Jump to content

worm.rebhip keeps showing up


Recommended Posts

need help. i run malware bytes and i get 7 infections that show up. after i remove it, i would run it again and the same 7 would show up. also an empty folder named "programs" would appear on my desktop everytime i turn on my laptop. I would delete it but it would just reappear when i turn on my laptop. i need help. it's been buggin me for days. Thanks in advance to whoever helps me.

here's my malware bytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5431

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

1/2/2011 12:55:58 PM

mbam-log-2011-01-02 (12-55-58).txt

Scan type: Quick scan

Objects scanned: 162067

Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{J25Q7M48-U771-B505-P0E4-EFVWB0377BEE} (Worm.Rebhip) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{J25Q7M48-U771-B505-P0E4-EFVWB0377BEE} (Worm.Rebhip) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Worm.Rebhip) -> Value: Policies -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Glenn\AppData\Roaming\Updater.exe (Worm.Rebhip) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Glenn\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

and here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:01:36 PM, on 1/2/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Glenn\AppData\Local\Temp\contactProfile.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Glenn\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15627

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Users\Glenn\AppData\Roaming\Updater.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Glenn\AppData\Roaming\Updater.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe (file missing)

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe (file missing)

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12984 bytes

thank you.

Link to post
Share on other sites

Hi and Welcome,

Please copy and paste all requested scan logs into your reply and do NOT attach them!!

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download OTL and save it on your desktop:

http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
  • Do NOT touch your keyboard until the scan is done!!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
  • Copy/Paste OTL.txt and attach Extras.txt into your next reply,
  • Exit OTL by clicking the X at top right.

Link to post
Share on other sites

nothing found in the tdss but here's the log:

2011/01/03 15:59:32.0921 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/03 15:59:32.0921 ================================================================================

2011/01/03 15:59:32.0921 SystemInfo:

2011/01/03 15:59:32.0921

2011/01/03 15:59:32.0921 OS Version: 6.0.6001 ServicePack: 1.0

2011/01/03 15:59:32.0921 Product type: Workstation

2011/01/03 15:59:32.0921 ComputerName: GLENN-PC

2011/01/03 15:59:32.0921 UserName: Glenn

2011/01/03 15:59:32.0921 Windows directory: C:\Windows

2011/01/03 15:59:32.0921 System windows directory: C:\Windows

2011/01/03 15:59:32.0921 Running under WOW64

2011/01/03 15:59:32.0921 Processor architecture: Intel x64

2011/01/03 15:59:32.0921 Number of processors: 2

2011/01/03 15:59:32.0921 Page size: 0x1000

2011/01/03 15:59:32.0921 Boot type: Normal boot

2011/01/03 15:59:32.0921 ================================================================================

2011/01/03 15:59:32.0921 Utility is running under WOW64

2011/01/03 15:59:33.0279 Initialize success

2011/01/03 15:59:35.0963 ================================================================================

2011/01/03 15:59:35.0963 Scan started

2011/01/03 15:59:35.0963 Mode: Manual;

2011/01/03 15:59:35.0963 ================================================================================

2011/01/03 15:59:37.0008 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/01/03 15:59:37.0133 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

2011/01/03 15:59:37.0289 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/01/03 15:59:37.0367 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/01/03 15:59:37.0523 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/01/03 15:59:37.0569 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/01/03 15:59:37.0663 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys

2011/01/03 15:59:37.0788 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/01/03 15:59:37.0928 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/01/03 15:59:37.0975 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/01/03 15:59:38.0022 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys

2011/01/03 15:59:38.0022 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys

2011/01/03 15:59:38.0115 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/01/03 15:59:38.0178 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/01/03 15:59:38.0225 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/01/03 15:59:38.0256 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/01/03 15:59:38.0303 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/01/03 15:59:38.0349 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys

2011/01/03 15:59:38.0583 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys

2011/01/03 15:59:38.0630 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys

2011/01/03 15:59:38.0677 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys

2011/01/03 15:59:38.0739 BCM43XX (f509c4fd2eba6af4fd8794aeb6f3efb7) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/01/03 15:59:38.0849 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/01/03 15:59:38.0958 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2011/01/03 15:59:39.0005 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/01/03 15:59:39.0036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/01/03 15:59:39.0083 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/01/03 15:59:39.0114 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/01/03 15:59:39.0145 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/01/03 15:59:39.0161 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/01/03 15:59:39.0223 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/01/03 15:59:39.0270 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/01/03 15:59:39.0317 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

2011/01/03 15:59:39.0379 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys

2011/01/03 15:59:39.0457 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys

2011/01/03 15:59:39.0504 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/01/03 15:59:39.0551 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

2011/01/03 15:59:39.0597 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2011/01/03 15:59:39.0660 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys

2011/01/03 15:59:39.0707 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/01/03 15:59:39.0722 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys

2011/01/03 15:59:39.0785 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2011/01/03 15:59:39.0800 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/01/03 15:59:40.0065 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys

2011/01/03 15:59:40.0143 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

2011/01/03 15:59:40.0221 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys

2011/01/03 15:59:40.0268 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

2011/01/03 15:59:40.0362 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/01/03 15:59:40.0424 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

2011/01/03 15:59:40.0471 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/01/03 15:59:40.0533 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys

2011/01/03 15:59:40.0565 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2011/01/03 15:59:40.0611 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

2011/01/03 15:59:40.0627 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

2011/01/03 15:59:40.0689 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/01/03 15:59:40.0721 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/01/03 15:59:40.0752 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/01/03 15:59:40.0783 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/01/03 15:59:40.0830 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

2011/01/03 15:59:40.0861 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/01/03 15:59:40.0892 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/01/03 15:59:40.0970 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/01/03 15:59:41.0017 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2011/01/03 15:59:41.0064 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/01/03 15:59:41.0095 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/01/03 15:59:41.0157 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys

2011/01/03 15:59:41.0220 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys

2011/01/03 15:59:41.0298 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/01/03 15:59:41.0313 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/01/03 15:59:41.0360 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/01/03 15:59:41.0423 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys

