Solved SVCHOST.exe trojan causes physical memory dump and then wants to reinstall OS

TDSSKiller Log:

001458.0487 5752 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 145116
001500.0499 5752 ============================================================
001500.0499 5752 Current date time 20111225 001500.0499
001500.0499 5752 SystemInfo
001500.0499 5752
001500.0499 5752 OS Version 6.1.7601 ServicePack 1.0
001500.0499 5752 Product type Workstation
001500.0499 5752 ComputerName AARONROSS-PC
001500.0499 5752 UserName Aaron Ross
001500.0499 5752 Windows directory CWindows
001500.0499 5752 System windows directory CWindows
001500.0499 5752 Running under WOW64
001500.0499 5752 Processor architecture Intel x64
001500.0499 5752 Number of processors 8
001500.0499 5752 Page size 0x1000
001500.0499 5752 Boot type Normal boot
001500.0499 5752 ============================================================
001500.0842 5752 Initialize success
001502.0667 4696 ============================================================
001502.0667 4696 Scan started
001502.0667 4696 Mode Manual;
001502.0667 4696 ============================================================
001503.0510 4696 1394ohci (a87d604aea360176311474c87a63bb88) CWindowssystem32drivers1394ohci.sys
001503.0510 4696 1394ohci - ok
001503.0572 4696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) CWindowssystem32driversACPI.sys
001503.0588 4696 ACPI - ok
001503.0603 4696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) CWindowssystem32driversacpipmi.sys
001503.0603 4696 AcpiPmi - ok
001503.0666 4696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) CWindowssystem32DRIVERSadp94xx.sys
001503.0666 4696 adp94xx - ok
001503.0713 4696 adpahci (597f78224ee9224ea1a13d6350ced962) CWindowssystem32DRIVERSadpahci.sys
001503.0728 4696 adpahci - ok
001503.0759 4696 adpu320 (e109549c90f62fb570b9540c4b148e54) CWindowssystem32DRIVERSadpu320.sys
001503.0759 4696 adpu320 - ok
001503.0837 4696 AFD (d5b031c308a409a0a576bff4cf083d30) CWindowssystem32driversafd.sys
001503.0853 4696 AFD - ok
001503.0869 4696 agp440 (608c14dba7299d8cb6ed035a68a15799) CWindowssystem32driversagp440.sys
001503.0869 4696 agp440 - ok
001503.0915 4696 aliide (5812713a477a3ad7363c7438ca2ee038) CWindowssystem32driversaliide.sys
001503.0915 4696 aliide - ok
001503.0947 4696 amdide (1ff8b4431c353ce385c875f194924c0c) CWindowssystem32driversamdide.sys
001503.0947 4696 amdide - ok
001503.0978 4696 AmdK8 (7024f087cff1833a806193ef9d22cda9) CWindowssystem32DRIVERSamdk8.sys
001503.0978 4696 AmdK8 - ok
001504.0165 4696 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) CWindowssystem32DRIVERSatikmdag.sys
001504.0259 4696 amdkmdag - ok
001504.0290 4696 amdkmdap (6b4e9261b613b047a9a145f328889968) CWindowssystem32DRIVERSatikmpag.sys
001504.0290 4696 amdkmdap - ok
001504.0321 4696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) CWindowssystem32DRIVERSamdppm.sys
001504.0321 4696 AmdPPM - ok
001504.0352 4696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) CWindowssystem32driversamdsata.sys
001504.0352 4696 amdsata - ok
001504.0368 4696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) CWindowssystem32DRIVERSamdsbs.sys
001504.0383 4696 amdsbs - ok
001504.0399 4696 amdxata (540daf1cea6094886d72126fd7c33048) CWindowssystem32driversamdxata.sys
001504.0399 4696 amdxata - ok
001504.0461 4696 AppID (89a69c3f2f319b43379399547526d952) CWindowssystem32driversappid.sys
001504.0461 4696 AppID - ok
001504.0524 4696 arc (c484f8ceb1717c540242531db7845c4e) CWindowssystem32DRIVERSarc.sys
001504.0524 4696 arc - ok
001504.0539 4696 arcsas (019af6924aefe7839f61c830227fe79c) CWindowssystem32DRIVERSarcsas.sys
001504.0539 4696 arcsas - ok
001504.0617 4696 AsyncMac (769765ce2cc62867468cea93969b2242) CWindowssystem32DRIVERSasyncmac.sys
001504.0617 4696 AsyncMac - ok
001504.0664 4696 atapi (02062c0b390b7729edc9e69c680a6f3c) CWindowssystem32driversatapi.sys
001504.0664 4696 atapi - ok
001504.0711 4696 athr (195786ed7a26e1913a4f9799fdbc2c71) CWindowssystem32DRIVERSathrx.sys
001504.0742 4696 athr - ok
001504.0805 4696 AtiHdmiService (77c149e6d702737b2e372dee166faef8) CWindowssystem32driversAtiHdmi.sys
001504.0805 4696 AtiHdmiService - ok
001504.0898 4696 b06bdrv (3e5b191307609f7514148c6832bb0842) CWindowssystem32DRIVERSbxvbda.sys
001504.0898 4696 b06bdrv - ok
001504.0961 4696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) CWindowssystem32DRIVERSb57nd60a.sys
001504.0961 4696 b57nd60a - ok
001505.0007 4696 Beep (16a47ce2decc9b099349a5f840654746) CWindowssystem32driversBeep.sys
001505.0023 4696 Beep - ok
001505.0070 4696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) CWindowssystem32DRIVERSblbdrive.sys
001505.0070 4696 blbdrive - ok
001505.0179 4696 bowser (6c02a83164f5cc0a262f4199f0871cf5) CWindowssystem32DRIVERSbowser.sys
001505.0195 4696 bowser - ok
001505.0210 4696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) CWindowssystem32DRIVERSBrFiltLo.sys
001505.0210 4696 BrFiltLo - ok
001505.0226 4696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) CWindowssystem32DRIVERSBrFiltUp.sys
001505.0226 4696 BrFiltUp - ok
001505.0241 4696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) CWindowsSystem32DriversBrserid.sys
001505.0257 4696 Brserid - ok
001505.0273 4696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) CWindowsSystem32DriversBrSerWdm.sys
001505.0273 4696 BrSerWdm - ok
