amdxata - ok

16:19:28.0543 2312 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

16:19:28.0611 2312 AppID - ok

16:19:28.0647 2312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:19:28.0653 2312 arc - ok

16:19:28.0665 2312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:19:28.0671 2312 arcsas - ok

16:19:28.0710 2312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:19:28.0756 2312 AsyncMac - ok

16:19:28.0783 2312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

16:19:28.0789 2312 atapi - ok

16:19:28.0936 2312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:19:28.0979 2312 b06bdrv - ok

16:19:29.0022 2312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:19:29.0059 2312 b57nd60a - ok

16:19:29.0086 2312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:19:29.0123 2312 Beep - ok

16:19:29.0155 2312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:19:29.0180 2312 blbdrive - ok

16:19:29.0215 2312 BMDDeckLinkAudio - ok

16:19:29.0236 2312 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

16:19:29.0271 2312 bowser - ok

16:19:29.0301 2312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:19:29.0326 2312 BrFiltLo - ok

16:19:29.0351 2312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:19:29.0360 2312 BrFiltUp - ok

16:19:29.0396 2312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:19:29.0424 2312 Brserid - ok

16:19:29.0446 2312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:19:29.0474 2312 BrSerWdm - ok

16:19:29.0522 2312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:19:29.0536 2312 BrUsbMdm - ok

16:19:29.0548 2312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:19:29.0574 2312 BrUsbSer - ok

16:19:29.0607 2312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:19:29.0616 2312 BTHMODEM - ok

16:19:29.0646 2312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:19:29.0669 2312 cdfs - ok

16:19:29.0701 2312 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

16:19:29.0725 2312 cdrom - ok

16:19:29.0766 2312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:19:29.0798 2312 circlass - ok

16:19:29.0901 2312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:19:29.0919 2312 CLFS - ok

16:19:29.0952 2312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:19:29.0978 2312 CmBatt - ok

16:19:29.0998 2312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

16:19:30.0004 2312 cmdide - ok

16:19:30.0026 2312 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

16:19:30.0040 2312 CNG - ok

16:19:30.0053 2312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:19:30.0058 2312 Compbatt - ok

16:19:30.0077 2312 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:19:30.0104 2312 CompositeBus - ok

16:19:30.0126 2312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:19:30.0132 2312 crcdisk - ok

16:19:30.0185 2312 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

16:19:30.0230 2312 CSC - ok

16:19:30.0440 2312 CT20XUT (ec6e627726458cea756e23d50d0a9317) C:\Windows\system32\drivers\CT20XUT.SYS

16:19:30.0589 2312 CT20XUT - ok

16:19:30.0727 2312 CT20XUT.SYS (ec6e627726458cea756e23d50d0a9317) C:\Windows\System32\drivers\CT20XUT.SYS

16:19:30.0732 2312 CT20XUT.SYS - ok

16:19:31.0008 2312 ctac32k (7e5632b884b1c4672efe245dafc0beea) C:\Windows\system32\drivers\ctac32k.sys

16:19:31.0025 2312 ctac32k - ok

16:19:31.0275 2312 ctaud2k (4e7d47fe0204c84acde44a68038c4444) C:\Windows\system32\drivers\ctaud2k.sys

16:19:31.0285 2312 ctaud2k - ok

16:19:31.0596 2312 CTEXFIFX (05210b19e4155114931fa79bc6536cf7) C:\Windows\system32\drivers\CTEXFIFX.SYS

16:19:31.0613 2312 CTEXFIFX - ok

16:19:31.0800 2312 CTEXFIFX.SYS (05210b19e4155114931fa79bc6536cf7) C:\Windows\System32\drivers\CTEXFIFX.SYS

16:19:31.0817 2312 CTEXFIFX.SYS - ok

16:19:31.0949 2312 CTHWIUT (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\system32\drivers\CTHWIUT.SYS

16:19:31.0954 2312 CTHWIUT - ok

16:19:32.0034 2312 CTHWIUT.SYS (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\System32\drivers\CTHWIUT.SYS

16:19:32.0039 2312 CTHWIUT.SYS - ok

16:19:32.0155 2312 ctprxy2k (abbc4148947befd2e8eada93cbe4bce5) C:\Windows\system32\drivers\ctprxy2k.sys

16:19:32.0158 2312 ctprxy2k - ok

16:19:32.0285 2312 ctsfm2k (9a1316b48404f6840cec030a1f95df96) C:\Windows\system32\drivers\ctsfm2k.sys

16:19:32.0290 2312 ctsfm2k - ok

16:19:32.0434 2312 DeckLink - ok

16:19:32.0578 2312 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

16:19:32.0624 2312 DfsC - ok

16:19:32.0779 2312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:19:32.0829 2312 discache - ok

16:19:33.0003 2312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:19:33.0020 2312 Disk - ok

16:19:33.0213 2312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:19:33.0242 2312 drmkaud - ok

16:19:33.0563 2312 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys

16:19:33.0623 2312 DXGKrnl - ok

16:19:34.0242 2312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:19:34.0303 2312 ebdrv - ok

16:19:34.0801 2312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:19:34.0821 2312 elxstor - ok

16:19:35.0069 2312 EMSLink (fc4c0e4260b72babb7d76ae089a91573) C:\Windows\system32\Drivers\EMSLink_amd64.sys

16:19:35.0071 2312 EMSLink - ok

16:19:35.0177 2312 emupia (8eca8c2f31bbbb1ac3acbcdfa9ab286f) C:\Windows\system32\drivers\emupia2k.sys

16:19:35.0182 2312 emupia - ok

16:19:35.0306 2312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

16:19:35.0356 2312 ErrDev - ok

16:19:35.0440 2312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:19:35.0503 2312 exfat - ok

16:19:35.0608 2312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:19:35.0657 2312 fastfat - ok

16:19:35.0750 2312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:19:35.0782 2312 fdc - ok

16:19:35.0902 2312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:19:35.0922 2312 FileInfo - ok

16:19:36.0017 2312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:19:36.0057 2312 Filetrace - ok

16:19:36.0192 2312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:19:36.0217 2312 flpydisk - ok

16:19:36.0354 2312 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

16:19:36.0370 2312 FltMgr - ok

16:19:36.0753 2312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:19:36.0773 2312 FsDepends - ok

16:19:36.0878 2312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:19:36.0883 2312 Fs_Rec - ok

16:19:37.0091 2312 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

16:19:37.0117 2312 fvevol - ok

16:19:37.0241 2312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:19:37.0262 2312 gagp30kx - ok

16:19:38.0003 2312 ha20x22k (7464c4d841c61e36a6177a6cb8f4aa2e) C:\Windows\system32\drivers\ha20x22k.sys

16:19:38.0022 2312 ha20x22k - ok

16:19:38.0418 2312 ha20x2k (d93cefe9932de9f969bb5d18c38e9566) C:\Windows\system32\drivers\ha20x2k.sys

16:19:38.0446 2312 ha20x2k - ok

16:19:39.0015 2312 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys

16:19:39.0028 2312 Hardlock ( UnsignedFile.Multi.Generic ) - warning

16:19:39.0028 2312 Hardlock - detected UnsignedFile.Multi.Generic (1)

16:19:39.0133 2312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:19:39.0165 2312 hcw85cir - ok

16:19:39.0374 2312 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

16:19:39.0408 2312 HdAudAddService - ok

16:19:39.0578 2312 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:19:39.0612 2312 HDAudBus - ok

16:19:39.0696 2312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:19:39.0730 2312 HidBatt - ok

16:19:39.0824 2312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:19:39.0880 2312 HidBth - ok

16:19:40.0122 2312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:19:40.0160 2312 HidIr - ok

16:19:40.0335 2312 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

16:19:40.0374 2312 HidUsb - ok

16:19:40.0649 2312 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:19:40.0673 2312 HpSAMD - ok

16:19:40.0856 2312 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

16:19:40.0899 2312 HTTP - ok

16:19:41.0237 2312 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

16:19:41.0242 2312 hwpolicy - ok

16:19:41.0421 2312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:19:41.0441 2312 i8042prt - ok

16:19:41.0640 2312 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

16:19:41.0656 2312 iaStorV - ok

16:19:41.0992 2312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:19:42.0013 2312 iirsp - ok

16:19:42.0177 2312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

16:19:42.0196 2312 intelide - ok

16:19:42.0316 2312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:19:42.0346 2312 intelppm - ok

16:19:42.0427 2312 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:19:42.0461 2312 IpFilterDriver - ok

16:19:42.0535 2312 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:19:42.0555 2312 IPMIDRV - ok

16:19:42.0693 2312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:19:42.0738 2312 IPNAT - ok

16:19:42.0873 2312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:19:43.0323 2312 IRENUM - ok

16:19:43.0748 2312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

16:19:43.0769 2312 isapnp - ok

16:19:43.0911 2312 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

16:19:43.0933 2312 iScsiPrt - ok

16:19:44.0121 2312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:19:44.0126 2312 kbdclass - ok

16:19:44.0273 2312 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

16:19:44.0306 2312 kbdhid - ok

16:19:44.0411 2312 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

16:19:44.0434 2312 KSecDD - ok

16:19:44.0560 2312 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

16:19:44.0568 2312 KSecPkg - ok

16:19:44.0759 2312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:19:44.0860 2312 ksthunk - ok

16:19:45.0351 2312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:19:45.0398 2312 lltdio - ok

16:19:45.0612 2312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:19:45.0635 2312 LSI_FC - ok

16:19:45.0689 2312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:19:45.0696 2312 LSI_SAS - ok

16:19:45.0828 2312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:19:45.0845 2312 LSI_SAS2 - ok

16:19:45.0925 2312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:19:45.0932 2312 LSI_SCSI - ok