2011/01/03 15:59:41.0501 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/01/03 15:59:41.0532 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/01/03 15:59:41.0563 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/01/03 15:59:41.0781 igfx (312e18684051457a275da878c75d69c2) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/01/03 15:59:42.0062 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/01/03 15:59:42.0171 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys

2011/01/03 15:59:42.0234 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys

2011/01/03 15:59:42.0281 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/01/03 15:59:42.0327 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/01/03 15:59:42.0405 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/01/03 15:59:42.0468 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/01/03 15:59:42.0530 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/01/03 15:59:42.0561 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/01/03 15:59:42.0639 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/01/03 15:59:42.0842 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/01/03 15:59:42.0983 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/01/03 15:59:43.0076 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys

2011/01/03 15:59:43.0107 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/01/03 15:59:43.0123 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/01/03 15:59:43.0170 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys

2011/01/03 15:59:43.0217 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/01/03 15:59:43.0310 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/01/03 15:59:43.0357 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/01/03 15:59:43.0373 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/01/03 15:59:43.0388 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/01/03 15:59:43.0404 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/01/03 15:59:43.0435 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/01/03 15:59:43.0482 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/01/03 15:59:43.0529 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/01/03 15:59:43.0560 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/01/03 15:59:43.0591 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/01/03 15:59:43.0653 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/01/03 15:59:43.0700 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/01/03 15:59:43.0731 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/01/03 15:59:43.0763 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/01/03 15:59:43.0778 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/01/03 15:59:43.0794 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

2011/01/03 15:59:43.0825 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/01/03 15:59:43.0856 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/01/03 15:59:43.0872 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/01/03 15:59:43.0903 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys

2011/01/03 15:59:43.0919 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/01/03 15:59:43.0997 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/01/03 15:59:44.0043 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/01/03 15:59:44.0075 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/01/03 15:59:44.0106 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/01/03 15:59:44.0153 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/01/03 15:59:44.0184 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

2011/01/03 15:59:44.0215 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/01/03 15:59:44.0277 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/01/03 15:59:44.0309 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

2011/01/03 15:59:44.0355 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

2011/01/03 15:59:44.0418 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

2011/01/03 15:59:44.0449 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/01/03 15:59:44.0480 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/01/03 15:59:44.0496 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/01/03 15:59:44.0527 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/01/03 15:59:44.0574 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/01/03 15:59:44.0605 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/03 15:59:44.0730 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys

2011/01/03 15:59:44.0839 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/01/03 15:59:44.0855 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

2011/01/03 15:59:44.0901 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/01/03 15:59:44.0964 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

2011/01/03 15:59:45.0057 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/01/03 15:59:45.0073 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/01/03 15:59:45.0089 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/01/03 15:59:45.0120 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/01/03 15:59:45.0245 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/01/03 15:59:45.0291 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/01/03 15:59:45.0307 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

2011/01/03 15:59:45.0354 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

2011/01/03 15:59:45.0385 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys

2011/01/03 15:59:45.0432 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/01/03 15:59:45.0479 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/01/03 15:59:45.0603 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

2011/01/03 15:59:45.0635 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/01/03 15:59:45.0713 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

2011/01/03 15:59:45.0775 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/01/03 15:59:45.0853 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/01/03 15:59:45.0869 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/01/03 15:59:45.0900 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/01/03 15:59:45.0947 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/01/03 15:59:45.0978 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/01/03 15:59:46.0025 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

2011/01/03 15:59:46.0056 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

2011/01/03 15:59:46.0071 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/01/03 15:59:46.0118 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/01/03 15:59:46.0134 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/01/03 15:59:46.0181 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

2011/01/03 15:59:46.0243 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/01/03 15:59:46.0290 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/01/03 15:59:46.0337 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys

2011/01/03 15:59:46.0368 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/01/03 15:59:46.0446 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

2011/01/03 15:59:46.0493 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/01/03 15:59:46.0524 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/01/03 15:59:46.0555 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/01/03 15:59:46.0586 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/01/03 15:59:46.0633 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/01/03 15:59:46.0664 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/01/03 15:59:46.0680 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/01/03 15:59:46.0711 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/01/03 15:59:46.0742 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/01/03 15:59:46.0758 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/01/03 15:59:46.0789 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

2011/01/03 15:59:46.0851 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

2011/01/03 15:59:46.0945 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys

2011/01/03 15:59:46.0976 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys

2011/01/03 15:59:47.0039 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/01/03 15:59:47.0117 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/01/03 15:59:47.0148 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/01/03 15:59:47.0179 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/01/03 15:59:47.0195 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/01/03 15:59:47.0226 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/01/03 15:59:47.0319 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys

2011/01/03 15:59:47.0444 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys

2011/01/03 15:59:47.0569 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

2011/01/03 15:59:47.0616 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/01/03 15:59:47.0647 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/01/03 15:59:47.0678 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

2011/01/03 15:59:47.0709 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

2011/01/03 15:59:47.0772 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/01/03 15:59:47.0819 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/01/03 15:59:47.0834 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

2011/01/03 15:59:47.0881 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/01/03 15:59:47.0912 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

2011/01/03 15:59:47.0959 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/01/03 15:59:48.0021 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/01/03 15:59:48.0053 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/01/03 15:59:48.0084 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/01/03 15:59:48.0099 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/01/03 15:59:48.0177 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys

2011/01/03 15:59:48.0240 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/01/03 15:59:48.0302 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/01/03 15:59:48.0349 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

2011/01/03 15:59:48.0380 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

2011/01/03 15:59:48.0411 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/01/03 15:59:48.0458 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2011/01/03 15:59:48.0505 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/01/03 15:59:48.0552 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/01/03 15:59:48.0583 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2011/01/03 15:59:48.0630 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/01/03 15:59:48.0661 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/01/03 15:59:48.0692 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys

2011/01/03 15:59:48.0755 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

2011/01/03 15:59:48.0770 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

2011/01/03 15:59:48.0864 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

2011/01/03 15:59:48.0879 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/01/03 15:59:48.0926 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/01/03 15:59:48.0989 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/03 15:59:49.0004 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/03 15:59:49.0051 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/01/03 15:59:49.0113 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/01/03 15:59:49.0269 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/01/03 15:59:49.0394 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/01/03 15:59:49.0425 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2011/01/03 15:59:49.0488 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/01/03 15:59:49.0550 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys

2011/01/03 15:59:49.0659 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

2011/01/03 15:59:49.0722 ================================================================================

2011/01/03 15:59:49.0722 Scan finished

2011/01/03 15:59:49.0722 ================================================================================

2011/01/03 16:00:47.0535 ================================================================================

2011/01/03 16:00:47.0535 Scan started

2011/01/03 16:00:47.0535 Mode: Manual;

2011/01/03 16:00:47.0535 ================================================================================

2011/01/03 16:00:48.0066 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/01/03 16:00:48.0128 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

2011/01/03 16:00:48.0144 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/01/03 16:00:48.0175 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/01/03 16:00:48.0191 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/01/03 16:00:48.0222 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/01/03 16:00:48.0269 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys

2011/01/03 16:00:48.0378 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/01/03 16:00:48.0425 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/01/03 16:00:48.0456 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/01/03 16:00:48.0534 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys

2011/01/03 16:00:48.0549 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys

2011/01/03 16:00:48.0581 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/01/03 16:00:48.0627 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/01/03 16:00:48.0690 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/01/03 16:00:48.0705 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/01/03 16:00:48.0752 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/01/03 16:00:48.0783 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys

2011/01/03 16:00:48.0908 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys

2011/01/03 16:00:48.0986 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys

2011/01/03 16:00:49.0064 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys

2011/01/03 16:00:49.0127 BCM43XX (f509c4fd2eba6af4fd8794aeb6f3efb7) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/01/03 16:00:49.0298 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/01/03 16:00:49.0314 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2011/01/03 16:00:49.0345 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/01/03 16:00:49.0376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/01/03 16:00:49.0485 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/01/03 16:00:49.0532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/01/03 16:00:49.0548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/01/03 16:00:49.0579 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/01/03 16:00:49.0626 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/01/03 16:00:49.0735 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/01/03 16:00:49.0766 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

2011/01/03 16:00:49.0844 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys

2011/01/03 16:00:49.0907 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys

2011/01/03 16:00:50.0016 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/01/03 16:00:50.0078 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

2011/01/03 16:00:50.0094 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2011/01/03 16:00:50.0219 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys

2011/01/03 16:00:50.0281 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/01/03 16:00:50.0297 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys

2011/01/03 16:00:50.0328 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2011/01/03 16:00:50.0343 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/01/03 16:00:50.0453 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys

2011/01/03 16:00:50.0499 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

2011/01/03 16:00:50.0640 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys

2011/01/03 16:00:50.0718 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

2011/01/03 16:00:50.0780 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/01/03 16:00:50.0811 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

2011/01/03 16:00:50.0889 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/01/03 16:00:50.0952 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys

2011/01/03 16:00:50.0983 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2011/01/03 16:00:51.0014 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

2011/01/03 16:00:51.0077 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

2011/01/03 16:00:51.0217 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/01/03 16:00:51.0233 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/01/03 16:00:51.0279 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/01/03 16:00:51.0295 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/01/03 16:00:51.0326 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

2011/01/03 16:00:51.0435 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/01/03 16:00:51.0467 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/01/03 16:00:51.0545 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/01/03 16:00:51.0607 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2011/01/03 16:00:51.0669 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/01/03 16:00:51.0685 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/01/03 16:00:51.0732 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys

2011/01/03 16:00:51.0857 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys

2011/01/03 16:00:51.0950 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/01/03 16:00:51.0981 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/01/03 16:00:52.0013 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/01/03 16:00:52.0091 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys

2011/01/03 16:00:52.0153 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/01/03 16:00:52.0200 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/01/03 16:00:52.0231 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/01/03 16:00:52.0434 igfx (312e18684051457a275da878c75d69c2) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/01/03 16:00:52.0543 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/01/03 16:00:52.0683 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys

2011/01/03 16:00:52.0715 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys

2011/01/03 16:00:52.0746 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/01/03 16:00:52.0793 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/01/03 16:00:52.0855 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/01/03 16:00:52.0964 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/01/03 16:00:53.0011 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/01/03 16:00:53.0136 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/01/03 16:00:53.0183 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/01/03 16:00:53.0214 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/01/03 16:00:53.0229 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/01/03 16:00:53.0276 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys

2011/01/03 16:00:53.0323 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/01/03 16:00:53.0432 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/01/03 16:00:53.0463 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys

2011/01/03 16:00:53.0495 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/01/03 16:00:53.0557 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/01/03 16:00:53.0604 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/01/03 16:00:53.0619 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/01/03 16:00:53.0635 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/01/03 16:00:53.0666 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/01/03 16:00:53.0682 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/01/03 16:00:53.0729 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/01/03 16:00:53.0791 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/01/03 16:00:53.0900 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/01/03 16:00:53.0963 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/01/03 16:00:53.0994 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/01/03 16:00:54.0056 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/01/03 16:00:54.0072 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/01/03 16:00:54.0119 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/01/03 16:00:54.0134 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/01/03 16:00:54.0150 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

2011/01/03 16:00:54.0212 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/01/03 16:00:54.0306 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/01/03 16:00:54.0384 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/01/03 16:00:54.0415 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys

2011/01/03 16:00:54.0431 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/01/03 16:00:54.0493 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/01/03 16:00:54.0555 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/01/03 16:00:54.0587 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/01/03 16:00:54.0618 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/01/03 16:00:54.0649 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/01/03 16:00:54.0696 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

2011/01/03 16:00:54.0774 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/01/03 16:00:54.0821 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/01/03 16:00:54.0867 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

2011/01/03 16:00:55.0008 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

2011/01/03 16:00:55.0055 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

2011/01/03 16:00:55.0117 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/01/03 16:00:55.0195 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/01/03 16:00:55.0226 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/01/03 16:00:55.0257 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/01/03 16:00:55.0304 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/01/03 16:00:55.0320 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/03 16:00:55.0445 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys

2011/01/03 16:00:55.0476 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/01/03 16:00:55.0507 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

2011/01/03 16:00:55.0538 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/01/03 16:00:55.0601 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

2011/01/03 16:00:55.0632 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/01/03 16:00:55.0694 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/01/03 16:00:55.0710 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/01/03 16:00:55.0757 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/01/03 16:00:56.0022 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/01/03 16:00:56.0256 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/01/03 16:00:56.0396 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

2011/01/03 16:00:56.0474 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

2011/01/03 16:00:56.0505 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys

2011/01/03 16:00:56.0537 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/01/03 16:00:56.0583 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/01/03 16:00:56.0724 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

2011/01/03 16:00:56.0786 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/01/03 16:00:56.0864 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

2011/01/03 16:00:56.0989 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/01/03 16:00:57.0036 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/01/03 16:00:57.0067 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/01/03 16:00:57.0129 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/01/03 16:00:57.0176 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/01/03 16:00:57.0223 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/01/03 16:00:57.0239 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

2011/01/03 16:00:57.0270 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

2011/01/03 16:00:57.0285 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/01/03 16:00:57.0348 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/01/03 16:00:57.0363 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/01/03 16:00:57.0426 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

2011/01/03 16:00:57.0473 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/01/03 16:00:57.0535 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/01/03 16:00:57.0566 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys

2011/01/03 16:00:57.0613 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/01/03 16:00:57.0738 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

2011/01/03 16:00:57.0831 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/01/03 16:00:57.0909 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/01/03 16:00:57.0956 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/01/03 16:00:58.0003 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/01/03 16:00:58.0050 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/01/03 16:00:58.0112 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/01/03 16:00:58.0159 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/01/03 16:00:58.0190 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/01/03 16:00:58.0237 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/01/03 16:00:58.0253 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/01/03 16:00:58.0299 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

2011/01/03 16:00:58.0393 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

2011/01/03 16:00:58.0440 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys

2011/01/03 16:00:58.0471 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys

2011/01/03 16:00:58.0518 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/01/03 16:00:58.0627 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/01/03 16:00:58.0658 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/01/03 16:00:58.0736 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/01/03 16:00:58.0752 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/01/03 16:00:58.0799 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/01/03 16:00:58.0892 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys

2011/01/03 16:00:58.0970 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys

2011/01/03 16:00:59.0033 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

2011/01/03 16:00:59.0064 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/01/03 16:00:59.0095 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/01/03 16:00:59.0111 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

2011/01/03 16:00:59.0173 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

2011/01/03 16:00:59.0298 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/01/03 16:00:59.0329 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/01/03 16:00:59.0345 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

2011/01/03 16:00:59.0391 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/01/03 16:00:59.0438 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

2011/01/03 16:00:59.0485 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/01/03 16:00:59.0532 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/01/03 16:00:59.0547 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/01/03 16:00:59.0563 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/01/03 16:00:59.0688 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/01/03 16:00:59.0797 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys

2011/01/03 16:00:59.0891 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/01/03 16:00:59.0969 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/01/03 16:01:00.0000 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

2011/01/03 16:01:00.0047 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

2011/01/03 16:01:00.0109 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/01/03 16:01:00.0203 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2011/01/03 16:01:00.0312 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/01/03 16:01:00.0343 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/01/03 16:01:00.0390 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2011/01/03 16:01:00.0421 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/01/03 16:01:00.0468 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/01/03 16:01:00.0499 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys

2011/01/03 16:01:00.0530 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

2011/01/03 16:01:00.0561 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

2011/01/03 16:01:00.0655 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

2011/01/03 16:01:00.0671 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/01/03 16:01:00.0702 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/01/03 16:01:00.0733 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/03 16:01:00.0733 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/03 16:01:00.0811 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/01/03 16:01:00.0889 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/01/03 16:01:00.0983 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/01/03 16:01:01.0139 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/01/03 16:01:01.0185 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2011/01/03 16:01:01.0232 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/01/03 16:01:01.0279 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys

2011/01/03 16:01:01.0357 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

2011/01/03 16:01:01.0451 ================================================================================

2011/01/03 16:01:01.0451 Scan finished

2011/01/03 16:01:01.0451 ================================================================================

here's the OTL.txt log:

OTL logfile created on: 1/3/2011 4:03:53 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Glenn\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.39 Gb Total Space | 199.78 Gb Free Space | 70.25% Space Free | Partition Type: NTFS

Drive D: | 13.70 Gb Total Space | 2.10 Gb Free Space | 15.32% Space Free | Partition Type: NTFS

Computer Name: GLENN-PC | User Name: Glenn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/03 16:02:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Glenn\Desktop\OTL.exe

PRC - [2011/01/03 15:57:14 | 000,584,192 | ---- | M] () -- C:\Users\Glenn\AppData\Local\Temp\contactProfile.exe

PRC - [2010/11/24 09:48:16 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2010/11/24 09:47:04 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

PRC - [2010/09/20 13:03:22 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe

PRC - [2010/09/20 13:03:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

PRC - [2010/02/25 02:41:40 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009/05/25 16:21:33 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe

PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe

PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

PRC - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2011/01/03 16:02:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Glenn\Desktop\OTL.exe

MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2008/09/11 06:53:00 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/09/20 13:03:22 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/09/20 13:03:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/02/25 02:41:40 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)

SRV - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)

SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/09/20 13:05:11 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2010/09/20 13:05:06 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2010/09/20 13:05:05 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/05/25 16:37:44 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/09/11 06:54:44 | 000,465,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/09/02 08:21:04 | 008,034,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/07/22 10:42:34 | 000,170,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/07/15 03:20:42 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/31 18:23:14 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®

DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/05/25 15:17:28] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15627

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/24 09:49:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/31 22:37:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 01:34:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/11 01:34:50 | 000,000,000 | ---D | M]

[2010/01/19 17:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glenn\AppData\Roaming\Mozilla\Extensions

[2011/01/01 23:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\i12w7wvm.default\extensions

[2010/12/21 19:37:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\i12w7wvm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2011/01/01 23:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/12/05 17:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/12/03 18:47:21 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/12/31 19:06:43 | 000,317,076 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 10879 more lines...