001505.0288 4696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) CWindowsSystem32DriversBrUsbMdm.sys
001505.0288 4696 BrUsbMdm - ok
001505.0304 4696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) CWindowsSystem32DriversBrUsbSer.sys
001505.0304 4696 BrUsbSer - ok
001505.0319 4696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) CWindowssystem32DRIVERSbthmodem.sys
001505.0319 4696 BTHMODEM - ok
001505.0351 4696 cdfs (b8bd2bb284668c84865658c77574381a) CWindowssystem32DRIVERScdfs.sys
001505.0351 4696 cdfs - ok
001505.0397 4696 cdrom (f036ce71586e93d94dab220d7bdf4416) CWindowssystem32DRIVERScdrom.sys
001505.0397 4696 cdrom - ok
001505.0444 4696 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) CWindowssystem32driverscfwids.sys
001505.0444 4696 cfwids - ok
001505.0460 4696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) CWindowssystem32DRIVERScirclass.sys
001505.0460 4696 circlass - ok
001505.0491 4696 CLFS (fe1ec06f2253f691fe36217c592a0206) CWindowssystem32CLFS.sys
001505.0491 4696 CLFS - ok
001505.0553 4696 CmBatt (0840155d0bddf1190f84a663c284bd33) CWindowssystem32DRIVERSCmBatt.sys
001505.0553 4696 CmBatt - ok
001505.0585 4696 cmdide (e19d3f095812725d88f9001985b94edd) CWindowssystem32driverscmdide.sys
001505.0585 4696 cmdide - ok
001505.0616 4696 CNG (d5fea92400f12412b3922087c09da6a5) CWindowssystem32Driverscng.sys
001505.0616 4696 CNG - ok
001505.0647 4696 Compbatt (102de219c3f61415f964c88e9085ad14) CWindowssystem32DRIVERScompbatt.sys
001505.0647 4696 Compbatt - ok
001505.0694 4696 CompositeBus (03edb043586cceba243d689bdda370a8) CWindowssystem32driversCompositeBus.sys
001505.0694 4696 CompositeBus - ok
001505.0725 4696 crcdisk (1c827878a998c18847245fe1f34ee597) CWindowssystem32DRIVERScrcdisk.sys
001505.0725 4696 crcdisk - ok
001505.0772 4696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) CWindowssystem32Driversdfsc.sys
001505.0772 4696 DfsC - ok
001505.0787 4696 discache (13096b05847ec78f0977f2c0f79e9ab3) CWindowssystem32driversdiscache.sys
001505.0787 4696 discache - ok
001505.0803 4696 Disk (9819eee8b5ea3784ec4af3b137a5244c) CWindowssystem32DRIVERSdisk.sys
001505.0803 4696 Disk - ok
001505.0834 4696 drmkaud (9b19f34400d24df84c858a421c205754) CWindowssystem32driversdrmkaud.sys
001505.0834 4696 drmkaud - ok
001505.0865 4696 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) CWindowssystem32DRIVERSdtsoftbus01.sys
001505.0865 4696 dtsoftbus01 - ok
001505.0881 4696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) CWindowsSystem32driversdxgkrnl.sys
001505.0881 4696 DXGKrnl - ok
001505.0897 4696 EagleX64 - ok
001505.0959 4696 ebdrv (dc5d737f51be844d8c82c695eb17372f) CWindowssystem32DRIVERSevbda.sys
001506.0006 4696 ebdrv - ok
001506.0037 4696 elxstor (0e5da5369a0fcaea12456dd852545184) CWindowssystem32DRIVERSelxstor.sys
001506.0037 4696 elxstor - ok
001506.0068 4696 ErrDev (34a3c54752046e79a126e15c51db409b) CWindowssystem32driverserrdev.sys
001506.0068 4696 ErrDev - ok
001506.0099 4696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) CWindowssystem32driversexfat.sys
001506.0099 4696 exfat - ok
001506.0115 4696 fastfat (0adc83218b66a6db380c330836f3e36d) CWindowssystem32driversfastfat.sys
001506.0131 4696 fastfat - ok
001506.0146 4696 fdc (d765d19cd8ef61f650c384f62fac00ab) CWindowssystem32DRIVERSfdc.sys
001506.0146 4696 fdc - ok
001506.0177 4696 FileInfo (655661be46b5f5f3fd454e2c3095b930) CWindowssystem32driversfileinfo.sys
001506.0177 4696 FileInfo - ok
001506.0193 4696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) CWindowssystem32driversfiletrace.sys
001506.0193 4696 Filetrace - ok
001506.0209 4696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) CWindowssystem32DRIVERSflpydisk.sys
001506.0209 4696 flpydisk - ok
001506.0240 4696 FltMgr (da6b67270fd9db3697b20fce94950741) CWindowssystem32driversfltmgr.sys
001506.0240 4696 FltMgr - ok
001506.0271 4696 FsDepends (d43703496149971890703b4b1b723eac) CWindowssystem32driversFsDepends.sys
001506.0271 4696 FsDepends - ok
001506.0287 4696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) CWindowssystem32driversFs_Rec.sys
001506.0287 4696 Fs_Rec - ok
001506.0318 4696 fvevol (1f7b25b858fa27015169fe95e54108ed) CWindowssystem32DRIVERSfvevol.sys
001506.0318 4696 fvevol - ok
001506.0349 4696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) CWindowssystem32DRIVERSgagp30kx.sys
001506.0349 4696 gagp30kx - ok
001506.0380 4696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) CWindowssystem32DRIVERSGEARAspiWDM.sys
001506.0380 4696 GEARAspiWDM - ok
001506.0411 4696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) CWindowssystem32drivershcw85cir.sys
001506.0411 4696 hcw85cir - ok
001506.0458 4696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) CWindowssystem32driversHDAudBus.sys
001506.0458 4696 HDAudBus - ok
001506.0474 4696 HidBatt (78e86380454a7b10a5eb255dc44a355f) CWindowssystem32DRIVERSHidBatt.sys
001506.0474 4696 HidBatt - ok
001506.0505 4696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) CWindowssystem32DRIVERShidbth.sys
001506.0505 4696 HidBth - ok
001506.0552 4696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) CWindowssystem32DRIVERShidir.sys
001506.0552 4696 HidIr - ok
001506.0599 4696 HidUsb (9592090a7e2b61cd582b612b6df70536) CWindowssystem32DRIVERShidusb.sys
001506.0599 4696 HidUsb - ok
001506.0645 4696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) CWindowssystem32driversHpSAMD.sys
001506.0645 4696 HpSAMD - ok
