TechSpot

Trojan that won't go away.....

Solved
By rajela
Mar 19, 2012
  1. the Trojan that Malwarebytes found will not delete on reboot......machine will not reboot on restart it has to have hard start.



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.16.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Scott :: SCOTT-HP [administrator]

    3/19/2012 9:38:49 AM
    mbam-log-2012-03-19 (09-38-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205439
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 5948 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)





    GMER
    Did not find any modifications so no report was produced.




    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Run by Scott at 12:50:54 on 2012-03-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5942.3604 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Oracle\Primavera Common\JobService\prmJobSvJSDB.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\PhotoJoy\bin\PjApp.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Oracle\Primavera Common\Java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c
    uRun: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{66508733-E08B-4688-B0CC-DEB4F3F4FB56} : DhcpNameServer = 172.16.64.215 172.16.64.215
    TCP: Interfaces\{6E6B6BF0-D6C7-4F87-A5AD-6EF2D7ECC78A} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{9A25612B-18BB-4FD1-980D-5E90A5DA055E} : DhcpNameServer = 209.183.50.151 209.183.50.151
    TCP: Interfaces\{B376AD25-6E0F-4378-9670-05D4FFA61D35} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DCFCAEEC-B792-4A8F-9145-08951C2682F7} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DCFCAEEC-B792-4A8F-9145-08951C2682F7}\355647A75627 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Oracle\Primavera Common\Java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO-X64: JQSIEStartDetectorImpl - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - No File
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://newsok.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6c7335df-8374-4b99-9576-e0326c8da8dd%7D&mid=7dbfdf41874d47d191bcd1e9931b165d-67ccd6da1db4fcb914e8e88fa9cfbaded7b68f26&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-10%2007%3A31%3A11&sap=ku&q=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-9 89600]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-5-5 517632]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
    R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
    R2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-2-2 204800]
    R2 prmJobSvJSDB;Primavera P6 Job Service (JSDB);C:\Oracle\Primavera Common\JobService\prmJobSvJSDB.exe [2011-10-11 2620816]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-9-13 308592]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-8 2533400]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
    S3 ATTRcAppSvc;AT&T RcAppSvc;"C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-7 1025352]
    S3 CAATT;AT&T Con App Svc;"C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" --> C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\system32\DRIVERS\swiwdmbusx64.sys --> C:\Windows\system32\DRIVERS\swiwdmbusx64.sys [?]
    S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\Windows\system32\DRIVERS\swnc8u56.sys --> C:\Windows\system32\DRIVERS\swnc8u56.sys [?]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
    S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\Windows\system32\DRIVERS\swumx56.sys --> C:\Windows\system32\DRIVERS\swumx56.sys [?]
    S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-19 15:43:30 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-14 22:20:07 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 22:20:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 22:20:06 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 11:09:48 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 11:09:46 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 11:09:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 11:09:07 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 11:09:07 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 11:09:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-14 11:09:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 11:09:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 11:09:06 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 11:09:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-07 16:42:12 -------- d-----w- C:\Users\Scott\.swt
    .
    ==================== Find3M ====================
    .
    2012-03-06 22:50:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 12:51:38.36 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/2/2011 6:57:25 PM
    System Uptime: 3/19/2012 11:14:16 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 147C
    Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz | CPU | 2667/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 444 GiB total, 296.38 GiB free.
    D: is FIXED (NTFS) - 22 GiB total, 3.184 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 932 GiB total, 791.892 GiB free.
    H: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP135: 1/29/2012 5:50:08 AM - Scheduled Checkpoint
    RP136: 2/3/2012 1:27:24 PM - Installed AutoCAD 2008 - English
    RP137: 2/14/2012 11:38:06 AM - Scheduled Checkpoint
    RP138: 2/15/2012 5:31:05 PM - Windows Update
    RP139: 2/17/2012 6:33:45 AM - Installed Windows Media Player Firefox Plugin
    RP140: 2/24/2012 10:09:26 AM - Scheduled Checkpoint
    RP141: 3/5/2012 7:30:30 AM - Scheduled Checkpoint
    RP142: 3/14/2012 5:17:19 PM - Windows Update
    RP143: 3/19/2012 10:25:07 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    AT&T Communication Manager
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Build-a-lot 2
    Chuzzle Deluxe
    CinemaNow Media Manager
    Contents
    Corel PaintShop Photo Pro X3
    Corel VideoStudio Pro X3
    CyberLink DVD Suite
    D3DX10
    DAS Trader Pro 2.4.0.2
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeviceIO
    DHTML Editing Component
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FATE
    Final Drive Nitro
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GPL Ghostscript Lite 8.70
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Power Manager
    HP Setup
    HP Software Framework
    HP Support Assistant
    Hulu Desktop
    ICA
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    IPM_PSP_Pro
    IPM_VS_Pro
    ISCOM
    Java Auto Updater
    Java(TM) 6 Update 24
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    Malwarebytes Anti-Malware version 1.60.1.1000
    Memeo Instant Backup
    Mesh Runtime
    Messenger Companion
    Microsoft InfoPath 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office InfoPath 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NEC Electronics USB 3.0 Host Controller Driver
    Nokia Connectivity Adapter Cable DKU-5
    Norton Online Backup
    Oracle Data Provider for .NET Help
    Oracle Database 10g Express Edition
    Penguins!
    PhotoJoy
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    Primavera P6 v7.0 Service Pack 3
    PSPPContent
    PSPPRO_DCRAW
    PureHD
    Quick PDF Converter v4.1
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Recovery Manager
    Roxio CinemaNow 2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Setup
    Share
    thinkorswim
    Times Reader
    TrueSwitch Wizard EC
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VIO
    Virtual Families
    Virtual Villagers - The Secret City
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    Visual C++ 8.0 MFC (x86) WinSXS MSM
    Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
    Visual Studio 2008 x64 Redistributables
    VSClassic
    VSPro
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    Xtend
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/19/2012 8:40:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    3/19/2012 8:31:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    3/13/2012 1:15:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    3/12/2012 3:41:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. rajela

    rajela TS Rookie Topic Starter Posts: 29

    The latest Reports.............computer is running OK but still will not boot up on restart ..has to have a hard boot to start.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 06:23:20
    -----------------------------
    06:23:20.229 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:23:20.229 Number of processors: 4 586 0x2505
    06:23:20.229 ComputerName: SCOTT-HP UserName: Scott
    06:24:00.368 Initialize success
    06:25:43.701 AVAST engine defs: 12031700
    06:26:17.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:26:17.448 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
    06:26:17.450 Device \Driver\iaStor -> MajorFunction fffffa8008cec5c4
    06:26:17.452 Disk 0 MBR read successfully
    06:26:17.454 Disk 0 MBR scan
    06:26:17.458 Disk 0 unknown MBR code
    06:26:17.481 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    06:26:17.510 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454267 MB offset 409600
    06:26:17.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22369 MB offset 930748416
    06:26:17.599 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    06:26:17.669 Disk 0 scanning C:\Windows\system32\drivers
    06:26:39.484 Service scanning
    06:27:33.426 Modules scanning
    06:27:33.426 Disk 0 trace - called modules:
    06:27:33.426 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8008cec5c4]<<
    06:27:33.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b19060]
    06:27:33.442 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800697fb10]
    06:27:33.442 5 hpdskflt.sys[fffff88001bf2289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006828050]
    06:27:33.457 \Driver\iaStor[0xfffffa80069e5c80] -> IRP_MJ_CREATE -> 0xfffffa8008cec5c4
    06:27:46.686 AVAST engine scan C:\Windows
    06:27:55.921 AVAST engine scan C:\Windows\system32
    06:34:31.244 AVAST engine scan C:\Windows\system32\drivers
    06:35:06.554 AVAST engine scan C:\Users\Scott
    07:05:11.904 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\83A.tmp **INFECTED** Win32:MalOb-GS [Cryp]
    07:05:12.231 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\A12E.tmp **INFECTED** Win32:MalOb-GS [Cryp]
    07:05:12.309 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\A17C.tmp **INFECTED** Win32:FakeAV-CGW [Trj]
    07:05:13.323 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\AE19.tmp **INFECTED** Win32:MalOb-GS [Cryp]
    07:05:13.729 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\BF43.tmp **INFECTED** Win32:Zboter-C [Spy]
    07:05:14.509 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\F601.tmp **INFECTED** Win32:MalOb-GS [Cryp]
    07:05:15.320 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\jar_cache1798433335253505500.tmp **INFECTED** Win32:MalOb-GR [Cryp]
    07:05:15.648 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\AppData\Local\Temp\jar_cache4608462554629569981.tmp **INFECTED** Win32:Renosa-M [Wrm]
    07:10:16.682 File: C:\Users\Scott\Documents\Gateway Stuff\Backup\Setzer\Documents\Documents From Gateway Computer\Scotts Pics\Google Updater.exe **INFECTED** Win32:Malware-gen
    07:28:16.791 AVAST engine scan C:\ProgramData
    07:37:38.176 Scan finished successfully
    07:39:24.493 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
    07:39:24.493 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR Report.txt"




    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. rajela

    rajela TS Rookie Topic Starter Posts: 29

    The computer still appears to be running slower then it had in the past but getting better. It did reboot on the restart after I ran this scan......I also wanted to let you know that I run Mozilla and I had to change the cookie settings a few days ago because a download needed it and now I can't remember what to set it back to. I changed it back to what I thought it was and now I have to log in to all my emails and stuff every time. So when we finish cleaning up I will need some assistance on getting my Mozilla setting back to where they need to be.