16:19:45.0951 2312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:19:45.0988 2312 luafv - ok

16:19:46.0064 2312 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

16:19:46.0070 2312 MBAMProtector - ok

16:19:46.0106 2312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:19:46.0112 2312 megasas - ok

16:19:46.0137 2312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:19:46.0146 2312 MegaSR - ok

16:19:46.0168 2312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:19:46.0209 2312 Modem - ok

16:19:46.0606 2312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:19:46.0651 2312 monitor - ok

16:19:46.0689 2312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:19:46.0694 2312 mouclass - ok

16:19:46.0722 2312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:19:46.0730 2312 mouhid - ok

16:19:46.0781 2312 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

16:19:46.0788 2312 mountmgr - ok

16:19:46.0813 2312 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

16:19:46.0821 2312 mpio - ok

16:19:46.0843 2312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:19:46.0884 2312 mpsdrv - ok

16:19:46.0912 2312 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

16:19:46.0936 2312 MRxDAV - ok

16:19:46.0961 2312 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:19:47.0012 2312 mrxsmb - ok

16:19:47.0030 2312 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:19:47.0056 2312 mrxsmb10 - ok

16:19:47.0066 2312 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:19:47.0090 2312 mrxsmb20 - ok

16:19:47.0101 2312 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

16:19:47.0107 2312 msahci - ok

16:19:47.0148 2312 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

16:19:47.0168 2312 msdsm - ok

16:19:47.0181 2312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:19:47.0204 2312 Msfs - ok

16:19:47.0221 2312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:19:47.0257 2312 mshidkmdf - ok

16:19:47.0276 2312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

16:19:47.0281 2312 msisadrv - ok

16:19:47.0307 2312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:19:47.0343 2312 MSKSSRV - ok

16:19:47.0366 2312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:19:47.0389 2312 MSPCLOCK - ok

16:19:47.0403 2312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:19:47.0441 2312 MSPQM - ok

16:19:47.0490 2312 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

16:19:47.0505 2312 MsRPC - ok

16:19:47.0518 2312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

16:19:47.0524 2312 mssmbios - ok

16:19:47.0539 2312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:19:47.0579 2312 MSTEE - ok

16:19:47.0599 2312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:19:47.0637 2312 MTConfig - ok

16:19:47.0664 2312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:19:47.0669 2312 Mup - ok

16:19:47.0704 2312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:19:47.0733 2312 NativeWifiP - ok

16:19:47.0778 2312 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

16:19:47.0806 2312 NDIS - ok

16:19:47.0823 2312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:19:47.0846 2312 NdisCap - ok

16:19:47.0870 2312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:19:47.0912 2312 NdisTapi - ok

16:19:47.0949 2312 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

16:19:47.0985 2312 Ndisuio - ok

16:19:48.0024 2312 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:19:48.0058 2312 NdisWan - ok

16:19:48.0074 2312 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

16:19:48.0097 2312 NDProxy - ok

16:19:48.0112 2312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:19:48.0149 2312 NetBIOS - ok

16:19:48.0172 2312 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

16:19:48.0211 2312 NetBT - ok

16:19:48.0252 2312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:19:48.0258 2312 nfrd960 - ok

16:19:48.0284 2312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:19:48.0307 2312 Npfs - ok

16:19:48.0323 2312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:19:48.0364 2312 nsiproxy - ok

16:19:48.0422 2312 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

16:19:48.0462 2312 Ntfs - ok

16:19:48.0475 2312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:19:48.0514 2312 Null - ok

16:19:48.0587 2312 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

16:19:48.0635 2312 NVENETFD - ok

16:19:48.0963 2312 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:19:49.0098 2312 nvlddmkm - ok

16:19:49.0406 2312 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

16:19:49.0418 2312 nvraid - ok

16:19:49.0440 2312 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

16:19:49.0447 2312 nvstor - ok

16:19:49.0487 2312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

16:19:49.0494 2312 nv_agp - ok

16:19:49.0507 2312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

16:19:49.0518 2312 ohci1394 - ok

16:19:49.0580 2312 ossrv (44a8cf12bf79e62a65a5f9e3087964c9) C:\Windows\system32\drivers\ctoss2k.sys

16:19:49.0584 2312 ossrv - ok

16:19:49.0629 2312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:19:49.0651 2312 Parport - ok

16:19:49.0672 2312 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

16:19:49.0678 2312 partmgr - ok

16:19:49.0691 2312 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

16:19:49.0698 2312 pci - ok

16:19:49.0714 2312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

16:19:49.0719 2312 pciide - ok

16:19:49.0739 2312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:19:49.0747 2312 pcmcia - ok

16:19:49.0762 2312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:19:49.0768 2312 pcw - ok

16:19:49.0792 2312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:19:49.0830 2312 PEAUTH - ok

16:19:49.0904 2312 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

16:19:49.0946 2312 PptpMiniport - ok

16:19:49.0975 2312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:19:50.0001 2312 Processor - ok

16:19:50.0037 2312 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

16:19:50.0075 2312 Psched - ok

16:19:50.0142 2312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:19:50.0194 2312 ql2300 - ok

16:19:50.0217 2312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:19:50.0224 2312 ql40xx - ok

16:19:50.0241 2312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:19:50.0251 2312 QWAVEdrv - ok

16:19:50.0269 2312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:19:50.0291 2312 RasAcd - ok

16:19:50.0336 2312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:19:50.0359 2312 RasAgileVpn - ok

16:19:50.0378 2312 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:19:50.0420 2312 Rasl2tp - ok

16:19:50.0448 2312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:19:50.0487 2312 RasPppoe - ok

16:19:50.0533 2312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:19:50.0576 2312 RasSstp - ok

16:19:50.0605 2312 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

16:19:50.0649 2312 rdbss - ok

16:19:50.0670 2312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:19:50.0679 2312 rdpbus - ok

16:19:50.0685 2312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:19:50.0726 2312 RDPCDD - ok

16:19:50.0755 2312 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

16:19:50.0779 2312 RDPDR - ok

16:19:50.0813 2312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:19:50.0834 2312 RDPENCDD - ok

16:19:50.0851 2312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:19:50.0874 2312 RDPREFMP - ok

16:19:50.0920 2312 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

16:19:50.0979 2312 RDPWD - ok

16:19:51.0004 2312 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

16:19:51.0012 2312 rdyboost - ok

16:19:51.0063 2312 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

16:19:51.0067 2312 regi - ok

16:19:51.0094 2312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:19:51.0132 2312 rspndr - ok

16:19:51.0232 2312 RT2500 (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys

16:19:51.0271 2312 RT2500 - ok

16:19:51.0344 2312 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys

16:19:51.0392 2312 rt61x64 - ok

16:19:51.0430 2312 rt70x64 (ab19660a0d9adfe9b65f8f24571dd75b) C:\Windows\system32\DRIVERS\netr7064.sys

16:19:51.0453 2312 rt70x64 - ok

16:19:51.0498 2312 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

16:19:51.0533 2312 s3cap - ok

16:19:51.0552 2312 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

16:19:51.0559 2312 sbp2port - ok

16:19:51.0574 2312 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

16:19:51.0614 2312 scfilter - ok

16:19:51.0672 2312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:19:51.0714 2312 secdrv - ok

16:19:51.0742 2312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:19:51.0750 2312 Serenum - ok

16:19:51.0765 2312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:19:51.0791 2312 Serial - ok

16:19:51.0820 2312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:19:51.0840 2312 sermouse - ok

16:19:51.0863 2312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

16:19:51.0888 2312 sffdisk - ok

16:19:51.0906 2312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:19:51.0932 2312 sffp_mmc - ok

16:19:51.0954 2312 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:19:51.0978 2312 sffp_sd - ok

16:19:52.0003 2312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:19:52.0011 2312 sfloppy - ok

16:19:52.0049 2312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:19:52.0056 2312 SiSRaid2 - ok

16:19:52.0076 2312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:19:52.0082 2312 SiSRaid4 - ok

16:19:52.0117 2312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:19:52.0141 2312 Smb - ok

16:19:52.0161 2312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:19:52.0167 2312 spldr - ok

16:19:52.0200 2312 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

16:19:52.0227 2312 srv - ok

16:19:52.0254 2312 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

16:19:52.0281 2312 srv2 - ok

16:19:52.0306 2312 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

16:19:52.0347 2312 srvnet - ok

16:19:52.0406 2312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:19:52.0412 2312 stexstor - ok

16:19:52.0485 2312 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:19:52.0491 2312 storflt - ok

16:19:52.0771 2312 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

16:19:52.0778 2312 storvsc - ok

16:19:53.0044 2312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

16:19:53.0050 2312 swenum - ok

16:19:53.0359 2312 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

16:19:53.0413 2312 Tcpip - ok

16:19:53.0649 2312 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

16:19:53.0672 2312 TCPIP6 - ok

16:19:53.0873 2312 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

16:19:53.0904 2312 tcpipreg - ok

16:19:54.0083 2312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:19:54.0130 2312 TDPIPE - ok

16:19:54.0305 2312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:19:54.0327 2312 TDTCP - ok

16:19:54.0536 2312 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

16:19:54.0580 2312 tdx - ok

16:19:54.0684 2312 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

16:19:54.0690 2312 TermDD - ok

16:19:54.0720 2312 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:19:54.0758 2312 tssecsrv - ok

16:19:54.0799 2312 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

16:19:54.0841 2312 tunnel - ok

16:19:54.0867 2312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:19:54.0873 2312 uagp35 - ok

16:19:54.0899 2312 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

16:19:54.0942 2312 udfs - ok

16:19:54.0973 2312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:19:54.0990 2312 uliagpkx - ok

16:19:55.0015 2312 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

16:19:55.0040 2312 umbus - ok

16:19:55.0060 2312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:19:55.0083 2312 UmPass - ok