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Glenn\AppData\Roaming\Updater.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Glenn\AppData\Roaming\Updater.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll ()

O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{046eef5b-c0e9-11df-88fa-00235aa405e3}\Shell\AutoRun\command - "" = slacker.synclauncher.exe

O33 - MountPoints2\{046eef5b-c0e9-11df-88fa-00235aa405e3}\Shell\slacker\command - "" = slacker.synclauncher.exe

O33 - MountPoints2\{21c97b2b-a57e-11de-b962-00235aa405e3}\Shell - "" = AutoRun

O33 - MountPoints2\{21c97b2b-a57e-11de-b962-00235aa405e3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{42d7671f-6c25-11de-bf28-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{42d7671f-6c25-11de-bf28-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Belkin_Setup_and_Monitor_Install.exe -- File not found

O33 - MountPoints2\{6fb21a44-f8ff-11df-a703-00235aa405e3}\Shell\AutoRun\command - "" = WDSetup.exe

O33 - MountPoints2\{842a0392-a0c6-11de-8d47-00235aa405e3}\Shell\Auto\command - "" = F:\autorun.bat -- File not found

O33 - MountPoints2\{842a0392-a0c6-11de-8d47-00235aa405e3}\Shell\explore\Command - "" = F:\autorun.bat -- File not found

O33 - MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\Shell\AutoRun\command - "" = mb9x.exe

O33 - MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\Shell\open\Command - "" = mb9x.exe

O33 - MountPoints2\{c3872e20-ead2-11df-8cce-00235aa405e3}\Shell\AutoRun\command - "" = F:\Connect.exe -- File not found

O33 - MountPoints2\{c3872e25-ead2-11df-8cce-00235aa405e3}\Shell - "" = AutoRun

O33 - MountPoints2\{c3872e25-ead2-11df-8cce-00235aa405e3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 16:02:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Glenn\Desktop\OTL.exe

[2011/01/03 15:59:11 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Glenn\Desktop\TDSSKiller.exe

[2011/01/01 22:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/31 19:26:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/12/31 19:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2010/12/31 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/12/25 21:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze

[2010/12/25 21:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres

[2010/12/25 21:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin

[2010/12/25 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin

[2010/12/25 21:37:47 | 000,000,000 | -H-D | C] -- C:\Users\Glenn\{e1de3ecc-5a94-4b53-8092-f2e754998e5d}

[2010/12/25 21:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin

[2010/12/25 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin

[2010/12/25 21:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy

[2010/12/18 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS

[2010/12/05 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/12/05 17:48:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/12/05 17:48:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/12/05 17:48:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/12/05 17:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

========== Files - Modified Within 30 Days ==========

[2011/01/03 16:02:36 | 000,007,556 | -H-- | M] () -- C:\Users\Glenn\AppData\Roaming\cglogs.dat

[2011/01/03 16:02:20 | 000,804,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/03 16:02:20 | 000,675,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/03 16:02:20 | 000,131,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/03 16:02:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Glenn\Desktop\OTL.exe

[2011/01/03 15:58:46 | 069,667,536 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2011/01/03 15:57:00 | 000,000,680 | ---- | M] () -- C:\Users\Glenn\AppData\Local\d3d9caps.dat

[2011/01/03 15:54:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/03 15:54:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/03 15:54:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/03 15:54:35 | 4193,210,368 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/02 14:01:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/12/31 19:06:43 | 000,317,076 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/12/28 16:53:27 | 000,002,239 | ---- | M] () -- C:\Users\Glenn\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/12/28 16:03:56 | 000,216,576 | ---- | M] () -- C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/22 17:57:17 | 000,021,064 | ---- | M] () -- C:\Users\Glenn\Desktop\Schedule Spring 2011.xlsx

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Glenn\Desktop\TDSSKiller.exe

[2010/12/05 17:43:38 | 000,001,802 | ---- | M] () -- C:\Users\Glenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/05 02:14:50 | 000,317,076 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101231-190642.backup

========== Files Created - No Company Name ==========

[2010/12/31 20:13:40 | 000,000,680 | ---- | C] () -- C:\Users\Glenn\AppData\Local\d3d9caps.dat

[2010/12/05 18:52:52 | 000,021,064 | ---- | C] () -- C:\Users\Glenn\Desktop\Schedule Spring 2011.xlsx

[2010/12/05 17:43:38 | 000,001,802 | ---- | C] () -- C:\Users\Glenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/03 18:47:37 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2010/09/28 22:20:33 | 000,017,043 | ---- | C] () -- C:\Users\Glenn\AppData\Roaming\UserTile.png

[2010/09/24 21:06:02 | 000,752,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/03/06 00:33:56 | 000,000,000 | ---- | C] () -- C:\Users\Glenn\AppData\Local\FnF4.txt

[2009/11/27 21:11:54 | 000,000,008 | ---- | C] () -- C:\Users\Glenn\AppData\Roaming\usb.dat.bin

[2009/08/29 21:25:44 | 000,216,576 | ---- | C] () -- C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/10 21:42:13 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys

[2009/07/08 12:19:08 | 000,000,000 | ---- | C] () -- C:\Users\Glenn\AppData\Local\QSwitch.txt

[2009/07/08 12:19:08 | 000,000,000 | ---- | C] () -- C:\Users\Glenn\AppData\Local\DSwitch.txt

[2009/07/08 12:19:08 | 000,000,000 | ---- | C] () -- C:\Users\Glenn\AppData\Local\AtStart.txt

[2009/07/08 12:19:06 | 000,041,234 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2009/05/25 17:43:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2009/05/25 17:43:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2009/05/25 17:42:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2009/05/25 17:42:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2009/05/25 17:40:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2009/02/23 01:09:27 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/02/23 01:02:34 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009/02/23 01:00:26 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/02/23 00:58:52 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2005/07/06 23:40:31 | 000,873,984 | RHS- | C] () -- C:\Users\Glenn\AppData\Roaming\Updater.exe