    06:08:15.0667 1284 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
    06:08:16.0119 1284 ============================================================
    06:08:16.0119 1284 Current date / time: 2012/03/21 06:08:16.0119
    06:08:16.0119 1284 SystemInfo:
    06:08:16.0119 1284
    06:08:16.0119 1284 OS Version: 6.1.7601 ServicePack: 1.0
    06:08:16.0119 1284 Product type: Workstation
    06:08:16.0119 1284 ComputerName: SCOTT-HP
    06:08:16.0119 1284 UserName: Scott
    06:08:16.0119 1284 Windows directory: C:\Windows
    06:08:16.0119 1284 System windows directory: C:\Windows
    06:08:16.0119 1284 Running under WOW64
    06:08:16.0119 1284 Processor architecture: Intel x64
    06:08:16.0119 1284 Number of processors: 4
    06:08:16.0119 1284 Page size: 0x1000
    06:08:16.0119 1284 Boot type: Normal boot
    06:08:16.0119 1284 ============================================================
    06:08:16.0891 1284 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    06:08:16.0895 1284 Drive \Device\Harddisk1\DR1 - Size: 0xEEDA0000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    06:08:16.0897 1284 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    06:08:16.0911 1284 \Device\Harddisk0\DR0:
    06:08:16.0913 1284 MBR used
    06:08:16.0913 1284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    06:08:16.0913 1284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3773D800
    06:08:16.0913 1284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x377A1800, BlocksNum 0x2BB0800
    06:08:16.0913 1284 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    06:08:16.0913 1284 \Device\Harddisk1\DR1:
    06:08:16.0914 1284 MBR used
    06:08:16.0914 1284 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774D80
    06:08:16.0914 1284 \Device\Harddisk2\DR2:
    06:08:16.0921 1284 MBR used
    06:08:16.0921 1284 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    06:08:17.0130 1284 Initialize success
    06:08:17.0130 1284 ============================================================
    06:08:20.0742 6572 ============================================================
    06:08:20.0742 6572 Scan started
    06:08:20.0742 6572 Mode: Manual;
    06:08:20.0742 6572 ============================================================
    06:08:23.0257 6572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    06:08:23.0262 6572 1394ohci - ok
    06:08:23.0345 6572 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
    06:08:23.0345 6572 Accelerometer - ok
    06:08:23.0429 6572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    06:08:23.0434 6572 ACPI - ok
    06:08:23.0463 6572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    06:08:23.0466 6572 AcpiPmi - ok
    06:08:23.0596 6572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    06:08:23.0604 6572 adp94xx - ok
    06:08:23.0637 6572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    06:08:23.0644 6572 adpahci - ok
    06:08:23.0681 6572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    06:08:23.0686 6572 adpu320 - ok
    06:08:23.0824 6572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    06:08:23.0831 6572 AFD - ok
    06:08:24.0213 6572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    06:08:24.0216 6572 agp440 - ok
    06:08:24.0285 6572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    06:08:24.0288 6572 aliide - ok
    06:08:24.0472 6572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    06:08:24.0477 6572 amdide - ok
    06:08:24.0624 6572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    06:08:24.0631 6572 AmdK8 - ok
    06:08:24.0778 6572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    06:08:24.0781 6572 AmdPPM - ok
    06:08:24.0987 6572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    06:08:24.0991 6572 amdsata - ok
    06:08:25.0154 6572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    06:08:25.0159 6572 amdsbs - ok
    06:08:25.0304 6572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    06:08:25.0305 6572 amdxata - ok
    06:08:25.0540 6572 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
    06:08:25.0570 6572 AMPPAL - ok
    06:08:25.0678 6572 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
    06:08:25.0680 6572 AMPPALP - ok
    06:08:25.0965 6572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    06:08:25.0971 6572 AppID - ok
    06:08:26.0207 6572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    06:08:26.0210 6572 arc - ok
    06:08:26.0338 6572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    06:08:26.0341 6572 arcsas - ok
    06:08:26.0505 6572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    06:08:26.0508 6572 AsyncMac - ok
    06:08:26.0665 6572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    06:08:26.0665 6572 atapi - ok
    06:08:26.0872 6572 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    06:08:26.0873 6572 AVGIDSDriver - ok
    06:08:27.0069 6572 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    06:08:27.0070 6572 AVGIDSEH - ok
    06:08:27.0132 6572 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    06:08:27.0133 6572 AVGIDSFilter - ok
    06:08:27.0361 6572 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    06:08:27.0363 6572 Avgldx64 - ok
    06:08:27.0537 6572 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    06:08:27.0538 6572 Avgmfx64 - ok
    06:08:27.0692 6572 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    06:08:27.0692 6572 Avgrkx64 - ok
    06:08:27.0881 6572 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    06:08:27.0883 6572 Avgtdia - ok
    06:08:28.0165 6572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    06:08:28.0171 6572 b06bdrv - ok
    06:08:28.0329 6572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    06:08:28.0334 6572 b57nd60a - ok
    06:08:28.0538 6572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    06:08:28.0541 6572 Beep - ok
    06:08:28.0846 6572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    06:08:28.0849 6572 blbdrive - ok
    06:08:29.0093 6572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    06:08:29.0098 6572 bowser - ok
    06:08:29.0264 6572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    06:08:29.0267 6572 BrFiltLo - ok
    06:08:29.0427 6572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    06:08:29.0429 6572 BrFiltUp - ok
    06:08:29.0676 6572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    06:08:29.0708 6572 Brserid - ok
    06:08:29.0837 6572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    06:08:29.0840 6572 BrSerWdm - ok
    06:08:29.0954 6572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    06:08:29.0959 6572 BrUsbMdm - ok
    06:08:30.0043 6572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    06:08:30.0050 6572 BrUsbSer - ok
    06:08:30.0138 6572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    06:08:30.0145 6572 BTHMODEM - ok
    06:08:30.0382 6572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    06:08:30.0386 6572 cdfs - ok
    06:08:30.0605 6572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    06:08:30.0609 6572 cdrom - ok
    06:08:30.0856 6572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    06:08:30.0861 6572 circlass - ok
    06:08:31.0045 6572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    06:08:31.0076 6572 CLFS - ok
    06:08:31.0502 6572 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
    06:08:31.0503 6572 clwvd - ok
    06:08:31.0694 6572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    06:08:31.0697 6572 CmBatt - ok
    06:08:31.0925 6572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    06:08:31.0928 6572 cmdide - ok
    06:08:32.0128 6572 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    06:08:32.0136 6572 CNG - ok
    06:08:32.0742 6572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    06:08:32.0743 6572 Compbatt - ok
    06:08:33.0036 6572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    06:08:33.0042 6572 CompositeBus - ok
    06:08:33.0312 6572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    06:08:33.0315 6572 crcdisk - ok
    06:08:34.0059 6572 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    06:08:34.0066 6572 CSC - ok
    06:08:34.0365 6572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    06:08:34.0371 6572 DfsC - ok
    06:08:35.0607 6572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    06:08:35.0608 6572 discache - ok
    06:08:36.0164 6572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    06:08:36.0170 6572 Disk - ok
    06:08:37.0687 6572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    06:08:37.0690 6572 drmkaud - ok
    06:08:37.0951 6572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    06:08:37.0958 6572 DXGKrnl - ok
    06:08:38.0427 6572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    06:08:38.0511 6572 ebdrv - ok
    06:08:39.0153 6572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    06:08:39.0178 6572 elxstor - ok
    06:08:39.0379 6572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    06:08:39.0383 6572 ErrDev - ok
    06:08:40.0154 6572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    06:08:40.0162 6572 exfat - ok
    06:08:40.0214 6572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    06:08:40.0220 6572 fastfat - ok
    06:08:40.0306 6572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    06:08:40.0314 6572 fdc - ok
    06:08:40.0555 6572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    06:08:40.0561 6572 FileInfo - ok
    06:08:40.0704 6572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    06:08:40.0710 6572 Filetrace - ok
    06:08:40.0962 6572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    06:08:40.0968 6572 flpydisk - ok
    06:08:41.0296 6572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    06:08:41.0353 6572 FltMgr - ok
    06:08:41.0743 6572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    06:08:41.0745 6572 FsDepends - ok
    06:08:41.0893 6572 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    06:08:41.0898 6572 fssfltr - ok
    06:08:42.0006 6572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    06:08:42.0007 6572 Fs_Rec - ok
    06:08:42.0180 6572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    06:08:42.0186 6572 fvevol - ok
    06:08:42.0231 6572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    06:08:42.0234 6572 gagp30kx - ok
    06:08:42.0377 6572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    06:08:42.0378 6572 GEARAspiWDM - ok
    06:08:42.0492 6572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    06:08:42.0495 6572 hcw85cir - ok
    06:08:42.0898 6572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    06:08:42.0945 6572 HdAudAddService - ok
    06:08:43.0087 6572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    06:08:43.0094 6572 HDAudBus - ok
    06:08:43.0373 6572 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    06:08:43.0374 6572 HECIx64 - ok
    06:08:43.0480 6572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    06:08:43.0483 6572 HidBatt - ok
    06:08:43.0596 6572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    06:08:43.0601 6572 HidBth - ok
    06:08:43.0936 6572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    06:08:43.0939 6572 HidIr - ok
    06:08:44.0235 6572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    06:08:44.0237 6572 HidUsb - ok
    06:08:45.0077 6572 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    06:08:45.0077 6572 hpdskflt - ok
    06:08:45.0465 6572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    06:08:45.0469 6572 HpSAMD - ok
    06:08:46.0255 6572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    06:08:46.0279 6572 HTTP - ok
    06:08:46.0426 6572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    06:08:46.0426 6572 hwpolicy - ok
    06:08:46.0648 6572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    06:08:46.0652 6572 i8042prt - ok
    06:08:46.0950 6572 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
    06:08:46.0953 6572 iaStor - ok
    06:08:47.0249 6572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    06:08:47.0305 6572 iaStorV - ok
    06:08:48.0515 6572 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    06:08:48.0707 6572 igfx - ok
    06:08:49.0083 6572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    06:08:49.0086 6572 iirsp - ok
    06:08:49.0370 6572 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    06:08:49.0385 6572 Impcd - ok
    06:08:49.0737 6572 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    06:08:49.0743 6572 IntcDAud - ok
    06:08:49.0930 6572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    06:08:49.0936 6572 intelide - ok
    06:08:50.0028 6572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    06:08:50.0028 6572 intelppm - ok
    06:08:50.0128 6572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    06:08:50.0132 6572 IpFilterDriver - ok
    06:08:50.0190 6572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    06:08:50.0193 6572 IPMIDRV - ok
    06:08:50.0267 6572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    06:08:50.0270 6572 IPNAT - ok
    06:08:50.0337 6572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    06:08:50.0344 6572 IRENUM - ok
    06:08:50.0382 6572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    06:08:50.0384 6572 isapnp - ok
    06:08:50.0421 6572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    06:08:50.0425 6572 iScsiPrt - ok
    06:08:50.0446 6572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    06:08:50.0447 6572 kbdclass - ok
    06:08:50.0541 6572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    06:08:50.0544 6572 kbdhid - ok
    06:08:50.0697 6572 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    06:08:50.0700 6572 KSecDD - ok
    06:08:50.0726 6572 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    06:08:50.0729 6572 KSecPkg - ok
    06:08:50.0755 6572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    06:08:50.0757 6572 ksthunk - ok
    06:08:50.0841 6572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    06:08:50.0844 6572 lltdio - ok
    06:08:50.0935 6572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    06:08:50.0952 6572 LSI_FC - ok
    06:08:50.0998 6572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    06:08:51.0001 6572 LSI_SAS - ok
    06:08:51.0021 6572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    06:08:51.0024 6572 LSI_SAS2 - ok
    06:08:51.0041 6572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    06:08:51.0045 6572 LSI_SCSI - ok
    06:08:51.0070 6572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    06:08:51.0073 6572 luafv - ok
    06:08:51.0142 6572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    06:08:51.0146 6572 megasas - ok
    06:08:51.0166 6572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    06:08:51.0171 6572 MegaSR - ok
    06:08:51.0234 6572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    06:08:51.0237 6572 Modem - ok
    06:08:51.0305 6572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    06:08:51.0305 6572 monitor - ok
    06:08:51.0363 6572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    06:08:51.0364 6572 mouclass - ok
    06:08:51.0453 6572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    06:08:51.0455 6572 mouhid - ok
    06:08:51.0504 6572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    06:08:51.0506 6572 mountmgr - ok
    06:08:51.0544 6572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    06:08:51.0548 6572 mpio - ok
    06:08:51.0582 6572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    06:08:51.0584 6572 mpsdrv - ok
    06:08:51.0686 6572 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    06:08:51.0689 6572 MREMP50 - ok
    06:08:51.0744 6572 MREMP50a64 - ok
    06:08:51.0778 6572 MREMPR5 - ok
    06:08:51.0784 6572 MRENDIS5 - ok
    06:08:51.0816 6572 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    06:08:51.0819 6572 MRESP50 - ok
    06:08:51.0822 6572 MRESP50a64 - ok
    06:08:51.0919 6572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    06:08:51.0936 6572 MRxDAV - ok
    06:08:51.0982 6572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    06:08:51.0986 6572 mrxsmb - ok
    06:08:52.0031 6572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    06:08:52.0036 6572 mrxsmb10 - ok
    06:08:52.0058 6572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    06:08:52.0061 6572 mrxsmb20 - ok
    06:08:52.0086 6572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    06:08:52.0087 6572 msahci - ok
    06:08:52.0122 6572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    06:08:52.0127 6572 msdsm - ok
    06:08:52.0195 6572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    06:08:52.0197 6572 Msfs - ok
    06:08:52.0214 6572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    06:08:52.0216 6572 mshidkmdf - ok
    06:08:52.0244 6572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    06:08:52.0245 6572 msisadrv - ok
    06:08:52.0300 6572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    06:08:52.0303 6572 MSKSSRV - ok
    06:08:52.0373 6572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    06:08:52.0381 6572 MSPCLOCK - ok
    06:08:52.0410 6572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    06:08:52.0412 6572 MSPQM - ok
    06:08:52.0476 6572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    06:08:52.0481 6572 MsRPC - ok
    06:08:52.0533 6572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    06:08:52.0534 6572 mssmbios - ok
    06:08:52.0561 6572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    06:08:52.0563 6572 MSTEE - ok
    06:08:52.0593 6572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    06:08:52.0596 6572 MTConfig - ok
    06:08:52.0628 6572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    06:08:52.0629 6572 Mup - ok
    06:08:52.0778 6572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    06:08:52.0795 6572 NativeWifiP - ok
    06:08:52.0908 6572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    06:08:52.0919 6572 NDIS - ok
    06:08:52.0952 6572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    06:08:52.0954 6572 NdisCap - ok
    06:08:53.0098 6572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    06:08:53.0103 6572 NdisTapi - ok
    06:08:53.0210 6572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    06:08:53.0217 6572 Ndisuio - ok
    06:08:53.0284 6572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    06:08:53.0287 6572 NdisWan - ok