16:19:55.0112 2312 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

16:19:55.0137 2312 usbccgp - ok

16:19:55.0176 2312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

16:19:55.0202 2312 usbcir - ok

16:19:55.0224 2312 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

16:19:55.0232 2312 usbehci - ok

16:19:55.0252 2312 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

16:19:55.0263 2312 usbhub - ok

16:19:55.0301 2312 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

16:19:55.0314 2312 usbohci - ok

16:19:55.0348 2312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:19:55.0369 2312 usbprint - ok

16:19:55.0426 2312 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:19:55.0440 2312 USBSTOR - ok

16:19:55.0453 2312 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

16:19:55.0461 2312 usbuhci - ok

16:19:55.0482 2312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:19:55.0487 2312 vdrvroot - ok

16:19:55.0506 2312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:19:55.0515 2312 vga - ok

16:19:55.0527 2312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:19:55.0562 2312 VgaSave - ok

16:19:55.0586 2312 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

16:19:55.0608 2312 vhdmp - ok

16:19:55.0626 2312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

16:19:55.0632 2312 viaide - ok

16:19:55.0649 2312 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

16:19:55.0657 2312 vmbus - ok

16:19:55.0673 2312 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:19:55.0692 2312 VMBusHID - ok

16:19:55.0717 2312 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

16:19:55.0723 2312 volmgr - ok

16:19:55.0745 2312 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

16:19:55.0755 2312 volmgrx - ok

16:19:55.0768 2312 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

16:19:55.0777 2312 volsnap - ok

16:19:55.0848 2312 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys

16:19:55.0928 2312 vpcbus - ok

16:19:55.0947 2312 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys

16:19:55.0953 2312 vpcnfltr - ok

16:19:56.0015 2312 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys

16:19:56.0023 2312 vpcusb - ok

16:19:56.0070 2312 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys

16:19:56.0079 2312 vpcvmm - ok

16:19:56.0111 2312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:19:56.0119 2312 vsmraid - ok

16:19:56.0137 2312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:19:56.0146 2312 vwifibus - ok

16:19:56.0170 2312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:19:56.0193 2312 vwififlt - ok

16:19:56.0218 2312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:19:56.0236 2312 WacomPen - ok

16:19:56.0260 2312 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:19:56.0295 2312 WANARP - ok

16:19:56.0309 2312 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:19:56.0332 2312 Wanarpv6 - ok

16:19:56.0368 2312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:19:56.0373 2312 Wd - ok

16:19:56.0403 2312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:19:56.0426 2312 Wdf01000 - ok

16:19:56.0451 2312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:19:56.0473 2312 WfpLwf - ok

16:19:56.0494 2312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:19:56.0500 2312 WIMMount - ok

16:19:56.0536 2312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:19:56.0556 2312 WmiAcpi - ok

16:19:56.0591 2312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:19:56.0614 2312 ws2ifsl - ok

16:19:56.0631 2312 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

16:19:56.0691 2312 WudfPf - ok

16:19:56.0710 2312 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:19:56.0753 2312 WUDFRd - ok

16:19:56.0814 2312 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys

16:19:56.0839 2312 xnacc - ok

16:19:56.0864 2312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:19:56.0929 2312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:19:56.0929 2312 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:19:56.0932 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

16:19:57.0091 2312 \Device\Harddisk1\DR1 - ok

16:19:57.0099 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

16:19:57.0277 2312 \Device\Harddisk2\DR2 - ok

16:19:57.0280 2312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3

16:19:57.0720 2312 \Device\Harddisk3\DR3 - ok

16:19:57.0731 2312 Boot (0x1200) (a23c2af6b185cc02ed245d5f37c7cf75) \Device\Harddisk0\DR0\Partition0

16:19:57.0732 2312 \Device\Harddisk0\DR0\Partition0 - ok

16:19:57.0733 2312 Boot (0x1200) (7299c1c8df3f2a0f8287bfe935068d19) \Device\Harddisk1\DR1\Partition0

16:19:57.0734 2312 \Device\Harddisk1\DR1\Partition0 - ok

16:19:57.0736 2312 Boot (0x1200) (0cc6d5ae683b783b3283e5393857925f) \Device\Harddisk2\DR2\Partition0

16:19:57.0737 2312 \Device\Harddisk2\DR2\Partition0 - ok

16:19:57.0739 2312 Boot (0x1200) (bef6f33be0d4893646212ea58b6b053a) \Device\Harddisk3\DR3\Partition0

16:19:57.0740 2312 \Device\Harddisk3\DR3\Partition0 - ok

16:19:57.0740 2312 ============================================================

16:19:57.0740 2312 Scan finished

16:19:57.0740 2312 ============================================================

16:19:57.0746 2976 Detected object count: 2

16:19:57.0746 2976 Actual detected object count: 2

16:20:44.0909 2976 Hardlock ( UnsignedFile.Multi.Generic ) - skipped by user

16:20:44.0909 2976 Hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:20:44.0909 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:20:44.0909 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:21:24.0243 2464 ============================================================

16:21:24.0243 2464 Scan started

16:21:24.0243 2464 Mode: Manual; SigCheck; TDLFS;

16:21:24.0243 2464 ============================================================

16:21:25.0047 2464 Scan interrupted by user!

16:21:25.0047 2464 Scan interrupted by user!

16:21:25.0047 2464 Scan interrupted by user!

16:21:25.0047 2464 ============================================================

16:21:25.0047 2464 Scan finished

16:21:25.0047 2464 ============================================================

16:21:25.0051 2284 Detected object count: 0

16:21:25.0051 2284 Actual detected object count: 0

16:21:27.0356 1892 ============================================================

16:21:27.0356 1892 Scan started

16:21:27.0356 1892 Mode: Manual; SigCheck; TDLFS;

16:21:27.0356 1892 ============================================================

16:21:27.0656 1892 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

16:21:27.0669 1892 1394ohci - ok

16:21:27.0697 1892 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

16:21:27.0706 1892 ACPI - ok

16:21:27.0718 1892 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

16:21:27.0726 1892 AcpiPmi - ok

16:21:27.0755 1892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:21:27.0764 1892 adp94xx - ok

16:21:27.0786 1892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:21:27.0794 1892 adpahci - ok

16:21:27.0811 1892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:21:27.0818 1892 adpu320 - ok

16:21:27.0841 1892 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

16:21:27.0866 1892 AFD - ok

16:21:27.0880 1892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

16:21:27.0886 1892 agp440 - ok

16:21:27.0898 1892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

16:21:27.0903 1892 aliide - ok

16:21:27.0917 1892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

16:21:27.0923 1892 amdide - ok

16:21:27.0934 1892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:21:27.0941 1892 AmdK8 - ok

16:21:27.0957 1892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:21:27.0964 1892 AmdPPM - ok

16:21:27.0979 1892 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

16:21:27.0985 1892 amdsata - ok

16:21:28.0006 1892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:21:28.0013 1892 amdsbs - ok

16:21:28.0030 1892 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

16:21:28.0036 1892 amdxata - ok

16:21:28.0055 1892 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

16:21:28.0065 1892 AppID - ok

16:21:28.0083 1892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:21:28.0089 1892 arc - ok

16:21:28.0101 1892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:21:28.0107 1892 arcsas - ok

16:21:28.0130 1892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:21:28.0152 1892 AsyncMac - ok

16:21:28.0170 1892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

16:21:28.0175 1892 atapi - ok

16:21:28.0197 1892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:21:28.0206 1892 b06bdrv - ok

16:21:28.0225 1892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:21:28.0233 1892 b57nd60a - ok

16:21:28.0256 1892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:21:28.0277 1892 Beep - ok

16:21:28.0292 1892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:21:28.0298 1892 blbdrive - ok

16:21:28.0304 1892 BMDDeckLinkAudio - ok

16:21:28.0322 1892 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

16:21:28.0345 1892 bowser - ok

16:21:28.0351 1892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:21:28.0359 1892 BrFiltLo - ok

16:21:28.0371 1892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:21:28.0379 1892 BrFiltUp - ok

16:21:28.0402 1892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:21:28.0410 1892 Brserid - ok

16:21:28.0424 1892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:21:28.0432 1892 BrSerWdm - ok

16:21:28.0442 1892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:21:28.0450 1892 BrUsbMdm - ok

16:21:28.0460 1892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:21:28.0466 1892 BrUsbSer - ok

16:21:28.0485 1892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:21:28.0494 1892 BTHMODEM - ok

16:21:28.0516 1892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:21:28.0538 1892 cdfs - ok

16:21:28.0555 1892 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

16:21:28.0562 1892 cdrom - ok

16:21:28.0577 1892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:21:28.0585 1892 circlass - ok

16:21:28.0639 1892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:21:28.0648 1892 CLFS - ok

16:21:28.0671 1892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:21:28.0678 1892 CmBatt - ok

16:21:28.0684 1892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

16:21:28.0690 1892 cmdide - ok

16:21:28.0712 1892 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

16:21:28.0724 1892 CNG - ok

16:21:28.0739 1892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:21:28.0744 1892 Compbatt - ok

16:21:28.0764 1892 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:21:28.0772 1892 CompositeBus - ok

16:21:28.0788 1892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:21:28.0793 1892 crcdisk - ok

16:21:28.0822 1892 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

16:21:28.0831 1892 CSC - ok

16:21:28.0885 1892 CT20XUT (ec6e627726458cea756e23d50d0a9317) C:\Windows\system32\drivers\CT20XUT.SYS

16:21:28.0891 1892 CT20XUT - ok

16:21:28.0910 1892 CT20XUT.SYS (ec6e627726458cea756e23d50d0a9317) C:\Windows\System32\drivers\CT20XUT.SYS