001506.0723 4696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) CWindowssystem32driversHTTP.sys
001506.0723 4696 HTTP - ok
001506.0755 4696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) CWindowssystem32drivershwpolicy.sys
001506.0755 4696 hwpolicy - ok
001506.0786 4696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) CWindowssystem32driversi8042prt.sys
001506.0786 4696 i8042prt - ok
001506.0817 4696 iaStor (abbf174cb394f5c437410a788b7e404a) CWindowssystem32DRIVERSiaStor.sys
001506.0817 4696 iaStor - ok
001506.0879 4696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) CWindowssystem32driversiaStorV.sys
001506.0879 4696 iaStorV - ok
001506.0926 4696 iirsp (5c18831c61933628f5bb0ea2675b9d21) CWindowssystem32DRIVERSiirsp.sys
001506.0942 4696 iirsp - ok
001506.0989 4696 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) CWindowssystem32driversRTKVHD64.sys
001506.0989 4696 IntcAzAudAddService - ok
001507.0020 4696 intelide (f00f20e70c6ec3aa366910083a0518aa) CWindowssystem32driversintelide.sys
001507.0020 4696 intelide - ok
001507.0051 4696 intelppm (ada036632c664caa754079041cf1f8c1) CWindowssystem32DRIVERSintelppm.sys
001507.0051 4696 intelppm - ok
001507.0113 4696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) CWindowssystem32DRIVERSipfltdrv.sys
001507.0113 4696 IpFilterDriver - ok
001507.0129 4696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) CWindowssystem32driversIPMIDrv.sys
001507.0129 4696 IPMIDRV - ok
001507.0160 4696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) CWindowssystem32driversipnat.sys
001507.0176 4696 IPNAT - ok
001507.0223 4696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) CWindowssystem32driversirenum.sys
001507.0223 4696 IRENUM - ok
001507.0269 4696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) CWindowssystem32driversisapnp.sys
001507.0269 4696 isapnp - ok
001507.0285 4696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) CWindowssystem32driversmsiscsi.sys
001507.0301 4696 iScsiPrt - ok
001507.0332 4696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) CWindowssystem32DRIVERSkbdclass.sys
001507.0332 4696 kbdclass - ok
001507.0379 4696 kbdhid (0705eff5b42a9db58548eec3b26bb484) CWindowssystem32DRIVERSkbdhid.sys
001507.0394 4696 kbdhid - ok
001507.0410 4696 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) CWindowssystem32Driversksecdd.sys
001507.0410 4696 KSecDD - ok
001507.0457 4696 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) CWindowssystem32Driversksecpkg.sys
001507.0457 4696 KSecPkg - ok
001507.0472 4696 ksthunk (6869281e78cb31a43e969f06b57347c4) CWindowssystem32driversksthunk.sys
001507.0472 4696 ksthunk - ok
001507.0488 4696 lltdio (1538831cf8ad2979a04c423779465827) CWindowssystem32DRIVERSlltdio.sys
001507.0488 4696 lltdio - ok
001507.0519 4696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) CWindowssystem32DRIVERSlsi_fc.sys
001507.0519 4696 LSI_FC - ok
001507.0535 4696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) CWindowssystem32DRIVERSlsi_sas.sys
001507.0535 4696 LSI_SAS - ok
001507.0550 4696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) CWindowssystem32DRIVERSlsi_sas2.sys
001507.0550 4696 LSI_SAS2 - ok
001507.0581 4696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) CWindowssystem32DRIVERSlsi_scsi.sys
001507.0581 4696 LSI_SCSI - ok
001507.0597 4696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) CWindowssystem32driversluafv.sys
001507.0597 4696 luafv - ok
001507.0628 4696 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) CWindowssystem32driversmbam.sys
001507.0628 4696 MBAMProtector - ok
001507.0691 4696 megasas (a55805f747c6edb6a9080d7c633bd0f4) CWindowssystem32DRIVERSmegasas.sys
001507.0706 4696 megasas - ok
001507.0753 4696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) CWindowssystem32DRIVERSMegaSR.sys
001507.0753 4696 MegaSR - ok
001507.0784 4696 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) CWindowssystem32driversmfeapfk.sys
001507.0784 4696 mfeapfk - ok
001507.0800 4696 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) CWindowssystem32driversmfeavfk.sys
001507.0800 4696 mfeavfk - ok
001507.0831 4696 mfeavfk01 - ok
001507.0878 4696 mfefirek (670dffe55e2f9ab99d9169c428bcece9) CWindowssystem32driversmfefirek.sys
001507.0878 4696 mfefirek - ok
001507.0925 4696 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) CWindowssystem32driversmfehidk.sys
001507.0940 4696 mfehidk - ok
001507.0940 4696 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) CWindowssystem32DRIVERSmfenlfk.sys
001507.0956 4696 mfenlfk - ok
001507.0971 4696 mferkdet (65776bd8029e409935b90de30bf99526) CWindowssystem32driversmferkdet.sys
001507.0971 4696 mferkdet - ok
001508.0003 4696 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) CWindowssystem32driversmfewfpk.sys
001508.0003 4696 mfewfpk - ok
001508.0018 4696 Modem (800ba92f7010378b09f9ed9270f07137) CWindowssystem32driversmodem.sys
001508.0018 4696 Modem - ok
001508.0096 4696 monitor (b03d591dc7da45ece20b3b467e6aadaa) CWindowssystem32DRIVERSmonitor.sys
001508.0096 4696 monitor - ok
001508.0127 4696 mouclass (7d27ea49f3c1f687d357e77a470aea99) CWindowssystem32DRIVERSmouclass.sys
001508.0127 4696 mouclass - ok
001508.0174 4696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) CWindowssystem32DRIVERSmouhid.sys
001508.0174 4696 mouhid - ok
001508.0221 4696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) CWindowssystem32driversmountmgr.sys