    06:08:53.0341 6572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    06:08:53.0343 6572 NDProxy - ok
    06:08:53.0410 6572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    06:08:53.0412 6572 NetBIOS - ok
    06:08:53.0551 6572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    06:08:53.0557 6572 NetBT - ok
    06:08:53.0937 6572 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
    06:08:54.0056 6572 NETw5s64 - ok
    06:08:54.0332 6572 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    06:08:54.0416 6572 netw5v64 - ok
    06:08:54.0646 6572 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
    06:08:54.0766 6572 NETwNs64 - ok
    06:08:54.0854 6572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    06:08:54.0856 6572 nfrd960 - ok
    06:08:54.0934 6572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    06:08:54.0936 6572 Npfs - ok
    06:08:54.0966 6572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    06:08:54.0967 6572 nsiproxy - ok
    06:08:55.0022 6572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    06:08:55.0051 6572 Ntfs - ok
    06:08:55.0075 6572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    06:08:55.0077 6572 Null - ok
    06:08:55.0156 6572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    06:08:55.0160 6572 nvraid - ok
    06:08:55.0217 6572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    06:08:55.0222 6572 nvstor - ok
    06:08:55.0268 6572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    06:08:55.0271 6572 nv_agp - ok
    06:08:55.0299 6572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    06:08:55.0302 6572 ohci1394 - ok
    06:08:55.0391 6572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    06:08:55.0395 6572 Parport - ok
    06:08:55.0448 6572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    06:08:55.0450 6572 partmgr - ok
    06:08:55.0474 6572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    06:08:55.0477 6572 pci - ok
    06:08:55.0502 6572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    06:08:55.0504 6572 pciide - ok
    06:08:55.0540 6572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    06:08:55.0546 6572 pcmcia - ok
    06:08:55.0583 6572 PCTINDIS5X64 - ok
    06:08:55.0642 6572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    06:08:55.0643 6572 pcw - ok
    06:08:55.0669 6572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    06:08:55.0685 6572 PEAUTH - ok
    06:08:55.0796 6572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    06:08:55.0798 6572 PptpMiniport - ok
    06:08:55.0887 6572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    06:08:55.0889 6572 Processor - ok
    06:08:55.0970 6572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    06:08:55.0973 6572 Psched - ok
    06:08:56.0074 6572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    06:08:56.0102 6572 ql2300 - ok
    06:08:56.0129 6572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    06:08:56.0132 6572 ql40xx - ok
    06:08:56.0180 6572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    06:08:56.0182 6572 QWAVEdrv - ok
    06:08:56.0199 6572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    06:08:56.0201 6572 RasAcd - ok
    06:08:56.0252 6572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    06:08:56.0254 6572 RasAgileVpn - ok
    06:08:56.0315 6572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    06:08:56.0318 6572 Rasl2tp - ok
    06:08:56.0404 6572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    06:08:56.0407 6572 RasPppoe - ok
    06:08:56.0474 6572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    06:08:56.0477 6572 RasSstp - ok
    06:08:56.0524 6572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    06:08:56.0529 6572 rdbss - ok
    06:08:56.0543 6572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    06:08:56.0545 6572 rdpbus - ok
    06:08:56.0566 6572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    06:08:56.0566 6572 RDPCDD - ok
    06:08:56.0614 6572 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    06:08:56.0618 6572 RDPDR - ok
    06:08:56.0630 6572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    06:08:56.0631 6572 RDPENCDD - ok
    06:08:56.0662 6572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    06:08:56.0663 6572 RDPREFMP - ok
    06:08:56.0708 6572 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    06:08:56.0712 6572 RDPWD - ok
    06:08:56.0812 6572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    06:08:56.0816 6572 rdyboost - ok
    06:08:56.0913 6572 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    06:08:56.0916 6572 RimVSerPort - ok
    06:08:56.0941 6572 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    06:08:56.0943 6572 ROOTMODEM - ok
    06:08:57.0043 6572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    06:08:57.0046 6572 rspndr - ok
    06:08:57.0076 6572 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
    06:08:57.0082 6572 RSUSBSTOR - ok
    06:08:57.0132 6572 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    06:08:57.0146 6572 RTL8167 - ok
    06:08:57.0173 6572 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    06:08:57.0176 6572 s3cap - ok
    06:08:57.0197 6572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    06:08:57.0200 6572 sbp2port - ok
    06:08:57.0244 6572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    06:08:57.0246 6572 scfilter - ok
    06:08:57.0295 6572 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    06:08:57.0298 6572 sdbus - ok
    06:08:57.0391 6572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    06:08:57.0394 6572 secdrv - ok
    06:08:57.0463 6572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    06:08:57.0466 6572 Serenum - ok
    06:08:57.0504 6572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    06:08:57.0508 6572 Serial - ok
    06:08:57.0538 6572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    06:08:57.0541 6572 sermouse - ok
    06:08:57.0584 6572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    06:08:57.0587 6572 sffdisk - ok
    06:08:57.0607 6572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    06:08:57.0610 6572 sffp_mmc - ok
    06:08:57.0630 6572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    06:08:57.0632 6572 sffp_sd - ok
    06:08:57.0668 6572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    06:08:57.0671 6572 sfloppy - ok
    06:08:57.0756 6572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    06:08:57.0759 6572 SiSRaid2 - ok
    06:08:57.0794 6572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    06:08:57.0796 6572 SiSRaid4 - ok
    06:08:57.0814 6572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    06:08:57.0818 6572 Smb - ok
    06:08:57.0892 6572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    06:08:57.0892 6572 spldr - ok
    06:08:57.0984 6572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    06:08:57.0991 6572 srv - ok
    06:08:58.0037 6572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    06:08:58.0044 6572 srv2 - ok
    06:08:58.0110 6572 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    06:08:58.0116 6572 SrvHsfHDA - ok
    06:08:58.0161 6572 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    06:08:58.0187 6572 SrvHsfV92 - ok
    06:08:58.0219 6572 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    06:08:58.0235 6572 SrvHsfWinac - ok
    06:08:58.0281 6572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    06:08:58.0285 6572 srvnet - ok
    06:08:58.0360 6572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    06:08:58.0363 6572 stexstor - ok
    06:08:58.0444 6572 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
    06:08:58.0451 6572 STHDA - ok
    06:08:58.0519 6572 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    06:08:58.0520 6572 storflt - ok
    06:08:58.0546 6572 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    06:08:58.0549 6572 storvsc - ok
    06:08:58.0604 6572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    06:08:58.0605 6572 swenum - ok
    06:08:58.0678 6572 swiwdmbus (c89ffa6a0b7723f2fb72a734934a4425) C:\Windows\system32\DRIVERS\swiwdmbusx64.sys
    06:08:58.0682 6572 swiwdmbus - ok
    06:08:58.0771 6572 swmsflt (1c4ebd3e6cce53586d58473524d54e50) C:\Windows\System32\drivers\swmsflt.sys
    06:08:58.0774 6572 swmsflt - ok
    06:08:58.0805 6572 SWNC8U56 (c2ad3936249199c9d8187dcdea17ac25) C:\Windows\system32\DRIVERS\swnc8u56.sys
    06:08:58.0809 6572 SWNC8U56 - ok
    06:08:58.0937 6572 SWNC8UA3 (ee03ef452ee06ed2539e2f80959144af) C:\Windows\system32\DRIVERS\swnc8ua3.sys
    06:08:58.0942 6572 SWNC8UA3 - ok
    06:08:58.0979 6572 SWUMX56 (cc97ec73094cf0f47cd89aafba6d26f1) C:\Windows\system32\DRIVERS\swumx56.sys
    06:08:58.0982 6572 SWUMX56 - ok
    06:08:59.0072 6572 SWUMXA3 (f6ceb2ff475265197d4407e87ff68701) C:\Windows\system32\DRIVERS\swumxa3.sys
    06:08:59.0077 6572 SWUMXA3 - ok
    06:08:59.0200 6572 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
    06:08:59.0207 6572 SynTP - ok
    06:08:59.0327 6572 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    06:08:59.0362 6572 Tcpip - ok
    06:08:59.0410 6572 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    06:08:59.0418 6572 TCPIP6 - ok
    06:08:59.0478 6572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    06:08:59.0484 6572 tcpipreg - ok
    06:08:59.0570 6572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    06:08:59.0573 6572 TDPIPE - ok
    06:08:59.0625 6572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    06:08:59.0628 6572 TDTCP - ok
    06:08:59.0713 6572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    06:08:59.0716 6572 tdx - ok
    06:08:59.0741 6572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    06:08:59.0742 6572 TermDD - ok
    06:08:59.0828 6572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    06:08:59.0830 6572 tssecsrv - ok
    06:08:59.0890 6572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    06:08:59.0892 6572 TsUsbFlt - ok
    06:08:59.0969 6572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    06:08:59.0972 6572 tunnel - ok
    06:09:00.0007 6572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    06:09:00.0011 6572 uagp35 - ok
    06:09:00.0075 6572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    06:09:00.0080 6572 udfs - ok
    06:09:00.0106 6572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    06:09:00.0109 6572 uliagpkx - ok
    06:09:00.0143 6572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    06:09:00.0146 6572 umbus - ok
    06:09:00.0175 6572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    06:09:00.0178 6572 UmPass - ok
    06:09:00.0235 6572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    06:09:00.0238 6572 usbccgp - ok
    06:09:00.0319 6572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    06:09:00.0322 6572 usbcir - ok
    06:09:00.0343 6572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    06:09:00.0345 6572 usbehci - ok
    06:09:00.0416 6572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    06:09:00.0422 6572 usbhub - ok
    06:09:00.0443 6572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    06:09:00.0452 6572 usbohci - ok
    06:09:00.0484 6572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    06:09:00.0488 6572 usbprint - ok
    06:09:00.0512 6572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    06:09:00.0515 6572 USBSTOR - ok
    06:09:00.0552 6572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    06:09:00.0555 6572 usbuhci - ok
    06:09:00.0627 6572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    06:09:00.0631 6572 usbvideo - ok
    06:09:00.0702 6572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    06:09:00.0703 6572 vdrvroot - ok
    06:09:00.0745 6572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    06:09:00.0748 6572 vga - ok
    06:09:00.0771 6572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    06:09:00.0773 6572 VgaSave - ok
    06:09:00.0812 6572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    06:09:00.0816 6572 vhdmp - ok
    06:09:00.0836 6572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    06:09:00.0839 6572 viaide - ok
    06:09:00.0875 6572 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    06:09:00.0878 6572 vmbus - ok
    06:09:00.0926 6572 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    06:09:00.0928 6572 VMBusHID - ok
    06:09:00.0962 6572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    06:09:00.0964 6572 volmgr - ok
    06:09:01.0023 6572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    06:09:01.0029 6572 volmgrx - ok
    06:09:01.0062 6572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    06:09:01.0066 6572 volsnap - ok
    06:09:01.0138 6572 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
    06:09:01.0139 6572 vpcbus - ok
    06:09:01.0221 6572 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    06:09:01.0223 6572 vpcnfltr - ok
    06:09:01.0243 6572 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
    06:09:01.0246 6572 vpcusb - ok
    06:09:01.0338 6572 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
    06:09:01.0342 6572 vpcuxd - ok
    06:09:01.0406 6572 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
    06:09:01.0408 6572 vpcvmm - ok
    06:09:01.0468 6572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    06:09:01.0472 6572 vsmraid - ok
    06:09:01.0548 6572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    06:09:01.0550 6572 vwifibus - ok
    06:09:01.0573 6572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    06:09:01.0575 6572 vwififlt - ok
    06:09:01.0590 6572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    06:09:01.0592 6572 vwifimp - ok
    06:09:01.0626 6572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    06:09:01.0628 6572 WacomPen - ok
    06:09:01.0712 6572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    06:09:01.0714 6572 WANARP - ok
    06:09:01.0718 6572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    06:09:01.0719 6572 Wanarpv6 - ok
    06:09:01.0755 6572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    06:09:01.0756 6572 Wd - ok
    06:09:01.0785 6572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    06:09:01.0802 6572 Wdf01000 - ok
    06:09:01.0868 6572 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
    06:09:01.0869 6572 wdkmd - ok
    06:09:01.0937 6572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    06:09:01.0939 6572 WfpLwf - ok
    06:09:01.0955 6572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    06:09:01.0957 6572 WIMMount - ok
    06:09:02.0043 6572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    06:09:02.0044 6572 WmiAcpi - ok
    06:09:02.0122 6572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    06:09:02.0124 6572 ws2ifsl - ok
    06:09:02.0195 6572 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    06:09:02.0197 6572 WSDPrintDevice - ok
    06:09:02.0218 6572 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
    06:09:02.0221 6572 WSDScan - ok
    06:09:02.0263 6572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    06:09:02.0266 6572 WudfPf - ok
    06:09:02.0287 6572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    06:09:02.0291 6572 WUDFRd - ok
    06:09:02.0324 6572 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    06:09:02.0331 6572 yukonw7 - ok
    06:09:02.0359 6572 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
    06:09:02.0385 6572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    06:09:02.0385 6572 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    06:09:02.0390 6572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    06:09:02.0395 6572 \Device\Harddisk1\DR1 - ok
    06:09:02.0400 6572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
    06:09:03.0111 6572 \Device\Harddisk2\DR2 - ok
    06:09:03.0118 6572 Boot (0x1200) (b5c9280d6958872fd35b499144833657) \Device\Harddisk0\DR0\Partition0
    06:09:03.0120 6572 \Device\Harddisk0\DR0\Partition0 - ok
    06:09:03.0130 6572 Boot (0x1200) (1c62aefd76da3fc001832bc3e3012d20) \Device\Harddisk0\DR0\Partition1
    06:09:03.0132 6572 \Device\Harddisk0\DR0\Partition1 - ok
    06:09:03.0166 6572 Boot (0x1200) (35568a0780874f386704865153994439) \Device\Harddisk0\DR0\Partition2
    06:09:03.0168 6572 \Device\Harddisk0\DR0\Partition2 - ok
    06:09:03.0186 6572 Boot (0x1200) (49b32f63a52769d74bc4779134e6e549) \Device\Harddisk0\DR0\Partition3
    06:09:03.0188 6572 \Device\Harddisk0\DR0\Partition3 - ok
    06:09:03.0191 6572 Boot (0x1200) (c80610f65e3fac6ae517128eba9d4958) \Device\Harddisk1\DR1\Partition0
    06:09:03.0192 6572 \Device\Harddisk1\DR1\Partition0 - ok
    06:09:03.0196 6572 Boot (0x1200) (6e792717c4ce7635a1abbb5422431258) \Device\Harddisk2\DR2\Partition0
    06:09:03.0199 6572 \Device\Harddisk2\DR2\Partition0 - ok
    06:09:03.0199 6572 ============================================================
    06:09:03.0199 6572 Scan finished
    06:09:03.0199 6572 ============================================================
    06:09:03.0208 5484 Detected object count: 1
    06:09:03.0208 5484 Actual detected object count: 1
    06:09:21.0741 5484 \Device\Harddisk0\DR0\# - copied to quarantine
    06:09:21.0741 5484 \Device\Harddisk0\DR0 - copied to quarantine
    06:09:21.0861 5484 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    06:09:21.0900 5484 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    06:09:21.0931 5484 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    06:09:21.0947 5484 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    06:09:21.0956 5484 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    06:09:21.0966 5484 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    06:09:21.0969 5484 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    06:09:21.0974 5484 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    06:09:21.0979 5484 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    06:09:21.0985 5484 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    06:09:21.0989 5484 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    06:09:21.0991 5484 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    06:09:22.0025 5484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    06:09:22.0026 5484 \Device\Harddisk0\DR0 - ok
    06:09:22.0366 5484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    06:09:30.0965 4636 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please re-run TDSSKiller one more time.
     