16:21:28.0915 1892 CT20XUT.SYS - ok

16:21:28.0968 1892 ctac32k (7e5632b884b1c4672efe245dafc0beea) C:\Windows\system32\drivers\ctac32k.sys

16:21:28.0977 1892 ctac32k - ok

16:21:29.0003 1892 ctaud2k (4e7d47fe0204c84acde44a68038c4444) C:\Windows\system32\drivers\ctaud2k.sys

16:21:29.0013 1892 ctaud2k - ok

16:21:29.0041 1892 CTEXFIFX (05210b19e4155114931fa79bc6536cf7) C:\Windows\system32\drivers\CTEXFIFX.SYS

16:21:29.0058 1892 CTEXFIFX - ok

16:21:29.0091 1892 CTEXFIFX.SYS (05210b19e4155114931fa79bc6536cf7) C:\Windows\System32\drivers\CTEXFIFX.SYS

16:21:29.0108 1892 CTEXFIFX.SYS - ok

16:21:29.0178 1892 CTHWIUT (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\system32\drivers\CTHWIUT.SYS

16:21:29.0182 1892 CTHWIUT - ok

16:21:29.0189 1892 CTHWIUT.SYS (7aaa9ccb0fe8990cd7362eedb9b3e744) C:\Windows\System32\drivers\CTHWIUT.SYS

16:21:29.0194 1892 CTHWIUT.SYS - ok

16:21:29.0208 1892 ctprxy2k (abbc4148947befd2e8eada93cbe4bce5) C:\Windows\system32\drivers\ctprxy2k.sys

16:21:29.0211 1892 ctprxy2k - ok

16:21:29.0230 1892 ctsfm2k (9a1316b48404f6840cec030a1f95df96) C:\Windows\system32\drivers\ctsfm2k.sys

16:21:29.0235 1892 ctsfm2k - ok

16:21:29.0244 1892 DeckLink - ok

16:21:29.0256 1892 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

16:21:29.0279 1892 DfsC - ok

16:21:29.0290 1892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:21:29.0312 1892 discache - ok

16:21:29.0323 1892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:21:29.0328 1892 Disk - ok

16:21:29.0383 1892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:21:29.0391 1892 drmkaud - ok

16:21:29.0416 1892 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys

16:21:29.0444 1892 DXGKrnl - ok

16:21:29.0503 1892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:21:29.0533 1892 ebdrv - ok

16:21:29.0558 1892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:21:29.0568 1892 elxstor - ok

16:21:29.0613 1892 EMSLink (fc4c0e4260b72babb7d76ae089a91573) C:\Windows\system32\Drivers\EMSLink_amd64.sys

16:21:29.0616 1892 EMSLink - ok

16:21:29.0630 1892 emupia (8eca8c2f31bbbb1ac3acbcdfa9ab286f) C:\Windows\system32\drivers\emupia2k.sys

16:21:29.0635 1892 emupia - ok

16:21:29.0650 1892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

16:21:29.0657 1892 ErrDev - ok

16:21:29.0677 1892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:21:29.0700 1892 exfat - ok

16:21:29.0719 1892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:21:29.0742 1892 fastfat - ok

16:21:29.0753 1892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:21:29.0760 1892 fdc - ok

16:21:29.0772 1892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:21:29.0778 1892 FileInfo - ok

16:21:29.0795 1892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:21:29.0817 1892 Filetrace - ok

16:21:29.0828 1892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:21:29.0835 1892 flpydisk - ok

16:21:29.0854 1892 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

16:21:29.0863 1892 FltMgr - ok

16:21:29.0881 1892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:21:29.0886 1892 FsDepends - ok

16:21:29.0906 1892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:21:29.0911 1892 Fs_Rec - ok

16:21:29.0961 1892 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

16:21:29.0969 1892 fvevol - ok

16:21:29.0985 1892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:21:29.0991 1892 gagp30kx - ok

16:21:30.0031 1892 ha20x22k (7464c4d841c61e36a6177a6cb8f4aa2e) C:\Windows\system32\drivers\ha20x22k.sys

16:21:30.0050 1892 ha20x22k - ok

16:21:30.0087 1892 ha20x2k (d93cefe9932de9f969bb5d18c38e9566) C:\Windows\system32\drivers\ha20x2k.sys

16:21:30.0105 1892 ha20x2k - ok

16:21:30.0158 1892 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys

16:21:30.0162 1892 Hardlock ( UnsignedFile.Multi.Generic ) - warning

16:21:30.0162 1892 Hardlock - detected UnsignedFile.Multi.Generic (1)

16:21:30.0178 1892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:21:30.0184 1892 hcw85cir - ok

16:21:30.0235 1892 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

16:21:30.0245 1892 HdAudAddService - ok

16:21:30.0256 1892 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:21:30.0265 1892 HDAudBus - ok

16:21:30.0272 1892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:21:30.0279 1892 HidBatt - ok

16:21:30.0293 1892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:21:30.0302 1892 HidBth - ok

16:21:30.0316 1892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:21:30.0325 1892 HidIr - ok

16:21:30.0346 1892 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

16:21:30.0353 1892 HidUsb - ok

16:21:30.0377 1892 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:21:30.0383 1892 HpSAMD - ok

16:21:30.0409 1892 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

16:21:30.0435 1892 HTTP - ok

16:21:30.0442 1892 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

16:21:30.0447 1892 hwpolicy - ok

16:21:30.0465 1892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:21:30.0472 1892 i8042prt - ok

16:21:30.0525 1892 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

16:21:30.0534 1892 iaStorV - ok

16:21:30.0554 1892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:21:30.0559 1892 iirsp - ok

16:21:30.0571 1892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

16:21:30.0577 1892 intelide - ok

16:21:30.0594 1892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:21:30.0601 1892 intelppm - ok

16:21:30.0622 1892 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:21:30.0644 1892 IpFilterDriver - ok

16:21:30.0663 1892 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:21:30.0670 1892 IPMIDRV - ok

16:21:30.0688 1892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:21:30.0710 1892 IPNAT - ok

16:21:30.0725 1892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:21:30.0735 1892 IRENUM - ok

16:21:30.0751 1892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

16:21:30.0757 1892 isapnp - ok

16:21:30.0780 1892 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

16:21:30.0787 1892 iScsiPrt - ok

16:21:30.0807 1892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:21:30.0812 1892 kbdclass - ok

16:21:30.0826 1892 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

16:21:30.0833 1892 kbdhid - ok

16:21:30.0847 1892 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

16:21:30.0853 1892 KSecDD - ok

16:21:30.0900 1892 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

16:21:30.0906 1892 KSecPkg - ok

16:21:30.0920 1892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:21:30.0942 1892 ksthunk - ok

16:21:30.0962 1892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:21:30.0984 1892 lltdio - ok

16:21:31.0007 1892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:21:31.0013 1892 LSI_FC - ok

16:21:31.0025 1892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:21:31.0031 1892 LSI_SAS - ok

16:21:31.0048 1892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:21:31.0053 1892 LSI_SAS2 - ok

16:21:31.0069 1892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:21:31.0076 1892 LSI_SCSI - ok

16:21:31.0095 1892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:21:31.0118 1892 luafv - ok

16:21:31.0167 1892 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

16:21:31.0172 1892 MBAMProtector - ok

16:21:31.0192 1892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:21:31.0198 1892 megasas - ok

16:21:31.0215 1892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:21:31.0223 1892 MegaSR - ok

16:21:31.0237 1892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:21:31.0260 1892 Modem - ok

16:21:31.0276 1892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:21:31.0284 1892 monitor - ok

16:21:31.0300 1892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:21:31.0305 1892 mouclass - ok

16:21:31.0317 1892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:21:31.0324 1892 mouhid - ok

16:21:31.0333 1892 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

16:21:31.0340 1892 mountmgr - ok

16:21:31.0358 1892 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

16:21:31.0364 1892 mpio - ok

16:21:31.0387 1892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:21:31.0410 1892 mpsdrv - ok

16:21:31.0431 1892 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

16:21:31.0441 1892 MRxDAV - ok

16:21:31.0464 1892 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:21:31.0486 1892 mrxsmb - ok

16:21:31.0500 1892 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:21:31.0524 1892 mrxsmb10 - ok

16:21:31.0535 1892 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:21:31.0558 1892 mrxsmb20 - ok

16:21:31.0571 1892 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

16:21:31.0576 1892 msahci - ok

16:21:31.0595 1892 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

16:21:31.0602 1892 msdsm - ok

16:21:31.0612 1892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:21:31.0635 1892 Msfs - ok

16:21:31.0649 1892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:21:31.0671 1892 mshidkmdf - ok

16:21:31.0687 1892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

16:21:31.0692 1892 msisadrv - ok

16:21:31.0709 1892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:21:31.0731 1892 MSKSSRV - ok

16:21:31.0744 1892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:21:31.0766 1892 MSPCLOCK - ok

16:21:31.0773 1892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:21:31.0795 1892 MSPQM - ok

16:21:31.0815 1892 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

16:21:31.0823 1892 MsRPC - ok

16:21:31.0838 1892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

16:21:31.0843 1892 mssmbios - ok

16:21:31.0859 1892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:21:31.0881 1892 MSTEE - ok

16:21:31.0894 1892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:21:31.0900 1892 MTConfig - ok

16:21:31.0916 1892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:21:31.0922 1892 Mup - ok

16:21:31.0940 1892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:21:31.0951 1892 NativeWifiP - ok

16:21:31.0973 1892 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

16:21:31.0987 1892 NDIS - ok

16:21:32.0001 1892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:21:32.0023 1892 NdisCap - ok

16:21:32.0039 1892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:21:32.0061 1892 NdisTapi - ok