001508.0221 4696 mountmgr - ok
001508.0252 4696 mpio (a44b420d30bd56e145d6a2bc8768ec58) CWindowssystem32driversmpio.sys
001508.0252 4696 mpio - ok
001508.0268 4696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) CWindowssystem32driversmpsdrv.sys
001508.0268 4696 mpsdrv - ok
001508.0315 4696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) CWindowssystem32driversmrxdav.sys
001508.0315 4696 MRxDAV - ok
001508.0346 4696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) CWindowssystem32DRIVERSmrxsmb.sys
001508.0346 4696 mrxsmb - ok
001508.0393 4696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) CWindowssystem32DRIVERSmrxsmb10.sys
001508.0408 4696 mrxsmb10 - ok
001508.0424 4696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) CWindowssystem32DRIVERSmrxsmb20.sys
001508.0439 4696 mrxsmb20 - ok
001508.0455 4696 msahci (c25f0bafa182cbca2dd3c851c2e75796) CWindowssystem32driversmsahci.sys
001508.0455 4696 msahci - ok
001508.0486 4696 msdsm (db801a638d011b9633829eb6f663c900) CWindowssystem32driversmsdsm.sys
001508.0486 4696 msdsm - ok
001508.0517 4696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) CWindowssystem32driversMsfs.sys
001508.0517 4696 Msfs - ok
001508.0533 4696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) CWindowsSystem32driversmshidkmdf.sys
001508.0533 4696 mshidkmdf - ok
001508.0564 4696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) CWindowssystem32driversmsisadrv.sys
001508.0564 4696 msisadrv - ok
001508.0627 4696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) CWindowssystem32driversMSKSSRV.sys
001508.0627 4696 MSKSSRV - ok
001508.0658 4696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) CWindowssystem32driversMSPCLOCK.sys
001508.0658 4696 MSPCLOCK - ok
001508.0673 4696 MSPQM (4ed981241db27c3383d72092b618a1d0) CWindowssystem32driversMSPQM.sys
001508.0673 4696 MSPQM - ok
001508.0705 4696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) CWindowssystem32driversMsRPC.sys
001508.0720 4696 MsRPC - ok
001508.0736 4696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) CWindowssystem32driversmssmbios.sys
001508.0736 4696 mssmbios - ok
001508.0751 4696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) CWindowssystem32driversMSTEE.sys
001508.0751 4696 MSTEE - ok
001508.0767 4696 MTConfig (7ea404308934e675bffde8edf0757bcd) CWindowssystem32DRIVERSMTConfig.sys
001508.0767 4696 MTConfig - ok
001508.0814 4696 Mup (f9a18612fd3526fe473c1bda678d61c8) CWindowssystem32Driversmup.sys
001508.0814 4696 Mup - ok
001508.0861 4696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) CWindowssystem32DRIVERSnwifi.sys
001508.0861 4696 NativeWifiP - ok
001508.0954 4696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) CWindowssystem32driversndis.sys
001508.0954 4696 NDIS - ok
001509.0001 4696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) CWindowssystem32DRIVERSndiscap.sys
001509.0001 4696 NdisCap - ok
001509.0017 4696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) CWindowssystem32DRIVERSndistapi.sys
001509.0032 4696 NdisTapi - ok
001509.0063 4696 Ndisuio (136185f9fb2cc61e573e676aa5402356) CWindowssystem32DRIVERSndisuio.sys
001509.0063 4696 Ndisuio - ok
001509.0095 4696 NdisWan (53f7305169863f0a2bddc49e116c2e11) CWindowssystem32DRIVERSndiswan.sys
001509.0095 4696 NdisWan - ok
001509.0157 4696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) CWindowssystem32driversNDProxy.sys
001509.0157 4696 NDProxy - ok
001509.0204 4696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) CWindowssystem32DRIVERSnetbios.sys
001509.0204 4696 NetBIOS - ok
001509.0235 4696 NetBT (09594d1089c523423b32a4229263f068) CWindowssystem32DRIVERSnetbt.sys
001509.0235 4696 NetBT - ok
001509.0282 4696 nfrd960 (77889813be4d166cdab78ddba990da92) CWindowssystem32DRIVERSnfrd960.sys
001509.0282 4696 nfrd960 - ok
001509.0297 4696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) CWindowssystem32driversNpfs.sys
001509.0297 4696 Npfs - ok
001509.0313 4696 nsiproxy (e7f5ae18af4168178a642a9247c63001) CWindowssystem32driversnsiproxy.sys
001509.0313 4696 nsiproxy - ok
001509.0360 4696 Ntfs (a2f74975097f52a00745f9637451fdd8) CWindowssystem32driversNtfs.sys
001509.0391 4696 Ntfs - ok
001509.0407 4696 Null (9899284589f75fa8724ff3d16aed75c1) CWindowssystem32driversNull.sys
001509.0407 4696 Null - ok
001509.0469 4696 nvraid (0a92cb65770442ed0dc44834632f66ad) CWindowssystem32driversnvraid.sys
001509.0485 4696 nvraid - ok
001509.0516 4696 nvstor (dab0e87525c10052bf65f06152f37e4a) CWindowssystem32driversnvstor.sys
001509.0516 4696 nvstor - ok
001509.0563 4696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) CWindowssystem32driversnv_agp.sys
001509.0563 4696 nv_agp - ok
001509.0609 4696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) CWindowssystem32driversohci1394.sys
001509.0609 4696 ohci1394 - ok
001509.0625 4696 Parport (0086431c29c35be1dbc43f52cc273887) CWindowssystem32DRIVERSparport.sys
001509.0641 4696 Parport - ok
001509.0656 4696 partmgr (871eadac56b0a4c6512bbe32753ccf79) CWindowssystem32driverspartmgr.sys
001509.0656 4696 partmgr - ok
001509.0750 4696 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) cprogram filesdell support centerpcdsrvc_x64.pkms
001509.0750 4696 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
001509.0765 4696 pci (94575c0571d1462a0f70bde6bd6ee6b3) CWindowssystem32driverspci.sys
001509.0765 4696 pci - ok