  7. rajela

    rajela TS Rookie Topic Starter Posts: 29

    I re-ran the TDSSKiller and it did not ask for a reboot......



    11:27:42.0140 7056 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
    11:27:42.0748 7056 ============================================================
    11:27:42.0748 7056 Current date / time: 2012/03/21 11:27:42.0748
    11:27:42.0748 7056 SystemInfo:
    11:27:42.0748 7056
    11:27:42.0748 7056 OS Version: 6.1.7601 ServicePack: 1.0
    11:27:42.0748 7056 Product type: Workstation
    11:27:42.0748 7056 ComputerName: SCOTT-HP
    11:27:42.0748 7056 UserName: Scott
    11:27:42.0748 7056 Windows directory: C:\Windows
    11:27:42.0748 7056 System windows directory: C:\Windows
    11:27:42.0748 7056 Running under WOW64
    11:27:42.0748 7056 Processor architecture: Intel x64
    11:27:42.0748 7056 Number of processors: 4
    11:27:42.0748 7056 Page size: 0x1000
    11:27:42.0748 7056 Boot type: Normal boot
    11:27:42.0748 7056 ============================================================
    11:27:43.0783 7056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:27:43.0788 7056 Drive \Device\Harddisk1\DR1 - Size: 0xEEDA0000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:27:43.0790 7056 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:27:48.0528 7056 \Device\Harddisk0\DR0:
    11:27:48.0528 7056 MBR used
    11:27:48.0528 7056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    11:27:48.0528 7056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3773D800
    11:27:48.0528 7056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x377A1800, BlocksNum 0x2BB0800
    11:27:48.0528 7056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    11:27:48.0528 7056 \Device\Harddisk1\DR1:
    11:27:48.0529 7056 MBR used
    11:27:48.0529 7056 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774D80
    11:27:48.0529 7056 \Device\Harddisk2\DR2:
    11:27:48.0529 7056 MBR used
    11:27:48.0529 7056 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    11:27:48.0771 7056 Initialize success
    11:27:48.0771 7056 ============================================================
    11:27:50.0157 5536 ============================================================
    11:27:50.0157 5536 Scan started
    11:27:50.0157 5536 Mode: Manual;
    11:27:50.0157 5536 ============================================================
    11:27:51.0492 5536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:27:51.0509 5536 1394ohci - ok
    11:27:51.0539 5536 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
    11:27:51.0547 5536 Accelerometer - ok
    11:27:51.0582 5536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:27:51.0587 5536 ACPI - ok
    11:27:51.0616 5536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:27:51.0618 5536 AcpiPmi - ok
    11:27:51.0677 5536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:27:51.0692 5536 adp94xx - ok
    11:27:51.0756 5536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:27:51.0762 5536 adpahci - ok
    11:27:51.0801 5536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:27:51.0806 5536 adpu320 - ok
    11:27:51.0870 5536 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    11:27:51.0878 5536 AFD - ok
    11:27:51.0937 5536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:27:51.0940 5536 agp440 - ok
    11:27:51.0970 5536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:27:51.0972 5536 aliide - ok
    11:27:51.0990 5536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:27:51.0992 5536 amdide - ok
    11:27:52.0026 5536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:27:52.0029 5536 AmdK8 - ok
    11:27:52.0048 5536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:27:52.0052 5536 AmdPPM - ok
    11:27:52.0067 5536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:27:52.0070 5536 amdsata - ok
    11:27:52.0107 5536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:27:52.0119 5536 amdsbs - ok
    11:27:52.0137 5536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:27:52.0141 5536 amdxata - ok
    11:27:52.0206 5536 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
    11:27:52.0211 5536 AMPPAL - ok
    11:27:52.0236 5536 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
    11:27:52.0238 5536 AMPPALP - ok
    11:27:52.0304 5536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:27:52.0307 5536 AppID - ok
    11:27:52.0363 5536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:27:52.0366 5536 arc - ok
    11:27:52.0395 5536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:27:52.0398 5536 arcsas - ok
    11:27:52.0415 5536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:27:52.0417 5536 AsyncMac - ok
    11:27:52.0442 5536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:27:52.0444 5536 atapi - ok
    11:27:52.0509 5536 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:27:52.0518 5536 AVGIDSDriver - ok
    11:27:52.0565 5536 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:27:52.0576 5536 AVGIDSEH - ok
    11:27:52.0604 5536 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:27:52.0607 5536 AVGIDSFilter - ok
    11:27:52.0666 5536 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    11:27:52.0683 5536 Avgldx64 - ok
    11:27:52.0728 5536 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    11:27:52.0731 5536 Avgmfx64 - ok
    11:27:52.0768 5536 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    11:27:52.0770 5536 Avgrkx64 - ok
    11:27:52.0796 5536 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    11:27:52.0802 5536 Avgtdia - ok
    11:27:52.0869 5536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:27:52.0877 5536 b06bdrv - ok
    11:27:52.0918 5536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:27:52.0924 5536 b57nd60a - ok
    11:27:52.0962 5536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:27:52.0965 5536 Beep - ok
    11:27:52.0997 5536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:27:53.0000 5536 blbdrive - ok
    11:27:53.0038 5536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:27:53.0048 5536 bowser - ok
    11:27:53.0069 5536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:27:53.0071 5536 BrFiltLo - ok
    11:27:53.0099 5536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:27:53.0103 5536 BrFiltUp - ok
    11:27:53.0142 5536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:27:53.0147 5536 Brserid - ok
    11:27:53.0171 5536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:27:53.0174 5536 BrSerWdm - ok
    11:27:53.0189 5536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:27:53.0192 5536 BrUsbMdm - ok
    11:27:53.0213 5536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:27:53.0215 5536 BrUsbSer - ok
    11:27:53.0258 5536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:27:53.0261 5536 BTHMODEM - ok
    11:27:53.0340 5536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:27:53.0342 5536 cdfs - ok
    11:27:53.0395 5536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:27:53.0399 5536 cdrom - ok
    11:27:53.0464 5536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:27:53.0467 5536 circlass - ok
    11:27:53.0496 5536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:27:53.0502 5536 CLFS - ok
    11:27:53.0557 5536 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
    11:27:53.0569 5536 clwvd - ok
    11:27:53.0601 5536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:27:53.0604 5536 CmBatt - ok
    11:27:53.0634 5536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:27:53.0637 5536 cmdide - ok
    11:27:53.0673 5536 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    11:27:53.0680 5536 CNG - ok
    11:27:53.0717 5536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:27:53.0720 5536 Compbatt - ok
    11:27:53.0747 5536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:27:53.0749 5536 CompositeBus - ok
    11:27:53.0775 5536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:27:53.0777 5536 crcdisk - ok
    11:27:53.0832 5536 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    11:27:53.0839 5536 CSC - ok
    11:27:53.0904 5536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:27:53.0907 5536 DfsC - ok
    11:27:53.0950 5536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:27:53.0953 5536 discache - ok
    11:27:53.0996 5536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:27:53.0998 5536 Disk - ok
    11:27:54.0025 5536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:27:54.0027 5536 drmkaud - ok
    11:27:54.0075 5536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:27:54.0097 5536 DXGKrnl - ok
    11:27:54.0173 5536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:27:54.0228 5536 ebdrv - ok
    11:27:54.0270 5536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:27:54.0279 5536 elxstor - ok
    11:27:54.0306 5536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:27:54.0308 5536 ErrDev - ok
    11:27:54.0348 5536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:27:54.0352 5536 exfat - ok
    11:27:54.0374 5536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:27:54.0378 5536 fastfat - ok
    11:27:54.0417 5536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:27:54.0421 5536 fdc - ok
    11:27:54.0452 5536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:27:54.0453 5536 FileInfo - ok
    11:27:54.0476 5536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:27:54.0478 5536 Filetrace - ok
    11:27:54.0496 5536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:27:54.0499 5536 flpydisk - ok
    11:27:54.0532 5536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:27:54.0538 5536 FltMgr - ok
    11:27:54.0567 5536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:27:54.0571 5536 FsDepends - ok
    11:27:54.0610 5536 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    11:27:54.0625 5536 fssfltr - ok
    11:27:54.0657 5536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:27:54.0659 5536 Fs_Rec - ok
    11:27:54.0707 5536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:27:54.0711 5536 fvevol - ok
    11:27:54.0742 5536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:27:54.0744 5536 gagp30kx - ok
    11:27:54.0781 5536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:27:54.0791 5536 GEARAspiWDM - ok
    11:27:54.0829 5536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:27:54.0832 5536 hcw85cir - ok
    11:27:54.0872 5536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    11:27:54.0878 5536 HdAudAddService - ok
    11:27:54.0921 5536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:27:54.0925 5536 HDAudBus - ok
    11:27:54.0951 5536 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:27:54.0963 5536 HECIx64 - ok
    11:27:54.0992 5536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:27:54.0995 5536 HidBatt - ok
    11:27:55.0026 5536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:27:55.0029 5536 HidBth - ok
    11:27:55.0068 5536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:27:55.0073 5536 HidIr - ok
    11:27:55.0104 5536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:27:55.0106 5536 HidUsb - ok
    11:27:55.0169 5536 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    11:27:55.0172 5536 hpdskflt - ok
    11:27:55.0220 5536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:27:55.0223 5536 HpSAMD - ok
    11:27:55.0281 5536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:27:55.0298 5536 HTTP - ok
    11:27:55.0338 5536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:27:55.0340 5536 hwpolicy - ok
    11:27:55.0370 5536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:27:55.0374 5536 i8042prt - ok
    11:27:55.0417 5536 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
    11:27:55.0420 5536 iaStor - ok
    11:27:55.0452 5536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:27:55.0459 5536 iaStorV - ok
    11:27:55.0676 5536 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:27:55.0852 5536 igfx - ok
    11:27:55.0900 5536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:27:55.0902 5536 iirsp - ok
    11:27:55.0939 5536 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    11:27:55.0951 5536 Impcd - ok
    11:27:55.0992 5536 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:27:56.0006 5536 IntcDAud - ok
    11:27:56.0029 5536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:27:56.0031 5536 intelide - ok
    11:27:56.0069 5536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:27:56.0072 5536 intelppm - ok
    11:27:56.0121 5536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:27:56.0123 5536 IpFilterDriver - ok
    11:27:56.0157 5536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:27:56.0160 5536 IPMIDRV - ok
    11:27:56.0193 5536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:27:56.0196 5536 IPNAT - ok
    11:27:56.0230 5536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:27:56.0232 5536 IRENUM - ok
    11:27:56.0250 5536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:27:56.0253 5536 isapnp - ok
    11:27:56.0279 5536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:27:56.0284 5536 iScsiPrt - ok
    11:27:56.0306 5536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:27:56.0308 5536 kbdclass - ok
    11:27:56.0335 5536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:27:56.0338 5536 kbdhid - ok
    11:27:56.0376 5536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    11:27:56.0379 5536 KSecDD - ok
    11:27:56.0396 5536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:27:56.0400 5536 KSecPkg - ok
    11:27:56.0417 5536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:27:56.0419 5536 ksthunk - ok
    11:27:56.0453 5536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:27:56.0456 5536 lltdio - ok
    11:27:56.0515 5536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:27:56.0518 5536 LSI_FC - ok
    11:27:56.0545 5536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:27:56.0548 5536 LSI_SAS - ok
    11:27:56.0568 5536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:27:56.0570 5536 LSI_SAS2 - ok
    11:27:56.0588 5536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:27:56.0592 5536 LSI_SCSI - ok
    11:27:56.0617 5536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:27:56.0620 5536 luafv - ok
    11:27:56.0664 5536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:27:56.0666 5536 megasas - ok
    11:27:56.0695 5536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:27:56.0701 5536 MegaSR - ok
    11:27:56.0747 5536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:27:56.0750 5536 Modem - ok
    11:27:56.0785 5536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:27:56.0788 5536 monitor - ok
    11:27:56.0827 5536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    11:27:56.0829 5536 mouclass - ok
    11:27:56.0851 5536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:27:56.0853 5536 mouhid - ok
    11:27:56.0885 5536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:27:56.0888 5536 mountmgr - ok
    11:27:56.0917 5536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:27:56.0921 5536 mpio - ok
    11:27:56.0939 5536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:27:56.0942 5536 mpsdrv - ok
    11:27:56.0994 5536 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    11:27:57.0007 5536 MREMP50 - ok
    11:27:57.0052 5536 MREMP50a64 - ok
    11:27:57.0068 5536 MREMPR5 - ok
    11:27:57.0072 5536 MRENDIS5 - ok
    11:27:57.0096 5536 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    11:27:57.0098 5536 MRESP50 - ok
    11:27:57.0102 5536 MRESP50a64 - ok
    11:27:57.0137 5536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:27:57.0141 5536 MRxDAV - ok
    11:27:57.0173 5536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:27:57.0188 5536 mrxsmb - ok
    11:27:57.0223 5536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:27:57.0235 5536 mrxsmb10 - ok
    11:27:57.0258 5536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:27:57.0261 5536 mrxsmb20 - ok
    11:27:57.0287 5536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:27:57.0289 5536 msahci - ok
    11:27:57.0323 5536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:27:57.0327 5536 msdsm - ok
    11:27:57.0362 5536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:27:57.0364 5536 Msfs - ok
    11:27:57.0389 5536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:27:57.0392 5536 mshidkmdf - ok
    11:27:57.0411 5536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:27:57.0413 5536 msisadrv - ok
    11:27:57.0443 5536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:27:57.0445 5536 MSKSSRV - ok
    11:27:57.0482 5536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:27:57.0484 5536 MSPCLOCK - ok
    11:27:57.0501 5536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:27:57.0504 5536 MSPQM - ok
    11:27:57.0547 5536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:27:57.0553 5536 MsRPC - ok
    11:27:57.0568 5536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:27:57.0570 5536 mssmbios - ok
    11:27:57.0583 5536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:27:57.0585 5536 MSTEE - ok
    11:27:57.0612 5536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:27:57.0614 5536 MTConfig - ok