16:21:32.0077 1892 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

16:21:32.0099 1892 Ndisuio - ok

16:21:32.0116 1892 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:21:32.0139 1892 NdisWan - ok

16:21:32.0152 1892 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

16:21:32.0174 1892 NDProxy - ok

16:21:32.0190 1892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:21:32.0213 1892 NetBIOS - ok

16:21:32.0225 1892 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

16:21:32.0248 1892 NetBT - ok

16:21:32.0271 1892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:21:32.0277 1892 nfrd960 - ok

16:21:32.0295 1892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:21:32.0317 1892 Npfs - ok

16:21:32.0334 1892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:21:32.0356 1892 nsiproxy - ok

16:21:32.0408 1892 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

16:21:32.0429 1892 Ntfs - ok

16:21:32.0469 1892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:21:32.0491 1892 Null - ok

16:21:32.0548 1892 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

16:21:32.0557 1892 NVENETFD - ok

16:21:32.0740 1892 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:21:32.0873 1892 nvlddmkm - ok

16:21:32.0895 1892 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

16:21:32.0902 1892 nvraid - ok

16:21:32.0918 1892 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

16:21:32.0925 1892 nvstor - ok

16:21:32.0948 1892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

16:21:32.0955 1892 nv_agp - ok

16:21:32.0968 1892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

16:21:32.0975 1892 ohci1394 - ok

16:21:33.0024 1892 ossrv (44a8cf12bf79e62a65a5f9e3087964c9) C:\Windows\system32\drivers\ctoss2k.sys

16:21:33.0029 1892 ossrv - ok

16:21:33.0048 1892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:21:33.0056 1892 Parport - ok

16:21:33.0075 1892 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

16:21:33.0081 1892 partmgr - ok

16:21:33.0098 1892 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

16:21:33.0104 1892 pci - ok

16:21:33.0116 1892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

16:21:33.0122 1892 pciide - ok

16:21:33.0175 1892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:21:33.0182 1892 pcmcia - ok

16:21:33.0198 1892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:21:33.0204 1892 pcw - ok

16:21:33.0228 1892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:21:33.0255 1892 PEAUTH - ok

16:21:33.0282 1892 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

16:21:33.0304 1892 PptpMiniport - ok

16:21:33.0319 1892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:21:33.0326 1892 Processor - ok

16:21:33.0348 1892 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

16:21:33.0372 1892 Psched - ok

16:21:33.0411 1892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:21:33.0431 1892 ql2300 - ok

16:21:33.0453 1892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:21:33.0460 1892 ql40xx - ok

16:21:33.0477 1892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:21:33.0487 1892 QWAVEdrv - ok

16:21:33.0505 1892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:21:33.0527 1892 RasAcd - ok

16:21:33.0573 1892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:21:33.0595 1892 RasAgileVpn - ok

16:21:33.0614 1892 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:21:33.0638 1892 Rasl2tp - ok

16:21:33.0651 1892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:21:33.0673 1892 RasPppoe - ok

16:21:33.0686 1892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:21:33.0708 1892 RasSstp - ok

16:21:33.0725 1892 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

16:21:33.0748 1892 rdbss - ok

16:21:33.0764 1892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:21:33.0772 1892 rdpbus - ok

16:21:33.0783 1892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:21:33.0805 1892 RDPCDD - ok

16:21:33.0832 1892 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

16:21:33.0839 1892 RDPDR - ok

16:21:33.0857 1892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:21:33.0879 1892 RDPENCDD - ok

16:21:33.0896 1892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:21:33.0918 1892 RDPREFMP - ok

16:21:33.0939 1892 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

16:21:33.0963 1892 RDPWD - ok

16:21:33.0982 1892 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

16:21:33.0989 1892 rdyboost - ok

16:21:34.0040 1892 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

16:21:34.0045 1892 regi - ok

16:21:34.0063 1892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:21:34.0085 1892 rspndr - ok

16:21:34.0134 1892 RT2500 (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys

16:21:34.0141 1892 RT2500 - ok

16:21:34.0197 1892 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys

16:21:34.0205 1892 rt61x64 - ok

16:21:34.0232 1892 rt70x64 (ab19660a0d9adfe9b65f8f24571dd75b) C:\Windows\system32\DRIVERS\netr7064.sys

16:21:34.0239 1892 rt70x64 - ok

16:21:34.0301 1892 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

16:21:34.0307 1892 s3cap - ok

16:21:34.0330 1892 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

16:21:34.0336 1892 sbp2port - ok

16:21:34.0360 1892 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

16:21:34.0384 1892 scfilter - ok

16:21:34.0400 1892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:21:34.0422 1892 secdrv - ok

16:21:34.0445 1892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:21:34.0452 1892 Serenum - ok

16:21:34.0467 1892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:21:34.0475 1892 Serial - ok

16:21:34.0489 1892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:21:34.0496 1892 sermouse - ok

16:21:34.0516 1892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

16:21:34.0524 1892 sffdisk - ok

16:21:34.0534 1892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:21:34.0542 1892 sffp_mmc - ok

16:21:34.0556 1892 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:21:34.0565 1892 sffp_sd - ok

16:21:34.0581 1892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:21:34.0588 1892 sfloppy - ok

16:21:34.0602 1892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:21:34.0608 1892 SiSRaid2 - ok

16:21:34.0628 1892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:21:34.0634 1892 SiSRaid4 - ok

16:21:34.0653 1892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:21:34.0676 1892 Smb - ok

16:21:34.0697 1892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:21:34.0702 1892 spldr - ok

16:21:34.0728 1892 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

16:21:34.0752 1892 srv - ok

16:21:34.0773 1892 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

16:21:34.0798 1892 srv2 - ok

16:21:34.0809 1892 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

16:21:34.0832 1892 srvnet - ok

16:21:34.0850 1892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:21:34.0856 1892 stexstor - ok

16:21:34.0871 1892 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:21:34.0877 1892 storflt - ok

16:21:34.0890 1892 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

16:21:34.0896 1892 storvsc - ok

16:21:34.0914 1892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

16:21:34.0919 1892 swenum - ok

16:21:34.0967 1892 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

16:21:34.0991 1892 Tcpip - ok

16:21:35.0026 1892 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

16:21:35.0049 1892 TCPIP6 - ok

16:21:35.0068 1892 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

16:21:35.0090 1892 tcpipreg - ok

16:21:35.0111 1892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:21:35.0133 1892 TDPIPE - ok

16:21:35.0149 1892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:21:35.0171 1892 TDTCP - ok

16:21:35.0188 1892 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

16:21:35.0211 1892 tdx - ok

16:21:35.0228 1892 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

16:21:35.0234 1892 TermDD - ok

16:21:35.0256 1892 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:21:35.0278 1892 tssecsrv - ok

16:21:35.0293 1892 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

16:21:35.0316 1892 tunnel - ok

16:21:35.0336 1892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:21:35.0342 1892 uagp35 - ok

16:21:35.0364 1892 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

16:21:35.0389 1892 udfs - ok

16:21:35.0409 1892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:21:35.0415 1892 uliagpkx - ok

16:21:35.0434 1892 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

16:21:35.0441 1892 umbus - ok

16:21:35.0454 1892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:21:35.0461 1892 UmPass - ok

16:21:35.0482 1892 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

16:21:35.0489 1892 usbccgp - ok

16:21:35.0512 1892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

16:21:35.0520 1892 usbcir - ok

16:21:35.0535 1892 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

16:21:35.0542 1892 usbehci - ok

16:21:35.0597 1892 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

16:21:35.0605 1892 usbhub - ok

16:21:35.0621 1892 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

16:21:35.0627 1892 usbohci - ok

16:21:35.0642 1892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:21:35.0651 1892 usbprint - ok

16:21:35.0670 1892 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:21:35.0677 1892 USBSTOR - ok

16:21:35.0689 1892 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

16:21:35.0696 1892 usbuhci - ok

16:21:35.0718 1892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:21:35.0723 1892 vdrvroot - ok

16:21:35.0742 1892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:21:35.0750 1892 vga - ok

16:21:35.0763 1892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:21:35.0785 1892 VgaSave - ok

16:21:35.0805 1892 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

16:21:35.0812 1892 vhdmp - ok

16:21:35.0829 1892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

16:21:35.0834 1892 viaide - ok

16:21:35.0852 1892 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

16:21:35.0859 1892 vmbus - ok

16:21:35.0876 1892 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:21:35.0882 1892 VMBusHID - ok

16:21:35.0895 1892 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

16:21:35.0900 1892 volmgr - ok

16:21:35.0922 1892 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

16:21:35.0931 1892 volmgrx - ok

16:21:35.0945 1892 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

16:21:35.0953 1892 volsnap - ok

16:21:36.0008 1892 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys

16:21:36.0015 1892 vpcbus - ok

16:21:36.0041 1892 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys

16:21:36.0048 1892 vpcnfltr - ok

16:21:36.0101 1892 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys

16:21:36.0108 1892 vpcusb - ok

16:21:36.0139 1892 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys

16:21:36.0148 1892 vpcvmm - ok

16:21:36.0172 1892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:21:36.0179 1892 vsmraid - ok

16:21:36.0187 1892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:21:36.0196 1892 vwifibus - ok

16:21:36.0215 1892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:21:36.0224 1892 vwififlt - ok

16:21:36.0245 1892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:21:36.0252 1892 WacomPen - ok

16:21:36.0271 1892 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:21:36.0293 1892 WANARP - ok

16:21:36.0296 1892 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:21:36.0319 1892 Wanarpv6 - ok

16:21:36.0337 1892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:21:36.0342 1892 Wd - ok

16:21:36.0364 1892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:21:36.0376 1892 Wdf01000 - ok

16:21:36.0395 1892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:21:36.0417 1892 WfpLwf - ok