001509.0781 4696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) CWindowssystem32driverspciide.sys
001509.0781 4696 pciide - ok
001509.0812 4696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) CWindowssystem32DRIVERSpcmcia.sys
001509.0812 4696 pcmcia - ok
001509.0828 4696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) CWindowssystem32driverspcw.sys
001509.0828 4696 pcw - ok
001509.0875 4696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) CWindowssystem32driverspeauth.sys
001509.0875 4696 PEAUTH - ok
001509.0968 4696 phaudlwr (fe8af03efec0387fbbfcfd32e328db9a) CWindowssystem32DRIVERSphaudlwr.sys
001509.0968 4696 phaudlwr - ok
001510.0031 4696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) CWindowssystem32DRIVERSraspptp.sys
001510.0031 4696 PptpMiniport - ok
001510.0046 4696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) CWindowssystem32DRIVERSprocessr.sys
001510.0046 4696 Processor - ok
001510.0093 4696 Psched (0557cf5a2556bd58e26384169d72438d) CWindowssystem32DRIVERSpacer.sys
001510.0093 4696 Psched - ok
001510.0140 4696 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) CWindowssystem32DriversPxHlpa64.sys
001510.0140 4696 PxHlpa64 - ok
001510.0171 4696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) CWindowssystem32DRIVERSql2300.sys
001510.0202 4696 ql2300 - ok
001510.0218 4696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) CWindowssystem32DRIVERSql40xx.sys
001510.0218 4696 ql40xx - ok
001510.0233 4696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) CWindowssystem32driversqwavedrv.sys
001510.0233 4696 QWAVEdrv - ok
001510.0265 4696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) CWindowssystem32DRIVERSrasacd.sys
001510.0265 4696 RasAcd - ok
001510.0280 4696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) CWindowssystem32DRIVERSAgileVpn.sys
001510.0296 4696 RasAgileVpn - ok
001510.0327 4696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) CWindowssystem32DRIVERSrasl2tp.sys
001510.0327 4696 Rasl2tp - ok
001510.0374 4696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) CWindowssystem32DRIVERSraspppoe.sys
001510.0374 4696 RasPppoe - ok
001510.0405 4696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) CWindowssystem32DRIVERSrassstp.sys
001510.0405 4696 RasSstp - ok
001510.0436 4696 rdbss (77f665941019a1594d887a74f301fa2f) CWindowssystem32DRIVERSrdbss.sys
001510.0436 4696 rdbss - ok
001510.0452 4696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) CWindowssystem32DRIVERSrdpbus.sys
001510.0452 4696 rdpbus - ok
001510.0483 4696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) CWindowssystem32DRIVERSRDPCDD.sys
001510.0483 4696 RDPCDD - ok
001510.0499 4696 RDPENCDD (bb5971a4f00659529a5c44831af22365) CWindowssystem32driversrdpencdd.sys
001510.0499 4696 RDPENCDD - ok
001510.0530 4696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) CWindowssystem32driversrdprefmp.sys
001510.0530 4696 RDPREFMP - ok
001510.0561 4696 RDPWD (15b66c206b5cb095bab980553f38ed23) CWindowssystem32driversRDPWD.sys
001510.0577 4696 RDPWD - ok
001510.0592 4696 rdyboost (34ed295fa0121c241bfef24764fc4520) CWindowssystem32driversrdyboost.sys
001510.0592 4696 rdyboost - ok
001510.0623 4696 rspndr (ddc86e4f8e7456261e637e3552e804ff) CWindowssystem32DRIVERSrspndr.sys
001510.0623 4696 rspndr - ok
001510.0686 4696 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) CWindowssystem32DriversRtsUStor.sys
001510.0686 4696 RSUSBSTOR - ok
001510.0748 4696 RTL8167 (777fc2c418465404e3d8a290dc247d24) CWindowssystem32DRIVERSRt64win7.sys
001510.0748 4696 RTL8167 - ok
001510.0779 4696 sbp2port (ac03af3329579fffb455aa2daabbe22b) CWindowssystem32driverssbp2port.sys
001510.0779 4696 sbp2port - ok
001510.0811 4696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) CWindowssystem32DRIVERSscfilter.sys
001510.0811 4696 scfilter - ok
001510.0826 4696 secdrv (3ea8a16169c26afbeb544e0e48421186) CWindowssystem32driverssecdrv.sys
001510.0842 4696 secdrv - ok
001510.0904 4696 Serenum (cb624c0035412af0debec78c41f5ca1b) CWindowssystem32DRIVERSserenum.sys
001510.0904 4696 Serenum - ok
001510.0920 4696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) CWindowssystem32DRIVERSserial.sys
001510.0920 4696 Serial - ok
001510.0967 4696 sermouse (1c545a7d0691cc4a027396535691c3e3) CWindowssystem32DRIVERSsermouse.sys
001510.0967 4696 sermouse - ok
001511.0013 4696 sffdisk (a554811bcd09279536440c964ae35bbf) CWindowssystem32driverssffdisk.sys
001511.0013 4696 sffdisk - ok
001511.0029 4696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) CWindowssystem32driverssffp_mmc.sys
001511.0029 4696 sffp_mmc - ok
001511.0045 4696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) CWindowssystem32driverssffp_sd.sys
001511.0045 4696 sffp_sd - ok
001511.0076 4696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) CWindowssystem32DRIVERSsfloppy.sys
001511.0076 4696 sfloppy - ok
001511.0123 4696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) CWindowssystem32DRIVERSSiSRaid2.sys
001511.0123 4696 SiSRaid2 - ok
001511.0138 4696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) CWindowssystem32DRIVERSsisraid4.sys
001511.0138 4696 SiSRaid4 - ok
001511.0169 4696 Smb (548260a7b8654e024dc30bf8a7c5baa4) CWindowssystem32DRIVERSsmb.sys
001511.0169 4696 Smb - ok
001511.0232 4696 SPC1330 (88cc2a38b87925e1f6a6bb515014d05c) CWindowssystem32DRIVERSspc1330.sys
001511.0279 4696 SPC1330 - ok
001511.0294 4696 spldr (b9e31e5cacdfe584f34f730a677803f9) CWindowssystem32driversspldr.sys