    11:27:57.0630 5536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:27:57.0632 5536 Mup - ok
    11:27:57.0698 5536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:27:57.0704 5536 NativeWifiP - ok
    11:27:57.0757 5536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:27:57.0780 5536 NDIS - ok
    11:27:57.0814 5536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:27:57.0817 5536 NdisCap - ok
    11:27:57.0844 5536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:27:57.0847 5536 NdisTapi - ok
    11:27:57.0891 5536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:27:57.0893 5536 Ndisuio - ok
    11:27:57.0923 5536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:27:57.0927 5536 NdisWan - ok
    11:27:57.0972 5536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:27:57.0975 5536 NDProxy - ok
    11:27:58.0016 5536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:27:58.0018 5536 NetBIOS - ok
    11:27:58.0050 5536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:27:58.0055 5536 NetBT - ok
    11:27:58.0217 5536 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
    11:27:58.0335 5536 NETw5s64 - ok
    11:27:58.0435 5536 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    11:27:58.0528 5536 netw5v64 - ok
    11:27:58.0862 5536 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
    11:27:59.0012 5536 NETwNs64 - ok
    11:27:59.0134 5536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:27:59.0136 5536 nfrd960 - ok
    11:27:59.0185 5536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:27:59.0193 5536 Npfs - ok
    11:27:59.0226 5536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:27:59.0228 5536 nsiproxy - ok
    11:27:59.0290 5536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:27:59.0317 5536 Ntfs - ok
    11:27:59.0343 5536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:27:59.0345 5536 Null - ok
    11:27:59.0382 5536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:27:59.0386 5536 nvraid - ok
    11:27:59.0422 5536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:27:59.0427 5536 nvstor - ok
    11:27:59.0465 5536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:27:59.0468 5536 nv_agp - ok
    11:27:59.0494 5536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:27:59.0497 5536 ohci1394 - ok
    11:27:59.0568 5536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:27:59.0572 5536 Parport - ok
    11:27:59.0608 5536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:27:59.0611 5536 partmgr - ok
    11:27:59.0634 5536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:27:59.0639 5536 pci - ok
    11:27:59.0662 5536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:27:59.0665 5536 pciide - ok
    11:27:59.0701 5536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:27:59.0705 5536 pcmcia - ok
    11:27:59.0714 5536 PCTINDIS5X64 - ok
    11:27:59.0736 5536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:27:59.0739 5536 pcw - ok
    11:27:59.0773 5536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:27:59.0788 5536 PEAUTH - ok
    11:27:59.0865 5536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:27:59.0868 5536 PptpMiniport - ok
    11:27:59.0924 5536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:27:59.0926 5536 Processor - ok
    11:27:59.0982 5536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:27:59.0990 5536 Psched - ok
    11:28:00.0028 5536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:28:00.0056 5536 ql2300 - ok
    11:28:00.0075 5536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:28:00.0079 5536 ql40xx - ok
    11:28:00.0101 5536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:28:00.0104 5536 QWAVEdrv - ok
    11:28:00.0121 5536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:28:00.0123 5536 RasAcd - ok
    11:28:00.0149 5536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:28:00.0152 5536 RasAgileVpn - ok
    11:28:00.0187 5536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:28:00.0190 5536 Rasl2tp - ok
    11:28:00.0218 5536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:28:00.0222 5536 RasPppoe - ok
    11:28:00.0248 5536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:28:00.0251 5536 RasSstp - ok
    11:28:00.0281 5536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:28:00.0287 5536 rdbss - ok
    11:28:00.0300 5536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:28:00.0303 5536 rdpbus - ok
    11:28:00.0323 5536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:28:00.0326 5536 RDPCDD - ok
    11:28:00.0363 5536 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    11:28:00.0367 5536 RDPDR - ok
    11:28:00.0398 5536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:28:00.0401 5536 RDPENCDD - ok
    11:28:00.0420 5536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:28:00.0422 5536 RDPREFMP - ok
    11:28:00.0457 5536 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    11:28:00.0461 5536 RDPWD - ok
    11:28:00.0495 5536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:28:00.0500 5536 rdyboost - ok
    11:28:00.0555 5536 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    11:28:00.0557 5536 RimVSerPort - ok
    11:28:00.0575 5536 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    11:28:00.0577 5536 ROOTMODEM - ok
    11:28:00.0619 5536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:28:00.0622 5536 rspndr - ok
    11:28:00.0652 5536 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
    11:28:00.0657 5536 RSUSBSTOR - ok
    11:28:00.0692 5536 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:28:00.0716 5536 RTL8167 - ok
    11:28:00.0741 5536 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    11:28:00.0743 5536 s3cap - ok
    11:28:00.0765 5536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:28:00.0768 5536 sbp2port - ok
    11:28:00.0803 5536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:28:00.0806 5536 scfilter - ok
    11:28:00.0854 5536 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    11:28:00.0857 5536 sdbus - ok
    11:28:00.0901 5536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:28:00.0904 5536 secdrv - ok
    11:28:00.0948 5536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:28:00.0951 5536 Serenum - ok
    11:28:00.0981 5536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:28:00.0985 5536 Serial - ok
    11:28:01.0015 5536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:28:01.0017 5536 sermouse - ok
    11:28:01.0061 5536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:28:01.0063 5536 sffdisk - ok
    11:28:01.0084 5536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:28:01.0086 5536 sffp_mmc - ok
    11:28:01.0106 5536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:28:01.0109 5536 sffp_sd - ok
    11:28:01.0145 5536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:28:01.0147 5536 sfloppy - ok
    11:28:01.0191 5536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:28:01.0194 5536 SiSRaid2 - ok
    11:28:01.0213 5536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:28:01.0215 5536 SiSRaid4 - ok
    11:28:01.0250 5536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:28:01.0253 5536 Smb - ok
    11:28:01.0286 5536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:28:01.0288 5536 spldr - ok
    11:28:01.0337 5536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:28:01.0350 5536 srv - ok
    11:28:01.0390 5536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:28:01.0397 5536 srv2 - ok
    11:28:01.0431 5536 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    11:28:01.0437 5536 SrvHsfHDA - ok
    11:28:01.0481 5536 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    11:28:01.0507 5536 SrvHsfV92 - ok
    11:28:01.0539 5536 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    11:28:01.0555 5536 SrvHsfWinac - ok
    11:28:01.0592 5536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:28:01.0597 5536 srvnet - ok
    11:28:01.0630 5536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:28:01.0633 5536 stexstor - ok
    11:28:01.0681 5536 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
    11:28:01.0689 5536 STHDA - ok
    11:28:01.0732 5536 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    11:28:01.0735 5536 storflt - ok
    11:28:01.0775 5536 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    11:28:01.0777 5536 storvsc - ok
    11:28:01.0850 5536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:28:01.0852 5536 swenum - ok
    11:28:01.0924 5536 swiwdmbus (c89ffa6a0b7723f2fb72a734934a4425) C:\Windows\system32\DRIVERS\swiwdmbusx64.sys
    11:28:01.0928 5536 swiwdmbus - ok
    11:28:01.0984 5536 swmsflt (1c4ebd3e6cce53586d58473524d54e50) C:\Windows\System32\drivers\swmsflt.sys
    11:28:01.0986 5536 swmsflt - ok
    11:28:02.0026 5536 SWNC8U56 (c2ad3936249199c9d8187dcdea17ac25) C:\Windows\system32\DRIVERS\swnc8u56.sys
    11:28:02.0030 5536 SWNC8U56 - ok
    11:28:02.0075 5536 SWNC8UA3 (ee03ef452ee06ed2539e2f80959144af) C:\Windows\system32\DRIVERS\swnc8ua3.sys
    11:28:02.0081 5536 SWNC8UA3 - ok
    11:28:02.0106 5536 SWUMX56 (cc97ec73094cf0f47cd89aafba6d26f1) C:\Windows\system32\DRIVERS\swumx56.sys
    11:28:02.0109 5536 SWUMX56 - ok
    11:28:02.0145 5536 SWUMXA3 (f6ceb2ff475265197d4407e87ff68701) C:\Windows\system32\DRIVERS\swumxa3.sys
    11:28:02.0150 5536 SWUMXA3 - ok
    11:28:02.0214 5536 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
    11:28:02.0249 5536 SynTP - ok
    11:28:02.0318 5536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    11:28:02.0360 5536 Tcpip - ok
    11:28:02.0408 5536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    11:28:02.0417 5536 TCPIP6 - ok
    11:28:02.0459 5536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:28:02.0462 5536 tcpipreg - ok
    11:28:02.0502 5536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:28:02.0506 5536 TDPIPE - ok
    11:28:02.0541 5536 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    11:28:02.0543 5536 TDTCP - ok
    11:28:02.0579 5536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:28:02.0582 5536 tdx - ok
    11:28:02.0607 5536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:28:02.0610 5536 TermDD - ok
    11:28:02.0661 5536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:28:02.0663 5536 tssecsrv - ok
    11:28:02.0707 5536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:28:02.0710 5536 TsUsbFlt - ok
    11:28:02.0753 5536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:28:02.0756 5536 tunnel - ok
    11:28:02.0791 5536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:28:02.0795 5536 uagp35 - ok
    11:28:02.0835 5536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:28:02.0840 5536 udfs - ok
    11:28:02.0890 5536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:28:02.0892 5536 uliagpkx - ok
    11:28:02.0919 5536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    11:28:02.0922 5536 umbus - ok
    11:28:02.0959 5536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:28:02.0962 5536 UmPass - ok
    11:28:03.0003 5536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:28:03.0006 5536 usbccgp - ok
    11:28:03.0037 5536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:28:03.0040 5536 usbcir - ok
    11:28:03.0060 5536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:28:03.0063 5536 usbehci - ok
    11:28:03.0093 5536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:28:03.0099 5536 usbhub - ok
    11:28:03.0128 5536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:28:03.0131 5536 usbohci - ok
    11:28:03.0161 5536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:28:03.0164 5536 usbprint - ok
    11:28:03.0189 5536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:28:03.0192 5536 USBSTOR - ok
    11:28:03.0228 5536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:28:03.0231 5536 usbuhci - ok
    11:28:03.0279 5536 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    11:28:03.0283 5536 usbvideo - ok
    11:28:03.0313 5536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:28:03.0315 5536 vdrvroot - ok
    11:28:03.0339 5536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:28:03.0342 5536 vga - ok
    11:28:03.0365 5536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:28:03.0367 5536 VgaSave - ok
    11:28:03.0390 5536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:28:03.0394 5536 vhdmp - ok
    11:28:03.0422 5536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:28:03.0425 5536 viaide - ok
    11:28:03.0452 5536 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    11:28:03.0457 5536 vmbus - ok
    11:28:03.0487 5536 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    11:28:03.0489 5536 VMBusHID - ok
    11:28:03.0507 5536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:28:03.0509 5536 volmgr - ok
    11:28:03.0552 5536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:28:03.0558 5536 volmgrx - ok
    11:28:03.0582 5536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:28:03.0587 5536 volsnap - ok
    11:28:03.0624 5536 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
    11:28:03.0627 5536 vpcbus - ok
    11:28:03.0659 5536 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    11:28:03.0661 5536 vpcnfltr - ok
    11:28:03.0680 5536 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
    11:28:03.0683 5536 vpcusb - ok
    11:28:03.0726 5536 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
    11:28:03.0737 5536 vpcuxd - ok
    11:28:03.0777 5536 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
    11:28:03.0783 5536 vpcvmm - ok
    11:28:03.0831 5536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:28:03.0836 5536 vsmraid - ok
    11:28:03.0902 5536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:28:03.0927 5536 vwifibus - ok
    11:28:04.0068 5536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:28:04.0077 5536 vwififlt - ok
    11:28:04.0160 5536 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:28:04.0166 5536 vwifimp - ok
    11:28:04.0220 5536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:28:04.0222 5536 WacomPen - ok
    11:28:04.0264 5536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:28:04.0267 5536 WANARP - ok
    11:28:04.0274 5536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:28:04.0275 5536 Wanarpv6 - ok
    11:28:04.0308 5536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:28:04.0310 5536 Wd - ok
    11:28:04.0339 5536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:28:04.0355 5536 Wdf01000 - ok
    11:28:04.0413 5536 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
    11:28:04.0422 5536 wdkmd - ok
    11:28:04.0457 5536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:28:04.0460 5536 WfpLwf - ok
    11:28:04.0483 5536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:28:04.0486 5536 WIMMount - ok
    11:28:04.0555 5536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:28:04.0557 5536 WmiAcpi - ok
    11:28:04.0601 5536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:28:04.0603 5536 ws2ifsl - ok
    11:28:04.0640 5536 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    11:28:04.0644 5536 WSDPrintDevice - ok
    11:28:04.0672 5536 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
    11:28:04.0674 5536 WSDScan - ok
    11:28:04.0709 5536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:28:04.0712 5536 WudfPf - ok
    11:28:04.0733 5536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:28:04.0737 5536 WUDFRd - ok
    11:28:04.0770 5536 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    11:28:04.0777 5536 yukonw7 - ok
    11:28:04.0813 5536 MBR (0x1B8) (f46ff31cd2f075b889dcfe45053950b0) \Device\Harddisk0\DR0
    11:28:04.0845 5536 \Device\Harddisk0\DR0 - ok
    11:28:04.0850 5536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    11:28:04.0854 5536 \Device\Harddisk1\DR1 - ok
    11:28:04.0858 5536 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
    11:28:05.0547 5536 \Device\Harddisk2\DR2 - ok
    11:28:05.0555 5536 Boot (0x1200) (b5c9280d6958872fd35b499144833657) \Device\Harddisk0\DR0\Partition0
    11:28:05.0557 5536 \Device\Harddisk0\DR0\Partition0 - ok
    11:28:05.0568 5536 Boot (0x1200) (1c62aefd76da3fc001832bc3e3012d20) \Device\Harddisk0\DR0\Partition1
    11:28:05.0570 5536 \Device\Harddisk0\DR0\Partition1 - ok
    11:28:05.0595 5536 Boot (0x1200) (35568a0780874f386704865153994439) \Device\Harddisk0\DR0\Partition2
    11:28:05.0597 5536 \Device\Harddisk0\DR0\Partition2 - ok
    11:28:05.0607 5536 Boot (0x1200) (49b32f63a52769d74bc4779134e6e549) \Device\Harddisk0\DR0\Partition3
    11:28:05.0609 5536 \Device\Harddisk0\DR0\Partition3 - ok
    11:28:05.0613 5536 Boot (0x1200) (00a3217d106b436b699ee0407ecbc7a9) \Device\Harddisk1\DR1\Partition0
    11:28:05.0614 5536 \Device\Harddisk1\DR1\Partition0 - ok
    11:28:05.0617 5536 Boot (0x1200) (6e792717c4ce7635a1abbb5422431258) \Device\Harddisk2\DR2\Partition0
    11:28:05.0619 5536 \Device\Harddisk2\DR2\Partition0 - ok
    11:28:05.0620 5536 ============================================================
    11:28:05.0620 5536 Scan finished
    11:28:05.0620 5536 ============================================================
    11:28:05.0629 4668 Detected object count: 0
    11:28:05.0629 4668 Actual detected object count: 0
     