16:21:36.0430 1892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:21:36.0436 1892 WIMMount - ok

16:21:36.0455 1892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:21:36.0462 1892 WmiAcpi - ok

16:21:36.0485 1892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:21:36.0507 1892 ws2ifsl - ok

16:21:36.0525 1892 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

16:21:36.0547 1892 WudfPf - ok

16:21:36.0563 1892 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:21:36.0586 1892 WUDFRd - ok

16:21:36.0616 1892 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys

16:21:36.0629 1892 xnacc - ok

16:21:36.0650 1892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:21:36.0687 1892 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:21:36.0687 1892 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:21:36.0689 1892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

16:21:36.0806 1892 \Device\Harddisk1\DR1 - ok

16:21:36.0816 1892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

16:21:36.0994 1892 \Device\Harddisk2\DR2 - ok

16:21:36.0996 1892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3

16:21:37.0426 1892 \Device\Harddisk3\DR3 - ok

16:21:37.0429 1892 Boot (0x1200) (a23c2af6b185cc02ed245d5f37c7cf75) \Device\Harddisk0\DR0\Partition0

16:21:37.0430 1892 \Device\Harddisk0\DR0\Partition0 - ok

16:21:37.0432 1892 Boot (0x1200) (7299c1c8df3f2a0f8287bfe935068d19) \Device\Harddisk1\DR1\Partition0

16:21:37.0432 1892 \Device\Harddisk1\DR1\Partition0 - ok

16:21:37.0434 1892 Boot (0x1200) (0cc6d5ae683b783b3283e5393857925f) \Device\Harddisk2\DR2\Partition0

16:21:37.0435 1892 \Device\Harddisk2\DR2\Partition0 - ok

16:21:37.0437 1892 Boot (0x1200) (bef6f33be0d4893646212ea58b6b053a) \Device\Harddisk3\DR3\Partition0

16:21:37.0438 1892 \Device\Harddisk3\DR3\Partition0 - ok

16:21:37.0438 1892 ============================================================

16:21:37.0438 1892 Scan finished

16:21:37.0438 1892 ============================================================

16:21:37.0442 1700 Detected object count: 2

16:21:37.0442 1700 Actual detected object count: 2

Link to post
Share on other sites
sand2minister

sand2minister

Posted
  • Author
Posted

Oh, and I'm not jdwharton, though I'm sure it was just a copy/paste oversight. ;)

OTL logfile created on: 12/7/2011 4:27:04 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SypherPhoenix\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.61% Memory free

8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 64.99 Gb Free Space | 21.80% Space Free | Partition Type: NTFS

Drive D: | 149.04 Gb Total Space | 101.65 Gb Free Space | 68.20% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 104.09 Gb Free Space | 69.84% Space Free | Partition Type: NTFS

Drive G: | 186.31 Gb Total Space | 26.19 Gb Free Space | 14.06% Space Free | Partition Type: NTFS

Computer Name: PHOENIXNEST | User Name: SypherPhoenix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SypherPhoenix\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()

MOD - C:\Windows\SysWOW64\CTXFIRES.DLL ()

MOD - C:\Windows\SysWOW64\APOMngr.DLL ()

MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (EMSLink) -- C:\Windows\SysNative\drivers\EMSLink_amd64.sys (EMS Production Limited.)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)

DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)

DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)

DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV:64bit: - (rt70x64) -- C:\Windows\SysNative\drivers\netr7064.sys (Ralink Technology Inc.)

DRV:64bit: - (RT2500) -- C:\Windows\SysNative\drivers\RT2500.sys (Ralink Technology Inc.)

DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 36 9C 5D B5 40 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox/"

FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.8.4

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.8.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24

FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 11:08:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 11:08:51 | 000,000,000 | ---D | M]

[2010/05/27 02:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Extensions

[2010/05/27 02:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/12/07 02:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions

[2010/05/27 02:36:19 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2010/07/29 03:32:54 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

[2011/11/04 16:59:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2011/11/26 12:47:59 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

[2011/11/12 06:12:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/12/04 19:11:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/10/30 17:50:27 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2011/11/12 06:12:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/08/17 15:37:34 | 000,000,000 | ---D | M] (NicoFox) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\nicofox@littlebtc

[2011/12/05 05:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\extensions\staged-xpis

[2011/04/04 15:48:16 | 000,001,919 | ---- | M] () -- C:\Users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\searchplugins\bing-zugo.xml

[2011/12/07 02:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/13 11:08:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/21 15:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/07/06 06:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/13 11:08:51 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2011/11/13 11:08:51 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/11/13 11:08:51 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2003/07/14 21:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010/12/15 14:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2010/04/01 10:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml

[2010/04/01 10:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml

[2010/04/01 10:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010/04/01 10:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml

[2010/04/01 10:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010/04/01 10:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml

[2010/04/01 10:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Update (Enabled) = C:\Users\SypherPhoenix\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\

CHR - Extension: AT_RebeccaTaylor = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj\3_0\

CHR - Extension: Poppit = C:\Users\SypherPhoenix\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RemoveShowDesktopButton] C:\Windows\w7sdbr.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - Startup: C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B37B166-E013-453C-AEAC-976CDC4B4E82}: DhcpNameServer = 192.168.20.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/03 01:40:17 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2006/10/10 16:42:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 16:24:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\SypherPhoenix\Desktop\OTL.exe

[2011/12/07 16:19:01 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SypherPhoenix\Desktop\tdsskiller.exe

[2011/12/06 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Desktop\mbpup

[2011/12/06 08:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/06 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/12/06 06:13:47 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\AppData\Roaming\NVIDIA

[2011/12/06 05:13:51 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011/12/06 05:04:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\SypherPhoenix\Documents\mbam-setup-1.51.2.1300.exe

[2011/12/06 04:50:08 | 000,000,000 | ---D | C] -- C:\Windows\system64

[2011/12/05 22:49:44 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2011/12/05 22:49:44 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2011/12/05 22:49:44 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2011/12/05 22:49:44 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2011/12/05 22:49:44 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2011/12/05 22:49:44 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2011/12/05 22:49:44 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2011/12/05 22:49:44 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2011/12/05 22:49:44 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2011/12/05 22:49:44 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2011/12/05 22:49:44 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2011/12/05 22:49:44 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2011/12/05 22:49:44 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2011/12/05 22:49:44 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/12/05 22:49:44 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2011/12/05 22:49:44 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2011/12/05 22:49:44 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll

[2011/12/05 22:49:44 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011/12/05 22:49:44 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011/12/05 19:00:50 | 155,182,440 | ---- | C] (NVIDIA Corporation) -- C:\Users\SypherPhoenix\Documents\285.62-desktop-win7-winvista-64bit-english-whql.exe

[2011/11/26 12:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2011/11/18 16:32:59 | 000,735,744 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysNative\LameACM.acm

[2011/11/18 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 8

[2011/11/17 01:26:10 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Documents\AdobeStockPhotos

[2011/11/16 23:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/11/08 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\SypherPhoenix\Desktop\New folder

[2010/06/09 00:27:05 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL

[2010/05/27 00:04:11 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2010/05/27 00:04:11 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 16:24:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SypherPhoenix\Desktop\OTL.exe

[2011/12/07 16:19:12 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/07 16:19:12 | 000,661,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/07 16:19:12 | 000,121,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/07 16:19:01 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SypherPhoenix\Desktop\tdsskiller.exe

[2011/12/07 16:13:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/07 16:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/07 16:12:37 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/07 04:29:39 | 000,062,884 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2011/12/07 04:29:39 | 000,062,884 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2011/12/07 04:29:39 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx

[2011/12/07 04:10:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job

[2011/12/07 03:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/07 01:12:42 | 000,098,162 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\floorplan.psd

[2011/12/06 22:10:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job

[2011/12/06 18:27:23 | 000,003,764 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2011/12/06 05:18:16 | 001,008,114 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\rkill.exe

[2011/12/06 05:13:52 | 000,000,678 | ---- | M] () -- C:\Users\SypherPhoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/06 05:03:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\SypherPhoenix\Documents\mbam-setup-1.51.2.1300.exe

[2011/12/06 00:44:07 | 1459,978,240 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\Super Smash Bros. Melee.gcm

[2011/12/05 23:55:01 | 000,010,016 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/05 23:55:01 | 000,010,016 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/05 22:53:01 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2011/12/05 19:08:52 | 155,182,440 | ---- | M] (NVIDIA Corporation) -- C:\Users\SypherPhoenix\Documents\285.62-desktop-win7-winvista-64bit-english-whql.exe

[2011/12/05 17:45:25 | 000,995,049 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\buddyIcons.rar

[2011/12/05 17:30:31 | 209,585,325 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Tencent Art Pack v6.7.zip

[2011/11/26 14:02:18 | 000,969,607 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\LOLReplay-0.7.3.4.exe

[2011/11/26 13:49:42 | 000,123,588 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\EfFxData.dat

[2011/11/26 12:26:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/11/23 02:24:41 | 001,666,139 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\VirtualDubMod_1_5_10_2_b2542.zip

[2011/11/18 20:56:41 | 000,189,810 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\libmp3lame-win-3.98.2.zip

[2011/11/18 16:37:37 | 006,546,936 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\gf2.avi

[2011/11/18 16:18:22 | 004,572,344 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\gf1.avi

[2011/11/18 12:26:10 | 000,735,744 | ---- | M] (http://www.mp3dev.org/) -- C:\Windows\SysNative\LameACM.acm

[2011/11/17 00:22:24 | 351,350,536 | ---- | M] () -- C:\Users\SypherPhoenix\Desktop\vidz.avi

[2011/11/15 12:06:25 | 000,023,033 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Pokemon_series_-_The_Missingno_Tracks.torrent