001511.0294 4696 spldr - ok
001511.0388 4696 srv (441fba48bff01fdb9d5969ebc1838f0b) CWindowssystem32DRIVERSsrv.sys
001511.0388 4696 srv - ok
001511.0419 4696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) CWindowssystem32DRIVERSsrv2.sys
001511.0435 4696 srv2 - ok
001511.0450 4696 srvnet (27e461f0be5bff5fc737328f749538c3) CWindowssystem32DRIVERSsrvnet.sys
001511.0450 4696 srvnet - ok
001511.0497 4696 stexstor (f3817967ed533d08327dc73bc4d5542a) CWindowssystem32DRIVERSstexstor.sys
001511.0497 4696 stexstor - ok
001511.0575 4696 StillCam (decacb6921ded1a38642642685d77dac) CWindowssystem32DRIVERSserscan.sys
001511.0575 4696 StillCam - ok
001511.0591 4696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) CWindowssystem32driversswenum.sys
001511.0591 4696 swenum - ok
001511.0653 4696 Tcpip (fc62769e7bff2896035aeed399108162) CWindowssystem32driverstcpip.sys
001511.0684 4696 Tcpip - ok
001511.0747 4696 TCPIP6 (fc62769e7bff2896035aeed399108162) CWindowssystem32DRIVERStcpip.sys
001511.0747 4696 TCPIP6 - ok
001511.0778 4696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) CWindowssystem32driverstcpipreg.sys
001511.0778 4696 tcpipreg - ok
001511.0809 4696 TDPIPE (3371d21011695b16333a3934340c4e7c) CWindowssystem32driverstdpipe.sys
001511.0809 4696 TDPIPE - ok
001511.0825 4696 TDTCP (e4245bda3190a582d55ed09e137401a9) CWindowssystem32driverstdtcp.sys
001511.0825 4696 TDTCP - ok
001511.0856 4696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) CWindowssystem32DRIVERStdx.sys
001511.0856 4696 tdx - ok
001511.0903 4696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) CWindowssystem32driverstermdd.sys
001511.0903 4696 TermDD - ok
001511.0949 4696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) CWindowssystem32DRIVERStssecsrv.sys
001511.0949 4696 tssecsrv - ok
001511.0981 4696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) CWindowssystem32driverstsusbflt.sys
001511.0981 4696 TsUsbFlt - ok
001512.0027 4696 tunnel (3566a8daafa27af944f5d705eaa64894) CWindowssystem32DRIVERStunnel.sys
001512.0027 4696 tunnel - ok
001512.0043 4696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) CWindowssystem32DRIVERSuagp35.sys
001512.0043 4696 uagp35 - ok
001512.0074 4696 udfs (ff4232a1a64012baa1fd97c7b67df593) CWindowssystem32DRIVERSudfs.sys
001512.0074 4696 udfs - ok
001512.0105 4696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) CWindowssystem32driversuliagpkx.sys
001512.0105 4696 uliagpkx - ok
001512.0137 4696 umbus (dc54a574663a895c8763af0fa1ff7561) CWindowssystem32DRIVERSumbus.sys
001512.0137 4696 umbus - ok
001512.0152 4696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) CWindowssystem32DRIVERSumpass.sys
001512.0152 4696 UmPass - ok
001512.0199 4696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) CWindowssystem32Driversusbaapl64.sys
001512.0199 4696 USBAAPL64 - ok
001512.0246 4696 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) CWindowssystem32driversusbaudio.sys
001512.0246 4696 usbaudio - ok
001512.0277 4696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) CWindowssystem32DRIVERSusbccgp.sys
001512.0293 4696 usbccgp - ok
001512.0339 4696 usbcir (af0892a803fdda7492f595368e3b68e7) CWindowssystem32driversusbcir.sys
001512.0339 4696 usbcir - ok
001512.0355 4696 usbehci (c025055fe7b87701eb042095df1a2d7b) CWindowssystem32DRIVERSusbehci.sys
001512.0355 4696 usbehci - ok
001512.0386 4696 usbhub (287c6c9410b111b68b52ca298f7b8c24) CWindowssystem32DRIVERSusbhub.sys
001512.0386 4696 usbhub - ok
001512.0417 4696 usbohci (58e546bbaf87664fc57e0f6081e4f609) CWindowssystem32DRIVERSusbohci.sys
001512.0417 4696 usbohci - ok
001512.0433 4696 usbprint (73188f58fb384e75c4063d29413cee3d) CWindowssystem32DRIVERSusbprint.sys
001512.0433 4696 usbprint - ok
001512.0464 4696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) CWindowssystem32DRIVERSUSBSTOR.SYS
001512.0464 4696 USBSTOR - ok
001512.0480 4696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) CWindowssystem32DRIVERSusbuhci.sys
001512.0480 4696 usbuhci - ok
001512.0542 4696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) CWindowssystem32driversvdrvroot.sys
001512.0542 4696 vdrvroot - ok
001512.0558 4696 vga (da4da3f5e02943c2dc8c6ed875de68dd) CWindowssystem32DRIVERSvgapnp.sys
001512.0558 4696 vga - ok
001512.0573 4696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) CWindowsSystem32driversvga.sys
001512.0573 4696 VgaSave - ok
001512.0620 4696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) CWindowssystem32driversvhdmp.sys
001512.0620 4696 vhdmp - ok
001512.0667 4696 viaide (e5689d93ffe4e5d66c0178761240dd54) CWindowssystem32driversviaide.sys
001512.0667 4696 viaide - ok
001512.0698 4696 volmgr (d2aafd421940f640b407aefaaebd91b0) CWindowssystem32driversvolmgr.sys
001512.0698 4696 volmgr - ok
001512.0745 4696 volmgrx (a255814907c89be58b79ef2f189b843b) CWindowssystem32driversvolmgrx.sys
001512.0745 4696 volmgrx - ok
001512.0761 4696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) CWindowssystem32driversvolsnap.sys
001512.0761 4696 volsnap - ok
001512.0792 4696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) CWindowssystem32DRIVERSvsmraid.sys
001512.0792 4696 vsmraid - ok
001512.0807 4696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) CWindowssystem32DRIVERSvwifibus.sys
001512.0807 4696 vwifibus - ok
001512.0823 4696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) CWindowssystem32DRIVERSvwififlt.sys