  8. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. rajela

    rajela TS Rookie Topic Starter Posts: 29

    Combo Fix ran on the first attemp so i did not run any of the Kill Downloads...


    ComboFix 12-03-21.02 - Scott 03/21/2012 12:13:59.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5942.4491 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\searchplugins\bing-zugo.xml
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-21 17:19 . 2012-03-21 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-21 11:09 . 2012-03-21 11:09 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 22:20 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 22:20 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 22:20 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 11:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 11:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 11:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 11:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 11:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 11:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 11:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 11:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 11:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 11:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-07 16:42 . 2012-03-07 16:42 -------- d-----w- c:\users\Scott\.swt
    2012-03-06 22:50 . 2012-03-06 22:51 -------- d-----w- c:\programdata\Yahoo! Companion
    2012-03-01 12:12 . 2012-03-01 12:12 -------- d-----w- c:\windows\system32\Macromed
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-06 22:50 . 2011-06-22 11:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44 . 2012-02-15 12:15 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-15 12:15 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26 . 2012-02-15 12:15 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-15 12:15 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-15 12:15 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-13 11:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
    "PhotoJoy"="c:\program files (x86)\PhotoJoy\bin\PhotoJoy.exe" [2011-04-11 976256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "attcm_AppStart.exe"="c:\program files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2010-12-21 203776]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-20 273528]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
    .
    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-5-2 303456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [x]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
    R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys [x]
    R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [x]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
    R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [x]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-05-09 89600]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
    S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
    S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
    S2 prmJobSvJSDB;Primavera P6 Job Service (JSDB);c:\oracle\Primavera Common\JobService\prmJobSvJSDB.exe [2010-12-20 2620816]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-13 308592]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
    S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 13:09]
    .
    2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 13:09]
    .
    2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000Core.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 22:24]
    .
    2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000UA.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 22:24]
    .
    2012-03-16 c:\windows\Tasks\HPCeeScheduleForScott.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-09 487424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://newsok.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6c7335df-8374-4b99-9576-e0326c8da8dd%7D&mid=7dbfdf41874d47d191bcd1e9931b165d-67ccd6da1db4fcb914e8e88fa9cfbaded7b68f26&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-10%2007%3A31%3A11&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CF45C54F-801C-41B5-AC77-57F2BF418EDC} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
    c:\program files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-21 12:25:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-21 17:25
    .
    Pre-Run: 334,281,445,376 bytes free
    Post-Run: 334,121,644,032 bytes free
    .
    - - End Of File - - A04D15EDC9A0DFD6520A4DB3F7921B30
     
  10. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Looks good.

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. rajela

    rajela TS Rookie Topic Starter Posts: 29

    the machine is running great but then it never was running bad just appeared to be sluggish..and would not boot up on a restart...

    OTL logfile created on: 3/21/2012 2:25:34 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Scott\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.80 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 70.28% Memory free
    11.60 Gb Paging File | 9.06 Gb Available in Paging File | 78.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 443.62 Gb Total Space | 313.44 Gb Free Space | 70.66% Space Free | Partition Type: NTFS
    Drive D: | 21.84 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 794.90 Gb Free Space | 85.33% Space Free | Partition Type: NTFS
    Drive G: | 3.72 Gb Total Space | 1.32 Gb Free Space | 35.38% Space Free | Partition Type: FAT32
    Drive H: | 99.02 Mb Total Space | 83.88 Mb Free Space | 84.71% Space Free | Partition Type: FAT32