[2005/05/27 02:45:09 | 000,007,556 | -H-- | C] () -- C:\Users\Glenn\AppData\Roaming\cglogs.dat

========== LOP Check ==========

[2009/07/08 12:33:59 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\acccore

[2010/09/28 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/09/08 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\funkitron

[2009/09/08 23:25:27 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\iWin

[2009/07/08 13:57:14 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\Ludia

[2010/09/24 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\Mestrelab Research S.L

[2010/12/03 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\Mobipocket

[2010/05/09 01:03:55 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\ooVoo Details

[2010/09/28 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\PeerNetworking

[2009/09/12 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\PlayFirst

[2010/09/20 12:38:20 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\uTorrent

[2009/07/10 21:42:14 | 000,000,000 | ---D | M] -- C:\Users\Glenn\AppData\Roaming\Webcammax

[2011/01/02 14:01:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >

Link to post
Share on other sites

and here is the extras.txt log:

OTL Extras logfile created on: 1/3/2011 4:03:53 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Glenn\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.39 Gb Total Space | 199.78 Gb Free Space | 70.25% Space Free | Partition Type: NTFS

Drive D: | 13.70 Gb Total Space | 2.10 Gb Free Space | 15.32% Space Free | Partition Type: NTFS

Computer Name: GLENN-PC | User Name: Glenn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{13EC3D52-27DA-4285-817D-A793405E51E8}" = rport=137 | protocol=17 | dir=out | app=system |

"{2A7ABF8B-7D49-4FD1-A376-48B15532CC91}" = lport=138 | protocol=17 | dir=in | app=system |

"{73FA4482-2683-4B7C-89C6-7AB5A30F2814}" = lport=137 | protocol=17 | dir=in | app=system |

"{81B328CE-4B08-48B4-B86D-EB0E23B7B5A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{8F63CAEB-2D20-4750-9CAA-91945F4E1B76}" = rport=445 | protocol=6 | dir=out | app=system |

"{924AC398-7738-4E00-9183-2CCDDB3B96E6}" = rport=139 | protocol=6 | dir=out | app=system |

"{9E2A21F4-286D-4616-BE0C-CA6803D15E48}" = lport=445 | protocol=6 | dir=in | app=system |

"{BFF9578C-42DA-4183-A8A6-6B114FFA24BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{CDF7A021-5FB9-4D7A-90A9-59AB1E5F2925}" = lport=139 | protocol=6 | dir=in | app=system |

"{FF8DFA96-6D64-4D33-87C1-3B4221B9B072}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05D8930D-1526-4CE5-A4FE-8FE0EE667702}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{07D73757-DEAA-4AED-A66F-FE90A8E81754}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{0BF7B896-C07C-4076-856B-F09A447B39D4}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{183E9CDB-A5AD-4C5E-8469-8F4D1E77A764}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{1AA9DE7F-65E0-481A-AEF9-AB86116E0683}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{1B4238D2-2692-43BB-9292-A4E2B998E69C}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{1C6B5821-E7BB-473A-BC6B-EEC157E67085}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{241C03CE-533A-4D66-A704-1C128E118D80}" = protocol=6 | dir=in | app=c:\users\glenn\downloads\pdf_converter.exe |

"{24A7B9EE-8F6E-4AFA-8E97-81F58F439852}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{283980E1-2188-4876-BC5A-FF622457D4AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{2AC1690E-0DC0-4163-8C31-E92728587769}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{2CB6D867-D6B4-4847-B4A7-A673C50A9C84}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{33238A79-6548-43BA-8657-DF753B583B74}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{33ECD588-84C7-4C69-9A56-FDBC1E39C49C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{3435B328-657D-4F6C-989E-B24CC29B8C49}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{39AAB840-CE72-4C9B-B9DF-85198DC9E692}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{3AE090F6-09BE-4544-8949-E3B4AAF75F30}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{41AC2F02-AA18-4CA8-9C55-D73A6D665B50}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{4BBDE735-B902-4A99-AE3B-70F0B14F8D2A}" = protocol=17 | dir=in | app=c:\users\glenn\downloads\pdf_converter.exe |

"{4C1D311C-2200-4732-ADF1-FFA74ECDA443}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{4C5A0909-2490-41D2-A3D8-2345B4F5BBB7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{5098521F-38B4-4485-A656-BCEB081BA262}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{50BE0575-EBCE-4C17-B286-90211A4F88E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{5336C226-944A-49DF-9A15-35ECD0DAE64A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{596AC15B-BE2C-4099-9F7D-E1368940EF14}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |

"{59E460E6-248C-4C44-951E-0D16377C1AF8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{61DDF95D-1F41-46CD-AD9E-4C0796BD8F03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{65526B16-C3D3-47C4-973D-A95ECD6CDC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7B5EAD6F-C231-49D5-BE34-975A5EB101E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |

"{8E166824-8B47-4DD3-B714-692A8F38AFBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{92363AD8-E608-4AAA-BABB-05EF1C8DB41A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{9DC0FB41-1215-4FDD-9FE3-2EB6D5CD2BBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{C1037953-7743-492A-90CA-60307D5339A3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{C3D2E49E-1E4F-4B0C-A5BC-70ADF30E9DBE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{C41AD297-B324-474E-9E83-1F9945E78E3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{D470FA45-CFAC-40E6-B7F4-D1A2B5D46BE9}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{D912F738-2E75-45AE-B052-7AAC13B95BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E2CE1624-0175-4ACE-998C-469874965591}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{E5E153C4-CC8D-4F0D-BFE8-1EC4DB76CEFF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{E6236ED1-8AC2-49D6-BE0A-BC720AC487C2}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{F8741BCD-C651-4EE6-AA04-AEFB350DB1F1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{F93314F8-73A3-4273-8A57-1E76B8371F1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{FF4F713E-5E27-4D19-94A8-6F0FE20BC2AD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"TCP Query User{0DEE15F9-9684-45E3-B3CD-F6B833FB8886}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |

"TCP Query User{2EF37222-1ABD-4CC1-A2F4-A07C4A23F7E0}C:\users\glenn\downloads\dc++\left-for-dead-2\left.4.dead.2-thepirategay\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\glenn\downloads\dc++\left-for-dead-2\left.4.dead.2-thepirategay\left4dead2.exe |