001512.0823 4696 vwififlt - ok
001512.0839 4696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) CWindowssystem32DRIVERSwacompen.sys
001512.0839 4696 WacomPen - ok
001512.0854 4696 WANARP (356afd78a6ed4457169241ac3965230c) CWindowssystem32DRIVERSwanarp.sys
001512.0854 4696 WANARP - ok
001512.0870 4696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) CWindowssystem32DRIVERSwanarp.sys
001512.0870 4696 Wanarpv6 - ok
001512.0917 4696 Wd (72889e16ff12ba0f235467d6091b17dc) CWindowssystem32DRIVERSwd.sys
001512.0917 4696 Wd - ok
001512.0948 4696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) CWindowssystem32driversWdf01000.sys
001512.0948 4696 Wdf01000 - ok
001513.0026 4696 WfpLwf (611b23304bf067451a9fdee01fbdd725) CWindowssystem32DRIVERSwfplwf.sys
001513.0026 4696 WfpLwf - ok
001513.0057 4696 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) CWindowssystem32DRIVERSwimfltr.sys
001513.0057 4696 WimFltr - ok
001513.0073 4696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) CWindowssystem32driverswimmount.sys
001513.0088 4696 WIMMount - ok
001513.0119 4696 WinUsb (fe88b288356e7b47b74b13372add906d) CWindowssystem32DRIVERSWinUsb.sys
001513.0135 4696 WinUsb - ok
001513.0151 4696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) CWindowssystem32driverswmiacpi.sys
001513.0151 4696 WmiAcpi - ok
001513.0213 4696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) CWindowssystem32driversws2ifsl.sys
001513.0213 4696 ws2ifsl - ok
001513.0260 4696 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) CWindowssystem32DRIVERSWSDPrint.sys
001513.0260 4696 WSDPrintDevice - ok
001513.0291 4696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) CWindowssystem32driversWudfPf.sys
001513.0291 4696 WudfPf - ok
001513.0338 4696 WUDFRd (cf8d590be3373029d57af80914190682) CWindowssystem32DRIVERSWUDFRd.sys
001513.0338 4696 WUDFRd - ok
001513.0353 4696 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) DeviceHarddisk0DR0
001513.0431 4696 DeviceHarddisk0DR0 - ok
001513.0431 4696 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) DeviceHarddisk1DR1
001513.0447 4696 DeviceHarddisk1DR1 - ok
001513.0447 4696 Boot (0x1200) (7cdc77da22ea59a2f5f62b30082d529f) DeviceHarddisk0DR0Partition0
001513.0447 4696 DeviceHarddisk0DR0Partition0 - ok
001513.0463 4696 Boot (0x1200) (ba37b10aa64f3aa1a686b9d939799e77) DeviceHarddisk0DR0Partition1
001513.0463 4696 DeviceHarddisk0DR0Partition1 - ok
001513.0463 4696 Boot (0x1200) (5f6af2bd8588d4f27d42d6d83d357916) DeviceHarddisk1DR1Partition0
001513.0478 4696 DeviceHarddisk1DR1Partition0 - ok
001513.0478 4696 ============================================================
001513.0478 4696 Scan finished
001513.0478 4696 ============================================================
001513.0478 3192 Detected object count 0
001513.0478 3192 Actual detected object count 0
001517.0441 2068 ============================================================
001517.0441 2068 Scan started
001517.0441 2068 Mode Manual;
001517.0441 2068 ============================================================
001517.0612 2068 1394ohci (a87d604aea360176311474c87a63bb88) CWindowssystem32drivers1394ohci.sys
001517.0612 2068 1394ohci - ok
001517.0628 2068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) CWindowssystem32driversACPI.sys
001517.0628 2068 ACPI - ok
001517.0659 2068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) CWindowssystem32driversacpipmi.sys
001517.0659 2068 AcpiPmi - ok
001517.0690 2068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) CWindowssystem32DRIVERSadp94xx.sys
001517.0690 2068 adp94xx - ok
001517.0706 2068 adpahci (597f78224ee9224ea1a13d6350ced962) CWindowssystem32DRIVERSadpahci.sys
001517.0706 2068 adpahci - ok
001517.0737 2068 adpu320 (e109549c90f62fb570b9540c4b148e54) CWindowssystem32DRIVERSadpu320.sys
001517.0737 2068 adpu320 - ok
001517.0768 2068 AFD (d5b031c308a409a0a576bff4cf083d30) CWindowssystem32driversafd.sys
001517.0768 2068 AFD - ok
001517.0784 2068 agp440 (608c14dba7299d8cb6ed035a68a15799) CWindowssystem32driversagp440.sys
001517.0784 2068 agp440 - ok
001517.0831 2068 aliide (5812713a477a3ad7363c7438ca2ee038) CWindowssystem32driversaliide.sys
001517.0831 2068 aliide - ok
001517.0846 2068 amdide (1ff8b4431c353ce385c875f194924c0c) CWindowssystem32driversamdide.sys
001517.0846 2068 amdide - ok
001517.0877 2068 AmdK8 (7024f087cff1833a806193ef9d22cda9) CWindowssystem32DRIVERSamdk8.sys
001517.0877 2068 AmdK8 - ok
001518.0018 2068 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) CWindowssystem32DRIVERSatikmdag.sys
001518.0033 2068 amdkmdag - ok
001518.0065 2068 amdkmdap (6b4e9261b613b047a9a145f328889968) CWindowssystem32DRIVERSatikmpag.sys
001518.0065 2068 amdkmdap - ok
001518.0065 2068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) CWindowssystem32DRIVERSamdppm.sys
001518.0065 2068 AmdPPM - ok
001518.0096 2068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) CWindowssystem32driversamdsata.sys
001518.0096 2068 amdsata - ok
001518.0111 2068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) CWindowssystem32DRIVERSamdsbs.sys
001518.0111 2068 amdsbs - ok
001518.0127 2068 amdxata (540daf1cea6094886d72126fd7c33048) CWindowssystem32driversamdxata.sys
001518.0127 2068 amdxata - ok
001518.0158 2068 AppID (89a69c3f2f319b43379399547526d952) CWindowssystem32driversappid.sys
001518.0158 2068 AppID - ok
001518.0205 2068 arc (c484f8ceb1717c540242531db7845c4e) CWindowssystem32DRIVERSarc.sys