[2011/11/14 04:44:30 | 002,368,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/11/14 04:42:22 | 000,000,702 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Rebuild_Icon_Cache.bat

[2011/11/13 08:56:54 | 004,385,485 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\0999 - Castlevania - Aria of Sorrow (U)(GBATemp).zip

[2011/11/09 10:19:27 | 000,266,144 | ---- | M] () -- C:\Users\SypherPhoenix\Documents\Master Hand 1.09.rar

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 23:50:03 | 000,098,162 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\floorplan.psd

[2011/12/06 05:19:57 | 001,008,114 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\rkill.exe

[2011/12/06 05:13:52 | 000,000,678 | ---- | C] () -- C:\Users\SypherPhoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/05 17:45:25 | 000,995,049 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\buddyIcons.rar

[2011/12/05 17:28:34 | 209,585,325 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Tencent Art Pack v6.7.zip

[2011/11/26 14:02:17 | 000,969,607 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\LOLReplay-0.7.3.4.exe

[2011/11/26 13:40:49 | 000,123,588 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\EfFxData.dat

[2011/11/23 02:23:39 | 001,666,139 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\VirtualDubMod_1_5_10_2_b2542.zip

[2011/11/22 18:16:43 | 000,374,846 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Gctool12b.zip

[2011/11/18 20:56:39 | 000,189,810 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\libmp3lame-win-3.98.2.zip

[2011/11/18 16:37:30 | 006,546,936 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\gf2.avi

[2011/11/18 16:35:11 | 000,000,414 | R--- | C] () -- C:\Windows\SysNative\lame_acm.xml

[2011/11/18 16:18:13 | 004,572,344 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\gf1.avi

[2011/11/17 08:54:44 | 351,350,536 | ---- | C] () -- C:\Users\SypherPhoenix\Desktop\vidz.avi

[2011/11/15 12:06:25 | 000,023,033 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Pokemon_series_-_The_Missingno_Tracks.torrent

[2011/11/14 04:42:21 | 000,000,702 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Rebuild_Icon_Cache.bat

[2011/11/13 08:56:40 | 004,385,485 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\0999 - Castlevania - Aria of Sorrow (U)(GBATemp).zip

[2011/11/09 10:19:27 | 000,266,144 | ---- | C] () -- C:\Users\SypherPhoenix\Documents\Master Hand 1.09.rar

[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/05/13 20:04:08 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/18 13:30:11 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011/04/18 13:29:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll

[2011/04/18 13:29:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011/04/04 16:03:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011/02/11 15:58:21 | 000,000,200 | ---- | C] () -- C:\Windows\QCPC80UI.dat

[2011/02/09 04:56:07 | 000,000,652 | ---- | C] () -- C:\Users\SypherPhoenix\AppData\Roaming\MPQEditor.ini

[2010/11/22 14:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2010/10/16 01:12:43 | 000,055,296 | ---- | C] () -- C:\Windows\w7sdbr.exe

[2010/08/15 18:55:06 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini

[2010/07/17 11:21:10 | 000,000,085 | ---- | C] () -- C:\Windows\lagarith.ini

[2010/06/20 19:56:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/06/09 18:49:13 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2010/06/08 23:50:06 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll

[2010/05/31 12:51:38 | 000,007,597 | ---- | C] () -- C:\Users\SypherPhoenix\AppData\Local\resmon.resmoncfg

[2010/05/29 17:00:23 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat

[2010/05/28 17:00:14 | 000,003,764 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/05/28 17:00:14 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0C8888E423.sys

[2010/05/28 12:25:53 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/05/28 12:17:59 | 000,067,939 | ---- | C] () -- C:\Windows\SysWow64\x264vfw-uninstall.exe

[2010/05/28 12:08:28 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010/05/28 12:03:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/05/28 12:03:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/05/27 02:31:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/05/27 00:04:31 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/05/27 00:04:31 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2010/05/27 00:04:11 | 000,384,428 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2010/05/27 00:04:11 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2010/05/27 00:04:11 | 000,027,273 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2010/05/27 00:04:11 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2010/05/27 00:04:11 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2010/05/27 00:04:11 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2010/05/27 00:04:11 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010/04/13 14:16:36 | 003,175,936 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/12 00:47:32 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\.Blackmagic_Design

[2010/05/27 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\acccore

[2010/07/16 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Aim

[2011/11/22 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Audacity

[2011/09/04 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Auslogics

[2011/05/31 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\com.doubleperfect.ggpo

[2010/05/27 15:54:12 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1

[2010/05/28 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DAEMON Tools Lite

[2011/02/07 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DC++

[2010/08/22 17:49:31 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/07/06 03:25:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Hot Keyboard

[2010/08/16 05:03:34 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\ImgBurn

[2011/03/13 03:41:28 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\LolClient

[2010/06/21 02:53:12 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\mkvtoolnix

[2011/09/12 14:36:44 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Mp3tag

[2011/12/05 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Mumble

[2010/06/15 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\Smart Recorder

[2011/11/25 02:04:34 | 000,000,000 | ---D | M] -- C:\Users\SypherPhoenix\AppData\Roaming\uTorrent

[2011/08/20 22:25:06 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/7/2011 4:27:04 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SypherPhoenix\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.61% Memory free

8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 64.99 Gb Free Space | 21.80% Space Free | Partition Type: NTFS

Drive D: | 149.04 Gb Total Space | 101.65 Gb Free Space | 68.20% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 104.09 Gb Free Space | 69.84% Space Free | Partition Type: NTFS

Drive G: | 186.31 Gb Total Space | 26.19 Gb Free Space | 14.06% Space Free | Partition Type: NTFS

Computer Name: PHOENIXNEST | User Name: SypherPhoenix | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- Reg Error: Key error.

htmlfile [opennew] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- Reg Error: Key error.

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- Reg Error: Key error.

htmlfile [opennew] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- Reg Error: Key error.

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0d78370e-4086-4292-a82e-f920135dcee4}.sdb" = SCHTHACK PSOBB Compatibility Database

"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"LAGARITH" = Lagarith lossless video codec (Remove Only)

"LameACM" = Lame ACM MP3 Codec

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"WinRAR archiver" = WinRAR archiver

"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74598B9B-A47F-45D5-96C0-780222C79BDB}" = tio tournament organizer

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card

"Adobe AIR" = Adobe AIR

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"AIM_6" = AIM 6

"AOL Instant Messenger" = AOL Instant Messenger

"ASIO4ALL" = ASIO4ALL

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"AudioCS" = Creative Audio Control Panel

"AviSynth" = AviSynth 2.5

"Cheat Engine 5.6_is1" = Cheat Engine 5.6

"Chipamp" = Chipamp

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DC++" = DC++ 0.781

"DivX Setup.divx.com" = DivX Setup

"Dolby Digital Live Pack" = Dolby Digital Live Pack

"DTS Connect Pack" = DTS Connect Pack

"FL Studio 9" = FL Studio 9

"FLAC" = FLAC 1.2.1b (remove only)

"GIF Animator" = Microsoft GIF Animator

"Hardcore" = Hardcore

"Hot Keyboard_is1" = Hot Keyboard 2.7

"IL Download Manager" = IL Download Manager

"ImgBurn" = ImgBurn

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"LameACM" = Lame ACM MP3 Codec

"LOLReplay" = LOLReplay

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MKVtoolnix" = MKVtoolnix 3.4.0

"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)

"Mp3tag" = Mp3tag v2.49

"No-IP.com DUC" = No-IP.com DUC (remove only)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator

"PHANTASY STAR ONLINE Blue Burst_is1" = PHANTASY STAR ONLINE Blue Burst

"Plants vs. Zombies" = Plants vs. Zombies

"PoiZone" = PoiZone

"quicktime_lite_is1" = QT Lite 4.1.0

"RADVideo" = RAD Video Tools

"reFX Vanguard VSTi_is1" = reFX Vanguard VSTi v1.6.1

"Sakura" = Sakura

"Sawer" = Sawer

"SCHTHACK PSOBB" = SCHTHACK PSOBB

"Steam App 220" = Half-Life 2

"Steam App 380" = Half-Life 2: Episode One

"Steam App 400" = Portal

"Steam App 420" = Half-Life 2: Episode Two

"Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0

"SysInfo" = Creative System Information

"Toxic Biohazard" = Toxic Biohazard

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"Winamp" = Winamp

"World of Warcraft" = World of Warcraft

"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)

"Xilisoft Video Converter" = Xilisoft Video Converter

"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"644392d16edde6b0" = OpenSA2

"Google Chrome" = Google Chrome

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

You have p2p software installed on your system, which is very dangerous and illegal. Please check our rules for piracy and uninstall µTorrent:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites
sand2minister

sand2minister

Posted
  • Author
Posted

While µTorrent is a perfectly legal program in my country of residence, and is often used for legal file sharing, I'm not here to argue with the Malwarebytes staff. µTorrent has been uninstalled per forum policy and your request.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: SypherPhoenix

->Temp folder emptied: 57878409 bytes

->Temporary Internet Files folder emptied: 23903110 bytes

->Java cache emptied: 154569 bytes

->FireFox cache emptied: 722674474 bytes

->Google Chrome cache emptied: 470098442 bytes

->Flash cache emptied: 175666 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 105737238 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84994 bytes

RecycleBin emptied: 2151812 bytes

Total Files Cleaned = 1,319.00 mb

HOSTS file reset successfully

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12082011_153035

Files\Folders moved on Reboot...

C:\Users\SypherPhoenix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites
sand2minister

sand2minister

Posted
  • Author
Posted

ComboFix 11-12-09.02 - SypherPhoenix 12/09/2011 11:10:12.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3055 [GMT -5:00]

Running from: c:\users\SypherPhoenix\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\SypherPhoenix\AppData\Roaming\Adobe\plugs

c:\users\SypherPhoenix\AppData\Roaming\Adobe\shed

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\searchplugins\bing-zugo.xml

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))

.