"TCP Query User{45EAD751-6FE7-4A59-BB36-F0D8026ABAA3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{47A5F562-58FA-4495-94DD-322CB4413EA7}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |

"TCP Query User{5A10DA0E-1FB4-4ED1-9AF5-D166F98BA046}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"TCP Query User{6B88BD01-B042-46C6-8BF9-DCBD7F8F3679}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |

"TCP Query User{9B0FC1DC-6E53-4AD3-980C-98BA5762B8EB}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |

"TCP Query User{B2068203-2918-4063-A77E-A85D17FB0A34}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |

"TCP Query User{B32E2C70-A6FE-43A6-8249-02998DD84B21}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{02093B52-C70E-400B-9186-0926E79AD278}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"UDP Query User{438F020C-7D64-4D81-A37C-41EF1D804C83}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |

"UDP Query User{49267D1A-6275-45DA-A413-C9647E80BD2F}C:\users\glenn\downloads\dc++\left-for-dead-2\left.4.dead.2-thepirategay\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\glenn\downloads\dc++\left-for-dead-2\left.4.dead.2-thepirategay\left4dead2.exe |

"UDP Query User{68D1BCE7-F31E-4740-AB5D-7E41440E2639}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |

"UDP Query User{99CDADEA-C558-4C0F-BB48-E31702BD7EBF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{A6634E63-E04B-4783-8613-DDFE871635EB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{C42DFB2D-BF51-4075-8D40-300FCBE44C57}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |

"UDP Query User{CCB2B79B-1EFF-4219-B5C2-A5FDA711F80B}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |

"UDP Query User{D084CF18-8039-4B75-9C63-5CA3E12B7A8C}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu

"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA

"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update

"{4916DFBD-403B-4707-AA64-294DC082B99F}" = HP Total Care Setup

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools

"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0

"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar

"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client

"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal

"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM_6" = AIM 6

"AVG9Uninstall" = AVG Free 9.0

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DC++" = DC++ 0.674

"Guild Wars" = Guild Wars

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MestReNova LITE" = MestReNova LITE 5.2.5-5780

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"PunkBusterSvc" = PunkBuster Services

"uTorrent" =

Link to post
Share on other sites

Hello,

You should enable UAC because it is turned off and it is there to protect You!! I have no idea whether You or the infections you've had turned it off so please tell me!!

You apparently have an infected external storage device such as a USB flash drive. That is what the Mountpoint entries in the log below refer to - For example:

O33 - MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\Shell\AutoRun\command - "" = mb9x.exe

Please launch OTL.exe again

Under the Custom Scans/Fixes box at the bottom, paste in the following text in the code box:

:Files
c:\Users\Glenn\AppData\Local\Temp\XxX.xXx

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Glenn\AppData\Roaming\Updater.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Glenn\AppData\Roaming\Updater.exe ()
[2010/12/28 16:03:56 | 000,216,576 | ---- | M] () -- C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/29 21:25:44 | 000,216,576 | ---- | C] () -- C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/06 23:40:31 | 000,873,984 | RHS- | C] () -- C:\Users\Glenn\AppData\Roaming\Updater.exe
[2005/05/27 02:45:09 | 000,007,556 | -H-- | C] () -- C:\Users\Glenn\AppData\Roaming\cglogs.dat
O33 - MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\Shell\AutoRun\command - "" = mb9x.exe
O33 - MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\Shell\open\Command - "" = mb9x.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done (if it doesn't reboot automatically)

Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1

http://www.geekstogo.com/forum/redirect.ph...FSystemLook.exe

Download Mirror #2

http://www.geekstogo.com/forum/redirect.ph...FSystemLook.exe

Right-click SystemLook, select Run as Administrator, and copy/paste the following into the box

 :filefind
mb9x.exe

* Hit the Look button. Let it finish the scan

* A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop:

1. 32 bit operating system version download

2. 64 bit operating system version download <== YOURS

Rename it as You download it to iexplore.exe

Double-click iexplore.exe on your Desktop to run it

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Click on Start => Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

Please post the OTL log.

Then run an updated MBAM Quick Scan, remove all infections found, and post that log, too.

Post the SystemLook and MSRT logs as well.

Link to post
Share on other sites

OTL log

All processes killed

========== FILES ==========

c:\Users\Glenn\AppData\Local\Temp\XxX.xXx moved successfully.

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.

C:\Users\Glenn\AppData\Roaming\Updater.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.

File C:\Users\Glenn\AppData\Roaming\Updater.exe not found.

C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

File C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.

File C:\Users\Glenn\AppData\Roaming\Updater.exe not found.

C:\Users\Glenn\AppData\Roaming\cglogs.dat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b51ff780-0f09-11e0-84db-00235aa405e3}\ not found.

File mb9x.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b51ff780-0f09-11e0-84db-00235aa405e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b51ff780-0f09-11e0-84db-00235aa405e3}\ not found.

File mb9x.exe not found.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Glenn

->Temp folder emptied: 884956 bytes

->Temporary Internet Files folder emptied: 72283307 bytes

->Java cache emptied: 18742134 bytes

->FireFox cache emptied: 105762050 bytes

->Google Chrome cache emptied: 372025903 bytes

->Flash cache emptied: 388734 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 305987168 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 836.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Glenn

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.1 log created on 01032011_234713

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

C:\Users\Glenn\AppData\Local\Temp\ehmsas.txt moved successfully.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

How are things running now? Is that mysterious desktop programs folder still appearing?

How about the MSRT log? Did you perform that scan?

Please perform a scan with the ESET online virus scanner. You can expect some detections in system volume information. They will not represent active malware so don't worry:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats. is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done, please post the scan report in your next reply. It can be found in this location:

C:\Program Files\EsetOnlineScanner\log.txt

Note to Windows 7 and Vista users, and anyone with restrictive IE security settings:

Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode).

To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then UNcheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.