    Computer Name: SCOTT-HP | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/21 14:22:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    PRC - [2012/03/13 06:04:55 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    PRC - [2012/03/13 06:04:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/20 09:37:09 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/12/21 10:22:30 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
    PRC - [2010/12/20 14:02:56 | 002,620,816 | ---- | M] (Oracle Corporation) -- C:\Oracle\Primavera Common\JobService\prmJobSvJSDB.exe
    PRC - [2010/06/25 01:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/30 20:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/04/30 20:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/04/22 19:33:52 | 000,085,784 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    PRC - [2010/04/22 19:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2006/02/02 02:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
    PRC - [2006/02/02 02:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/13 06:04:54 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/02/16 08:01:53 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
    MOD - [2012/02/16 07:11:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
    MOD - [2012/02/16 07:11:23 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
    MOD - [2012/02/16 07:11:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/16 07:11:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
    MOD - [2012/02/16 07:10:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 07:10:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012/02/16 07:10:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/02/16 07:09:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012/02/16 07:09:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2011/10/13 06:21:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/12/21 10:42:30 | 001,048,072 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
    MOD - [2010/12/21 10:42:30 | 000,726,536 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
    MOD - [2010/12/21 10:42:28 | 000,758,792 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
    MOD - [2010/12/21 10:42:28 | 000,498,696 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
    MOD - [2010/12/21 10:42:28 | 000,049,672 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
    MOD - [2010/12/21 10:42:26 | 000,147,464 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
    MOD - [2010/12/21 10:42:24 | 000,307,208 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
    MOD - [2010/12/21 10:42:24 | 000,246,792 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
    MOD - [2010/12/21 10:42:24 | 000,125,448 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
    MOD - [2010/12/21 10:42:24 | 000,087,048 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
    MOD - [2010/12/21 10:42:24 | 000,046,600 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
    MOD - [2010/12/21 10:38:40 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin
    MOD - [2010/12/21 10:30:30 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin
    MOD - [2010/12/21 10:26:18 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin
    MOD - [2010/12/21 10:23:44 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin
    MOD - [2010/12/21 10:23:40 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin
    MOD - [2010/12/21 10:22:30 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
    MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/04/22 19:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
    MOD - [2010/04/22 19:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
    MOD - [2010/04/22 19:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
    SRV:64bit: - [2011/05/09 09:59:33 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/05/09 09:59:33 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2011/01/14 13:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV - [2012/03/13 06:04:55 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/12/20 14:02:56 | 002,620,816 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Oracle\Primavera Common\JobService\prmJobSvJSDB.exe -- (prmJobSvJSDB) Primavera P6 Job Service (JSDB)
    SRV - [2010/09/13 14:02:22 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
    SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/04/30 20:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/04/30 20:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
    SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2006/02/02 02:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
    SRV - [2006/02/02 02:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
    SRV - [2006/02/02 02:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
    SRV - [2006/02/02 02:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
    SRV - [2006/02/02 02:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/18 07:46:10 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/08/19 06:24:24 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2011/07/01 10:36:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/09 09:59:34 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/05/02 19:12:28 | 000,029,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
    DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/25 01:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
    DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
    DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
    DRV:64bit: - [2010/04/30 20:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2010/04/16 14:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/18 01:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/01/11 17:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/06/27 11:47:14 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
    DRV:64bit: - [2007/06/27 11:46:24 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
    DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7ADEB640-41C5-486F-8D78-A2A926872780}
    IE:64bit: - HKLM\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{36C629C0-9735-4039-B39D-2A2B20C7CBE8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{7ADEB640-41C5-486F-8D78-A2A926872780}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{CE8F8F27-E623-4C70-AD38-FEC9C6E810DC}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {7ADEB640-41C5-486F-8D78-A2A926872780}
    IE - HKLM\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{36C629C0-9735-4039-B39D-2A2B20C7CBE8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{7ADEB640-41C5-486F-8D78-A2A926872780}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{CE8F8F27-E623-4C70-AD38-FEC9C6E810DC}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111020
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{36C629C0-9735-4039-B39D-2A2B20C7CBE8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111020&iesrc={referrer:source}
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{7ADEB640-41C5-486F-8D78-A2A926872780}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C5AF56B8-7388-406E-BE05-DB2AA5845FA7}&mid=7dbfdf41874d47d191bcd1e9931b165d-67ccd6da1db4fcb914e8e88fa9cfbaded7b68f26&lang=en&ds=AVG&pr=fr&d=2011-10-10 07:31:11&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{CE8F8F27-E623-4C70-AD38-FEC9C6E810DC}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
  12. rajela

    rajela TS Rookie Topic Starter Posts: 29

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://newsok.com/"
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B6c7335df-8374-4b99-9576-e0326c8da8dd%7D&mid=7dbfdf41874d47d191bcd1e9931b165d-67ccd6da1db4fcb914e8e88fa9cfbaded7b68f26&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-10%2007%3A31%3A11&sap=ku&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/21 12:34:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/19 11:11:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/19 11:04:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/06 08:30:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/17 07:34:02 | 000,000,000 | ---D | M]

    [2011/05/09 09:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
    [2012/03/09 07:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions
    [2011/11/08 16:19:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2012/01/26 07:13:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/03/09 07:13:12 | 000,000,000 | ---D | M] (PhotoJoy Bar Community Toolbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}
    [2011/06/20 06:34:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\extensions\engine@conduit.com
    [2011/04/27 15:37:12 | 000,000,927 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9rt24e0i.default\searchplugins\conduit.xml
    [2012/01/06 08:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/19 11:04:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
    [2012/03/19 11:11:32 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/01/06 08:30:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/13 06:04:53 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/01/06 08:30:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2012/01/06 08:30:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/21 12:21:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Oracle\Primavera Common\Java\_jvm\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - No CLSID value found.
    O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
    O4 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe (IncrediMail, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66508733-E08B-4688-B0CC-DEB4F3F4FB56}: DhcpNameServer = 172.16.64.215 172.16.64.215
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E6B6BF0-D6C7-4F87-A5AD-6EF2D7ECC78A}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A25612B-18BB-4FD1-980D-5E90A5DA055E}: DhcpNameServer = 209.183.50.151 209.183.50.151
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B376AD25-6E0F-4378-9670-05D4FFA61D35}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCFCAEEC-B792-4A8F-9145-08951C2682F7}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/21 14:22:31 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2012/03/21 12:34:52 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\AVG2012
    [2012/03/21 12:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
    [2012/03/21 12:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/03/21 12:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/03/21 12:28:01 | 003,968,384 | ---- | C] (AVG Technologies) -- C:\Users\Scott\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/03/21 12:25:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/21 11:57:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/21 11:57:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/21 11:57:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/21 11:57:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/21 11:57:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/21 11:49:57 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Scott\Desktop\AppRemover.exe
    [2012/03/21 11:44:22 | 004,442,391 | R--- | C] (Swearware) -- C:\Users\Scott\Desktop\ComboFix.exe
    [2012/03/21 06:09:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/21 06:08:10 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\tdsskiller
    [2012/03/20 07:40:14 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\bootkit_remover
    [2012/03/20 06:21:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/03/20 06:13:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Scott\Desktop\aswMBR.exe
    [2012/03/08 07:39:18 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Avatar
    [2012/03/08 07:29:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Webcam
    [2012/03/07 11:42:12 | 000,000,000 | ---D | C] -- C:\Users\Scott\.swt
    [2012/03/06 17:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2012/03/06 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2012/03/01 07:12:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/02/27 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Robert Reeves Documents
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 14:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/21 14:22:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2012/03/21 13:33:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000UA.job
    [2012/03/21 13:05:55 | 000,000,062 | ---- | M] () -- C:\Windows\iltwain.ini
    [2012/03/21 12:37:41 | 059,351,991 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/03/21 12:34:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/03/21 12:34:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2012/03/21 12:34:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/03/21 12:29:26 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 12:29:26 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 12:28:13 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Scott\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/03/21 12:21:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/21 12:21:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 12:20:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/21 12:20:31 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/21 11:50:12 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Scott\Desktop\AppRemover.exe
    [2012/03/21 11:45:09 | 001,008,141 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.exe
    [2012/03/21 11:44:54 | 001,008,141 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.scr
    [2012/03/21 11:44:43 | 001,008,141 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.com
    [2012/03/21 11:44:23 | 004,442,391 | R--- | M] (Swearware) -- C:\Users\Scott\Desktop\ComboFix.exe
    [2012/03/21 06:07:59 | 002,046,155 | ---- | M] () -- C:\Users\Scott\Desktop\tdsskiller.zip
    [2012/03/20 17:05:49 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/20 17:05:49 | 000,628,966 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/20 17:05:49 | 000,108,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/20 16:43:32 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000Core.job
    [2012/03/20 07:39:24 | 000,000,512 | ---- | M] () -- C:\Users\Scott\Desktop\MBR.dat
    [2012/03/20 06:21:36 | 605,036,211 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/20 06:14:26 | 000,044,607 | ---- | M] () -- C:\Users\Scott\Desktop\bootkit_remover.zip
    [2012/03/20 06:13:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Scott\Desktop\aswMBR.exe
    [2012/03/16 14:13:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/16 13:23:28 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForScott.job
    [2012/03/15 06:02:14 | 000,447,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/08 08:41:39 | 000,001,296 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/03/06 17:50:39 | 000,001,165 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/03/06 17:50:39 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2012/02/29 10:46:12 | 000,004,096 | -H-- | M] () -- C:\Users\Scott\AppData\Local\keyfile3.drm
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/21 12:34:15 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/03/21 11:57:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/21 11:57:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/21 11:57:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/21 11:57:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/21 11:57:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/21 11:45:08 | 001,008,141 | ---- | C] () -- C:\Users\Scott\Desktop\rkill.exe
    [2012/03/21 11:44:54 | 001,008,141 | ---- | C] () -- C:\Users\Scott\Desktop\rkill.scr
    [2012/03/21 11:44:43 | 001,008,141 | ---- | C] () -- C:\Users\Scott\Desktop\rkill.com
    [2012/03/21 06:07:57 | 002,046,155 | ---- | C] () -- C:\Users\Scott\Desktop\tdsskiller.zip
    [2012/03/20 07:39:24 | 000,000,512 | ---- | C] () -- C:\Users\Scott\Desktop\MBR.dat
    [2012/03/20 06:21:36 | 605,036,211 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/03/20 06:14:24 | 000,044,607 | ---- | C] () -- C:\Users\Scott\Desktop\bootkit_remover.zip
    [2012/03/16 14:13:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/06 17:50:39 | 000,001,165 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/03/06 17:50:39 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2012/03/06 17:28:20 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000UA.job
    [2012/03/06 17:28:20 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000Core.job
    [2012/02/29 10:46:12 | 000,004,096 | -H-- | C] () -- C:\Users\Scott\AppData\Local\keyfile3.drm
    [2012/02/14 09:35:01 | 000,746,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/11 08:10:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
    [2011/10/20 07:25:09 | 000,000,354 | ---- | C] () -- C:\Windows\RM2MP3Converter.INI
    [2011/10/04 09:47:03 | 000,000,017 | ---- | C] () -- C:\Users\Scott\AppData\Local\resmon.resmoncfg
    [2011/09/09 14:39:27 | 000,003,584 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/23 17:10:45 | 000,000,039 | ---- | C] () -- C:\Windows\PrmConvert.ini
    [2011/05/16 10:06:39 | 000,000,174 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/13 13:09:51 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
    [2011/05/09 13:39:03 | 000,000,062 | ---- | C] () -- C:\Windows\iltwain.ini
    [2011/03/08 03:36:07 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/03/08 03:36:07 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/03/08 03:36:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/03/08 03:36:06 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/03/08 03:35:56 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2011/03/08 03:35:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/11/08 10:06:02 | 000,618,496 | R--- | C] () -- C:\Windows\SysWow64\stlpmt45.dll
    [2010/08/25 21:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010/07/20 04:29:34 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/07/20 03:27:36 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

    ========== LOP Check ==========

    [2012/03/21 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG2012
    [2011/10/20 09:29:41 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Boilsoft
    [2011/05/16 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Bullzip
    [2012/03/08 08:39:03 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2011/11/08 16:19:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Garmin
    [2011/06/24 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Leadertech
    [2011/07/06 07:17:26 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Memeo
    [2011/10/13 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Nitro PDF
    [2011/05/16 11:20:54 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\OpenCandy
    [2011/08/10 13:57:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Passware
    [2011/08/10 14:16:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Password Solutions
    [2011/05/13 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PrimoPDF
    [2011/05/02 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Sierra Wireless
    [2011/06/24 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Windows Live Writer
    [2012/01/06 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
    [2009/07/14 00:08:49 | 000,008,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(111).TXT
    [2012/03/13 06:04:06 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < * >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- \bootmgr
    [2012/03/21 12:25:34 | 000,024,405 | ---- | M] () -- \ComboFix.txt
    [2012/03/21 12:20:31 | 377,901,055 | -HS- | M] () -- \hiberfil.sys
    [2012/03/21 12:20:31 | 1935,523,839 | -HS- | M] () -- \pagefile.sys
    [2011/11/07 12:47:47 | 000,001,248 | ---- | M] () -- \prbaddata.txt
    [2011/08/19 06:25:15 | 000,000,085 | ---- | M] () -- \SETUP.LOG
    [2012/03/21 06:09:30 | 000,093,534 | ---- | M] () -- \TDSSKiller.2.7.21.0_21.03.2012_06.08.15_log.txt
    [2012/03/21 11:45:26 | 000,090,762 | ---- | M] () -- \TDSSKiller.2.7.21.0_21.03.2012_11.27.42_log.txt