.

2011-12-09 16:13 . 2011-12-09 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-08 20:30 . 2011-12-08 20:30 -------- d-----w- C:\_OTL

2011-12-06 13:39 . 2011-12-06 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-06 11:13 . 2011-12-06 11:13 -------- d-----w- c:\users\SypherPhoenix\AppData\Roaming\NVIDIA

2011-12-06 03:50 . 2011-12-06 03:51 -------- d-----w- c:\users\UpdatusUser

2011-11-26 17:26 . 2011-11-26 17:26 -------- d-----w- c:\windows\system32\Macromed

2011-11-18 21:32 . 2011-11-18 17:26 735744 ----a-w- c:\windows\system32\LameACM.acm

2011-11-18 19:36 . 2011-11-18 20:14 -------- d-----w- c:\program files (x86)\Mozilla Firefox 8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 23:27 . 2010-05-28 22:00 3764 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-26 17:26 . 2011-05-14 01:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-01-08 01:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-10-15 08:53 . 2011-01-08 01:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-01-08 01:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-01-08 01:48 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-01-08 01:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2009-08-17 06:39 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2009-08-16 16:57 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2010-11-17 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2010-11-17 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC20.exe [2010-5-27 1172992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSearchInternetInStartMenu"= 1 (0x1)

"NoCloseDragDropBands"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\Drivers\EMSLink_amd64.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-27 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 rt70x64;BUFFALO RT2500 USB Wireless Driver;c:\windows\system32\DRIVERS\netr7064.sys [x]

R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-30 74392]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-05-18 21:54 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10]

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10]

.

2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job

- c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29]

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job

- c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoveShowDesktopButton"="c:\windows\w7sdbr" [X]

"combofix"="c:\combofix\CF16643.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.20.1

FF - ProfilePath - c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-36027474.sys

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PHANTASY STAR ONLINE Blue Burst_is1 - c:\program files (x86)\SEGA\PHANTASY STAR ONLINE Blue Burst\uninst\unins000.exe

AddRemove-SCHTHACK PSOBB - c:\program files (x86)\SCHTHACK PSOBB\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-155282373-3850656327-2735796575-1000\Software\SecuROM\License information*]

"datasecu"=hex:bc,6c,72,5a,ff,d6,95,46,3f,db,19,98,8e,1d,db,2b,5c,31,86,7e,e8,

08,08,a9,34,97,ad,ae,f3,30,9a,7c,83,86,65,34,ec,e4,5f,ad,c9,d3,76,a9,91,33,\

"rkeysecu"=hex:f7,05,6f,e2,24,81,2e,48,4a,44,86,9b,80,57,6c,cd

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]

@Denied: (A 2) (Everyone)

@="FlashProp Class"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\CTXFISPI.EXE

.

**************************************************************************

.

Completion time: 2011-12-09 11:26:23 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-09 16:26

.

Pre-Run: 76,229,201,920 bytes free

Post-Run: 77,173,772,288 bytes free

.

- - End Of File - - 894A22E3F1CA5CFF17318D93D0499C87

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad and copy and paste the text in the code box below into it:

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites
sand2minister

sand2minister

Posted
  • Author
Posted

Alright, so, I ran ComboFix using the script you gave me, and CF asked to update, and I allowed it to. Once the scan was completed it said that it would reboot the PC, and to not reboot the PC manually...

So, the computer shuts down and hangs, fans running, lights on, but there's nothing on the monitor. The monitor was receiving a 'signal' from the PC, but there wasn't anything to display. Because CF told me not to reboot I hung around for a while and waited. The PC shut itself down after 20 or 30 minutes, but it became clear that it wasn't turning back on. I manually started it up again and ComboFix popped up after logging in, along with some sort of small error window that disappeared too quickly to read. It tried to generate a log but after 5 minutes or so it exited without any report. I ran ComboFix again with the same script, the scan ran smoothly, and it didn't need to reboot. It might be worth mentioning that I remember the first run of CF saying it was going to delete C:\windows\system64 and consrv.dll.

Anyways, here's the log:

ComboFix 11-12-10.01 - SypherPhoenix 12/11/2011 10:25:02.3.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3053 [GMT -5:00]

Running from: c:\users\SypherPhoenix\Desktop\ComboFix.exe

Command switches used :: c:\users\SypherPhoenix\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\system32\consrv.dll

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll

.

((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))

.

.

2011-12-11 15:32 . 2011-12-11 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-08 20:30 . 2011-12-08 20:30 -------- d-----w- C:\_OTL

2011-12-06 13:39 . 2011-12-06 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-06 11:13 . 2011-12-06 11:13 -------- d-----w- c:\users\SypherPhoenix\AppData\Roaming\NVIDIA

2011-12-06 03:50 . 2011-12-11 15:21 -------- d-----w- c:\users\UpdatusUser

2011-11-26 17:26 . 2011-11-26 17:26 -------- d-----w- c:\windows\system32\Macromed

2011-11-18 21:32 . 2011-11-18 17:26 735744 ----a-w- c:\windows\system32\LameACM.acm

2011-11-18 19:36 . 2011-11-18 20:14 -------- d-----w- c:\program files (x86)\Mozilla Firefox 8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 23:27 . 2010-05-28 22:00 3764 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-26 17:26 . 2011-05-14 01:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-01-08 01:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-10-15 08:53 . 2011-01-08 01:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-01-08 01:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-01-08 01:48 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-01-08 01:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2009-08-17 06:39 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2009-08-16 16:57 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-09_16.23.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-06 13:40 . 2011-12-11 14:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-12-06 13:40 . 2011-12-09 02:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-12-06 15:02 . 2011-12-09 01:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2011-12-06 15:02 . 2011-12-11 14:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2011-12-11 08:53 . 2011-12-11 14:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121120111212\index.dat

+ 2011-12-11 00:54 . 2011-12-11 02:53 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121020111211\index.dat

+ 2011-12-09 18:58 . 2011-12-09 22:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011120920111210\index.dat

+ 2011-12-06 13:40 . 2011-12-11 14:38 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2011-12-06 13:40 . 2011-12-09 02:10 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2009-07-14 05:10 . 2011-12-11 15:21 42034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-12-09 16:02 42034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-27 04:31 . 2011-12-11 15:21 14820 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-155282373-3850656327-2735796575-1000_UserData.bin

- 2010-05-27 07:25 . 2011-12-09 16:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-27 07:25 . 2011-12-11 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-27 07:25 . 2011-12-09 16:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-27 07:25 . 2011-12-11 15:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-09 16:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-11 15:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-27 11:00 . 2011-12-11 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-27 11:00 . 2011-12-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-27 11:00 . 2011-12-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-27 11:00 . 2011-12-11 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-11 14:44 . 2011-12-11 14:44 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAQL3ZFD\setup_MightyMagoo_v1[1].exe

+ 2010-06-01 19:35 . 2011-12-10 04:17 2166 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-12-11 00:05 . 2011-12-11 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-09 16:14 . 2011-12-09 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-09 16:14 . 2011-12-09 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-11 00:05 . 2011-12-11 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2011-12-11 14:38 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 02:36 . 2011-12-09 16:19 661172 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-11 15:24 661172 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-09 16:19 121090 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-12-11 15:24 121090 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:12 . 2011-12-11 15:20 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2011-12-09 16:16 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-12-07 21:12 . 2011-12-11 00:05 223744 c:\windows\assembly\temp\kwrd.dll

- 2011-12-07 21:12 . 2011-12-09 15:44 223744 c:\windows\assembly\temp\kwrd.dll

+ 2009-07-14 04:54 . 2011-12-11 14:38 3784704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-11 14:38 5586944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 02:34 . 2011-12-06 04:19 10092544 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-12-09 22:19 10092544 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\SypherPhoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC20.exe [2010-5-27 1172992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSearchInternetInStartMenu"= 1 (0x1)

"NoCloseDragDropBands"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\Drivers\EMSLink_amd64.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-27 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 DeckLink;DeckLink;c:\windows\system32\DRIVERS\Intensity.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 rt70x64;BUFFALO RT2500 USB Wireless Driver;c:\windows\system32\DRIVERS\netr7064.sys [x]

R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-30 74392]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-05-18 21:54 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 23:10]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000Core.job

- c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155282373-3850656327-2735796575-1000UA.job

- c:\users\SypherPhoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 20:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoveShowDesktopButton"="c:\windows\w7sdbr" [X]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.20.1

FF - ProfilePath - c:\users\SypherPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\r32e2jgx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-combofix - c:\combofix\CF9484.3XE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-155282373-3850656327-2735796575-1000\Software\SecuROM\License information*]

"datasecu"=hex:bc,6c,72,5a,ff,d6,95,46,3f,db,19,98,8e,1d,db,2b,5c,31,86,7e,e8,

08,08,a9,34,97,ad,ae,f3,30,9a,7c,83,86,65,34,ec,e4,5f,ad,c9,d3,76,a9,91,33,\

"rkeysecu"=hex:f7,05,6f,e2,24,81,2e,48,4a,44,86,9b,80,57,6c,cd

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]

@Denied: (A 2) (Everyone)

@="FlashProp Class"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-11 10:33:59

ComboFix-quarantined-files.txt 2011-12-11 15:33

ComboFix2.txt 2011-12-09 16:26

.

Pre-Run: 75,831,959,552 bytes free

Post-Run: 75,769,724,928 bytes free

.

- - End Of File - - E34C7829ED1D61CFA0ECFEAFF4D9B275

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

My apologies for the delay.

Maniac is away and I will be helping you instead.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Describe what issues you are currently experiencing.

-screen317

Link to post
Share on other sites
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.