Link to post
Share on other sites

was running MSRT scan. took awhile. here's the log for that:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.14, December 2010

Started On Tue Jan 04 00:18:54 2011

Extended Scan Results

----------------

->Scan ERROR: resource process://pid:1216 (code 0x00000005 (5))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\System Volume Information\{0c14e5d4-160e-11e0-8fcb-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{1b83ffff-17bd-11e0-9a6b-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{1c7e9de3-11fe-11e0-a81e-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{54c3cca4-113a-11e0-abc6-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{66186fe7-13b0-11e0-853b-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{7a93d25e-1098-11e0-8cb9-00235aa405e3}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (code 0x00000005 (5))

->Scan ERROR: resource file://C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (code 0x00000005 (5))

->Scan ERROR: resource file://C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (code 0x00000005 (5))

->Scan ERROR: resource file://C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (code 0x00000005 (5))

No infection found as part of the extended scan

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 04 02:17:11 2011

Return code: 0 (0x0)

and here's the MBAM quick scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5431

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

1/4/2011 2:21:56 AM

mbam-log-2011-01-04 (02-21-56).txt

Scan type: Quick scan

Objects scanned: 155111

Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You're not infected any longer and that programs folder is a logistical issue that occurs because You're running 64 bit Windows 7, that also has the capability of running backward compatible 32 bit applications. This occurs at startup because Windows is attempting to start programs in that redirected programs folder which is no longer in its default location. Let's try to restore it to it's original location by doing the following.

Right-click the "Programs" folder on your desktop, and select "Properties" to bring up that folder's Properties dialog. Locate the "Location" tab: It will show this location:

C:\Users\<user name>\Desktop\Programs

If it doesn't tell me.

Now, hit the "Restore Default" button and save the changes by clicking Apply and the OK. When prompted by Windows choose the "Copy and Replace" option, and check the box to apply the changes to every file in the folder (you do not want to maintain two copies of that folder). Now that Programs folder will be restored to its original default location:

C:\Users\<User Name>\AppData\Roaming\Microsoft\Windows\Start Menu.

After You reboot your computer, the empty "Programs" folder shouldn't appear on your desktop.

I duplicated this on my PC to verify that it works. It is a little tricky because you are moving a Windows folder so there are system prompts to verify that you actually want to move the folder and it's contents!

Link to post
Share on other sites

thanks. that fixed just about everything on my laptop. i should be able to delete all the logs and stuff that were needed right?

and you mentioned that it was an infected external drive that caused the worm in the first place. how can i get rid of it without losing anything on the flash drive and without getting the worm again on the laptop (assuming it's one of the 3 flash drives that i own that caused the problem)?

Link to post
Share on other sites

i should be able to delete all the logs and stuff that were needed right?

I'm glad everything is working for you and I'll tell you how to delete those programs we used, but first follow these directions to remove/protect your USB flash drives:

Download and Run FlashDisinfector by sUBs and save it to your desktop.

http://www.techsupportforum.com/sectools/s...Disinfector.exe

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings

* The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.

* Wait until it has finished scanning and then exit the program.

* Reboot your computer when done.

Note: Flash Disinfector will create a hidden folder named autorun.inf in each partition and on every USB drive plugged in when you run it. Don't delete this folder. It will help protect your drives from future infection.

Link to post
Share on other sites

What flash disinfector does is immunize you so you are resistant to flash drive infections. Normally, such infections copy a file named autorun.inf to the root directory of your OS and execute the instructions contained within it. Those instructions include copying infected files from your flash drive to your primary OS drive and executing them. That is how the infection is spread!!

Flash disinfector creates a read only folder called autorun.inf on your C:\ drive and Windows will not overwrite that folder with a file by the same name.

Now, since the USB infection is no longer able to spread via the typical MO, you can safely plug in all your flash drives and scan them with MBAM and your antivirus to make sure there are no infected files present on them. Remember, this was the suspicious file that we were looking for:

mb9x.exe

Link to post
Share on other sites

Hi seewhatididthere and Excellent job!!!!

We have a few "housekeeping" steps to finish up now.

Flush your system restore points so you have a suitable backup should you need to restore your system files:

Turn off System Restore:

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot

Turn System Restore back on:

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

You should update your version of the Sun Java Platform (JRE) to the newest version which is Java Runtime Environment (JRE) 6 Update 23, if you have not done that already.

You can check your currently installed JRE version here.

If you find you need to update to the Java Runtime Environment (JRE) 6 Update 23, then follow these steps:

1. Download the latest JRE version clicking the "Agree and Start Free Download" button.

2. Save the installer to your desktop.

3. Close any programs you may have running - especially your web browser.

4. Next, remove all older versions of the Sun Java Platform using the Control Panel's Add/Remove Program feature (as they may contain security vulnerabilities).

5. Reboot your system

6. Then from your desktop double-click on jxpiinstall.exe to install the newest version of the Sun Java Platform

7. "Install the Yahoo Toolbar' is prechecked by default, so be sure to UNCHECK it, if you do not care to have it, or You already have it installed - it is NOT part of the JRE install and it is NOT required for any Java applications.

8. You may verify that the current version installed properly by clicking http://java.com/en/download/installed.jsp here.

--------------------

Now clear the Java cache:

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*] Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

As Java Cache can be an infection repository, You can quickly scan it periodically for infectious elements, by right-clicking the following folder and selecting the "Scan with <Your antivirus>" option:

The location of this folder usually is:

In XP:

C:\Documents and Settings\<user_name>\Application Data\Sun\Java\Deployment\cache\

In Vista and Windows 7:

C:\Users\<user_name>\AppData\LocalLow\Sun\Java\Deployment\cache\

If I asked you to download and run an ARK (Antirootkit program) such as Gmer, Rootkit Unhooker, or Root Repeal, then please uninstall it by doing the following:

  • Delete the contents of the C:\ARK folder (or whatever folder you chose to install the antirootkit in)
  • Delete the C:\ARK folder(or whatever folder you chose to install the antirootkit in)

If I asked You to download OTL, TDSSKiller, MBRCheck or mbr.exe, please delete these programs from your Desktop (or their download location), and you can also delete their logs.

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI)

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. Then, check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

Finally, please follow the suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

HAPPY SURFING!! :D

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.