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2012/03/21 12:25:34 | 000,024,405 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/21 12:20:31 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/21 12:20:31 | 1935,523,839 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/07 12:47:47 | 000,001,248 | ---- | M] () -- C:\prbaddata.txt
    [2011/08/19 06:25:15 | 000,000,085 | ---- | M] () -- C:\SETUP.LOG
    [2012/03/21 06:09:30 | 000,093,534 | ---- | M] () -- C:\TDSSKiller.2.7.21.0_21.03.2012_06.08.15_log.txt
    [2012/03/21 11:45:26 | 000,090,762 | ---- | M] () -- C:\TDSSKiller.2.7.21.0_21.03.2012_11.27.42_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/05 08:55:03 | 000,000,221 | -HS- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/21 11:50:12 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Scott\Desktop\AppRemover.exe
    [2012/03/20 06:13:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Scott\Desktop\aswMBR.exe
    [2012/03/21 12:28:13 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Scott\Desktop\avg_free_stb_all_2012_1913_cnet.exe
    [2012/03/21 11:44:23 | 004,442,391 | R--- | M] (Swearware) -- C:\Users\Scott\Desktop\ComboFix.exe
    [2012/02/06 15:01:23 | 000,733,288 | ---- | M] (Google Inc.) -- C:\Users\Scott\Desktop\GoogleEarthPluginSetup.exe
    [2011/10/20 07:50:26 | 071,733,104 | ---- | M] (Apple Inc.) -- C:\Users\Scott\Desktop\iTunes64Setup.exe
    [2011/09/15 10:53:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Scott\Desktop\mbam-setup-1.51.2.1300.exe
    [2012/03/21 14:22:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/09/15 10:54:45 | 000,302,592 | ---- | M] () -- C:\Users\Scott\Desktop\qlslwk0j.exe
    [2011/11/11 08:09:14 | 027,586,674 | ---- | M] () -- C:\Users\Scott\Desktop\QuickPDFConverter_upload.EXE
    [2011/10/20 09:33:57 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Scott\Desktop\RealPlayer.exe
    [2012/03/21 11:45:09 | 001,008,141 | ---- | M] () -- C:\Users\Scott\Desktop\rkill.exe
    [2012/01/10 07:16:20 | 018,959,872 | ---- | M] (thinkorswim, Inc) -- C:\Users\Scott\Desktop\thinkorswim_jse6_installer.exe
    [2012/02/14 09:53:34 | 000,177,656 | ---- | M] () -- C:\Users\Scott\Desktop\TrueInstallNS.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/21 12:21:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 14:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/20 16:43:32 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000Core.job
    [2012/03/21 13:33:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3319382114-2047704978-1170280087-1000UA.job
    [2012/03/16 13:23:28 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForScott.job
    [2012/03/21 12:20:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/14 00:08:49 | 000,008,606 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU(111).TXT
    [2012/03/13 06:04:06 | 000,032,578 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/24 06:29:36 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/06/24 06:29:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/03/08 03:36:57 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/03/08 03:36:57 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/06/24 06:29:36 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 07:10:10 | 000,000,402 | -HS- | M] () -- C:\Users\Scott\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/08 03:57:35 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/07/20 03:16:52 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2011/03/08 03:57:14 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/07/20 03:11:42 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2011/03/08 03:56:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2011/03/08 03:57:26 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/07/20 03:10:30 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/07/20 03:16:18 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2011/03/08 03:57:44 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < * >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- \bootmgr
    [2012/03/21 12:25:34 | 000,024,405 | ---- | M] () -- \ComboFix.txt
    [2012/03/21 12:20:31 | 377,901,055 | -HS- | M] () -- \hiberfil.sys
    [2012/03/21 12:20:31 | 1935,523,839 | -HS- | M] () -- \pagefile.sys
    [2011/11/07 12:47:47 | 000,001,248 | ---- | M] () -- \prbaddata.txt
    [2011/08/19 06:25:15 | 000,000,085 | ---- | M] () -- \SETUP.LOG
    [2012/03/21 06:09:30 | 000,093,534 | ---- | M] () -- \TDSSKiller.2.7.21.0_21.03.2012_06.08.15_log.txt
    [2012/03/21 11:45:26 | 000,090,762 | ---- | M] () -- \TDSSKiller.2.7.21.0_21.03.2012_11.27.42_log.txt

    < End of report >
     
  13. rajela

    rajela TS Rookie Topic Starter Posts: 29

    OTL Extras logfile created on: 3/21/2012 2:25:34 PM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Scott\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.80 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 70.28% Memory free
    11.60 Gb Paging File | 9.06 Gb Available in Paging File | 78.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 443.62 Gb Total Space | 313.44 Gb Free Space | 70.66% Space Free | Partition Type: NTFS
    Drive D: | 21.84 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 794.90 Gb Free Space | 85.33% Space Free | Partition Type: NTFS
    Drive G: | 3.72 Gb Total Space | 1.32 Gb Free Space | 35.38% Space Free | Partition Type: FAT32
    Drive H: | 99.02 Mb Total Space | 83.88 Mb Free Space | 84.71% Space Free | Partition Type: FAT32

    Computer Name: SCOTT-HP | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)
    "C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{20F2AD58-CE1D-4994-9945-B1B3F2600254}" = Nitro PDF Reader
    "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C00EC96-D644-41AD-91D3-A9CE4382C80E}" = Driver Installer
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
    "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
    "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15482D1C-117B-4201-8D39-985A91ED8433}" = PhotoJoy
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1C3AB52E-C4CD-4D72-BCCB-A8FEA142CCCC}" = Primavera P6 v7.0 Service Pack 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40356BFC-EB2F-1A68-1A47-4547BE7DD0D2}" = Xtend
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
    "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{6F52B533-03ED-4077-A382-BB8DA663FDAE}" = AT&T Communication Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix
    "{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.InfoPathr_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.InfoPathr_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.InfoPathr_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.InfoPathr_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.InfoPathr_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.InfoPathr_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.InfoPathr_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.InfoPathr_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.InfoPathr_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.InfoPathr_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0044-0000-0000-0000000FF1CE}" = Microsoft Office InfoPath 2010
    "{91140000-0044-0000-0000-0000000FF1CE}_Office14.InfoPathr_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8871195-1265-0859-CC55-ADE112EEF7D3}" = Times Reader
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
    "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
    "{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
    "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
    "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
    "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
    "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
    "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
    "{F8423392-2296-4748-9B66-344432459632}" = PureHD
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
    "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
    "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "DAS Trader Pro" = DAS Trader Pro 2.4.0.2
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1C3AB52E-C4CD-4D72-BCCB-A8FEA142CCCC}" = Primavera P6 v7.0 Service Pack 3
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mini-stream RM-MP3 Converter_is1" = Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "Office14.InfoPathr" = Microsoft InfoPath 2010
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "PhotoJoy" = PhotoJoy
    "ProInst" = Intel PROSet Wireless
    "Quick PDF Converter v4.1" = Quick PDF Converter v4.1
    "RealPlayer 12.0" = RealPlayer
    "thinkorswim" = thinkorswim
    "TrueSwitch Wizard EC" = TrueSwitch Wizard EC
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1" = Xtend
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/14/2011 1:44:51 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2309

    Error - 11/14/2011 1:44:51 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2309

    Error - 11/14/2011 1:44:52 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2011 1:44:52 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3432

    Error - 11/14/2011 1:44:52 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3432

    Error - 11/14/2011 1:44:53 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2011 1:44:53 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4836

    Error - 11/14/2011 1:44:53 PM | Computer Name = Scott-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4836

    Error - 11/14/2011 5:00:21 PM | Computer Name = Scott-HP | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1b44 Start
    Time: 01cca2e88fd8f710 Termination Time: 127 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: a7be8b37-0f03-11e1-a1ce-2c27d7c07203

    Error - 11/14/2011 5:25:48 PM | Computer Name = Scott-HP | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1bac Start
    Time: 01cca3106f6c0f71 Termination Time: 140 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 2dfeaa2d-0f07-11e1-a1ce-2c27d7c07203

    [ Hewlett-Packard Events ]
    Error - 6/20/2011 7:41:36 AM | Computer Name = Scott-HP | Source = Hewlett-Packard | ID = 0
    Description =

    Error - 6/24/2011 7:45:47 AM | Computer Name = Scott-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061124064545.xml
    File not created by asset agent

    [ HP Software Framework Events ]
    Error - 2/3/2012 2:53:51 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/03 12:53:51.950|000019C0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/3/2012 2:53:53 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/03 12:53:53.711|00000DFC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/10/2012 2:37:02 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/10 12:37:02.294|00001978|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/17/2012 2:09:14 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/17 12:09:14.729|000011B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/24/2012 2:08:04 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/24 12:08:04.244|00000FB4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/24/2012 2:13:42 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/24 12:13:42.127|000017C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 2/24/2012 2:13:44 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/02/24 12:13:44.421|00001B9C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/5/2012 8:13:27 AM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/03/05 06:13:27.061|00001A54|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/9/2012 2:01:44 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/03/09 12:01:44.097|00000CF8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/16/2012 1:47:44 PM | Computer Name = Scott-HP | Source = CaslWmi | ID = 5
    Description = 2012/03/16 12:47:44.471|00001D50|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ HP Wireless Assistant Events ]
    Error - 5/2/2011 8:11:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/2/2011 8:12:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/2/2011 8:13:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/2/2011 8:14:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/2/2011 8:15:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/2/2011 8:16:21 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 6/16/2011 7:35:39 AM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 9/15/2011 1:10:13 PM | Computer Name = Scott-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
    radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 3/6/2012 8:14:16 AM | Computer Name = Scott-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 3/6/2012 8:14:23 AM | Computer Name = Scott-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    [ System Events ]
    Error - 1/3/2012 8:22:07 AM | Computer Name = Scott-HP | Source = DCOM | ID = 10010
    Description =

    Error - 1/3/2012 8:22:28 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/3/2012 8:22:29 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/3/2012 9:22:19 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/3/2012 10:12:11 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/3/2012 11:11:38 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/4/2012 8:26:46 AM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/4/2012 2:26:17 PM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR2.

    Error - 1/5/2012 3:20:23 PM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 1/5/2012 4:07:57 PM | Computer Name = Scott-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKLM\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - No CLSID value found.
      O3 - HKU\S-1-5-21-3319382114-2047704978-1170280087-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. rajela

    rajela TS Rookie Topic Starter Posts: 29

    I think I have all the reports that you requested. The ESET did not produce a report. the box at the end said nothing was detected.
    I am posting up the Fix report......the security Check and the TFC....If I missed any let me know and I ran the Java installer and remover....AVG anti Virus is turned back on...



    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC1CF57-F96D-451A-9E08-64DEE791CE24}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CF45C54F-801C-41B5-AC77-57F2BF418EDC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF45C54F-801C-41B5-AC77-57F2BF418EDC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3319382114-2047704978-1170280087-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Scott
    ->Temp folder emptied: 57048 bytes
    ->Temporary Internet Files folder emptied: 44659116 bytes
    ->Java cache emptied: 1362978 bytes
    ->FireFox cache emptied: 56637134 bytes
    ->Flash cache emptied: 15230573 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6291707 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 119.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Scott
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Scott
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.1 log created on 03212012_152148
    Files\Folders moved on Reboot...
    File move failed. C:\Users\Scott\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...




    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Reader X (10.1.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    Symantec Norton Online Backup NOBuAgent.exe
    ``````````End of Log````````````





    Farbar Service Scanner Version: 01-03-2012
    Ran by Scott (administrator) on 21-03-2012 at 15:40:34
    Running from "C:\Users\Scott\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. rajela

    rajela TS Rookie Topic Starter Posts: 29

    Here is the latest OTC report...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Scott
    ->Temp folder emptied: 80107 bytes
    ->Temporary Internet Files folder emptied: 52071 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 75778829 bytes
    ->Flash cache emptied: 1173 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4525259 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Scott
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Scott
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.39.1 log created on 03212012_170855

    Files\Folders moved on Reboot...
    File move failed. C:\Users\Scott\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Whenever ready....
     
  19. rajela

    rajela TS Rookie Topic Starter Posts: 29

    It will be tomorrow before I can tell you about the computer since I am at home on another machine now. I will post you a performance starus first thing tomorrow.

    Thanks
     
  20. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Very well.....
     
  21. rajela

    rajela TS Rookie Topic Starter Posts: 29

    Broni
    Machine if running great....start up is fast and the sluggishness is gone. Let me know if there is anything else that I need to do. I have delete all the report logs and downloads except for the ones that I need to run every so often...

    Thanks
    Scott
     
  22. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  23. rajela

    rajela TS Rookie Topic Starter Posts: 29

    Deleted.........................
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.