001518.0205 2068 arc - ok
001518.0221 2068 arcsas (019af6924aefe7839f61c830227fe79c) CWindowssystem32DRIVERSarcsas.sys
001518.0221 2068 arcsas - ok
001518.0236 2068 AsyncMac (769765ce2cc62867468cea93969b2242) CWindowssystem32DRIVERSasyncmac.sys
001518.0236 2068 AsyncMac - ok
001518.0267 2068 atapi (02062c0b390b7729edc9e69c680a6f3c) CWindowssystem32driversatapi.sys
001518.0267 2068 atapi - ok
001518.0314 2068 athr (195786ed7a26e1913a4f9799fdbc2c71) CWindowssystem32DRIVERSathrx.sys
001518.0314 2068 athr - ok
001518.0345 2068 AtiHdmiService (77c149e6d702737b2e372dee166faef8) CWindowssystem32driversAtiHdmi.sys
001518.0345 2068 AtiHdmiService - ok
001518.0377 2068 b06bdrv (3e5b191307609f7514148c6832bb0842) CWindowssystem32DRIVERSbxvbda.sys
001518.0377 2068 b06bdrv - ok
001518.0392 2068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) CWindowssystem32DRIVERSb57nd60a.sys
001518.0392 2068 b57nd60a - ok
001518.0423 2068 Beep (16a47ce2decc9b099349a5f840654746) CWindowssystem32driversBeep.sys
001518.0423 2068 Beep - ok
001518.0439 2068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) CWindowssystem32DRIVERSblbdrive.sys
001518.0439 2068 blbdrive - ok
001518.0470 2068 bowser (6c02a83164f5cc0a262f4199f0871cf5) CWindowssystem32DRIVERSbowser.sys
001518.0470 2068 bowser - ok
001518.0486 2068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) CWindowssystem32DRIVERSBrFiltLo.sys
001518.0486 2068 BrFiltLo - ok
001518.0501 2068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) CWindowssystem32DRIVERSBrFiltUp.sys
001518.0501 2068 BrFiltUp - ok
001518.0533 2068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) CWindowsSystem32DriversBrserid.sys
001518.0533 2068 Brserid - ok
001518.0548 2068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) CWindowsSystem32DriversBrSerWdm.sys
001518.0548 2068 BrSerWdm - ok
001518.0579 2068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) CWindowsSystem32DriversBrUsbMdm.sys
001518.0579 2068 BrUsbMdm - ok
001518.0595 2068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) CWindowsSystem32DriversBrUsbSer.sys
001518.0595 2068 BrUsbSer - ok
001518.0611 2068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) CWindowssystem32DRIVERSbthmodem.sys
001518.0611 2068 BTHMODEM - ok
001518.0626 2068 cdfs (b8bd2bb284668c84865658c77574381a) CWindowssystem32DRIVERScdfs.sys
001518.0626 2068 cdfs - ok
001518.0673 2068 cdrom (f036ce71586e93d94dab220d7bdf4416) CWindowssystem32DRIVERScdrom.sys
001518.0673 2068 cdrom - ok
001518.0689 2068 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) CWindowssystem32driverscfwids.sys
001518.0689 2068 cfwids - ok
001518.0704 2068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) CWindowssystem32DRIVERScirclass.sys
001518.0704 2068 circlass - ok
001518.0720 2068 CLFS (fe1ec06f2253f691fe36217c592a0206) CWindowssystem32CLFS.sys
001518.0735 2068 CLFS - ok
001518.0751 2068 CmBatt (0840155d0bddf1190f84a663c284bd33) CWindowssystem32DRIVERSCmBatt.sys
001518.0751 2068 CmBatt - ok
001518.0782 2068 cmdide (e19d3f095812725d88f9001985b94edd) CWindowssystem32driverscmdide.sys
001518.0782 2068 cmdide - ok
001518.0829 2068 CNG (d5fea92400f12412b3922087c09da6a5) CWindowssystem32Driverscng.sys
001518.0829 2068 CNG - ok
001518.0845 2068 Compbatt (102de219c3f61415f964c88e9085ad14) CWindowssystem32DRIVERScompbatt.sys
001518.0845 2068 Compbatt - ok
001518.0876 2068 CompositeBus (03edb043586cceba243d689bdda370a8) CWindowssystem32driversCompositeBus.sys
001518.0876 2068 CompositeBus - ok
001518.0907 2068 crcdisk (1c827878a998c18847245fe1f34ee597) CWindowssystem32DRIVERScrcdisk.sys
001518.0907 2068 crcdisk - ok
001518.0938 2068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) CWindowssystem32Driversdfsc.sys
001518.0938 2068 DfsC - ok
001518.0954 2068 discache (13096b05847ec78f0977f2c0f79e9ab3) CWindowssystem32driversdiscache.sys
001518.0954 2068 discache - ok
001518.0969 2068 Disk (9819eee8b5ea3784ec4af3b137a5244c) CWindowssystem32DRIVERSdisk.sys
001518.0969 2068 Disk - ok
001519.0001 2068 drmkaud (9b19f34400d24df84c858a421c205754) CWindowssystem32driversdrmkaud.sys
001519.0001 2068 drmkaud - ok
001519.0032 2068 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) CWindowssystem32DRIVERSdtsoftbus01.sys
001519.0032 2068 dtsoftbus01 - ok
001519.0063 2068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) CWindowsSystem32driversdxgkrnl.sys
001519.0063 2068 DXGKrnl - ok
001519.0079 2068 EagleX64 - ok
001519.0141 2068 ebdrv (dc5d737f51be844d8c82c695eb17372f) CWindowssystem32DRIVERSevbda.sys
001519.0141 2068 ebdrv - ok
001519.0188 2068 elxstor (0e5da5369a0fcaea12456dd852545184) CWindowssystem32DRIVERSelxstor.sys
001519.0188 2068 elxstor - ok
001519.0219 2068 ErrDev (34a3c54752046e79a126e15c51db409b) CWindowssystem32driverserrdev.sys
001519.0219 2068 ErrDev - ok
001519.0250 2068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) CWindowssystem32driversexfat.sys
001519.0250 2068 exfat - ok
001519.0266 2068 fastfat (0adc83218b66a6db380c330836f3e36d) CWindowssystem32driversfastfat.sys
001519.0266 2068 fastfat - ok
001519.0281 2068 fdc (d765d19cd8ef61f650c384f62fac00ab) CWindowssystem32DRIVERSfdc.sys
001519.0281 2068 fdc - ok
001519.0313 2068 FileInfo (655661be46b5f5f3fd454e2c3095b930) CWindowssystem32driversfileinfo.sys
001519.0313 2068 FileInfo - ok
001519.0328 2068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) CWindowssystem32driversfiletrace.sys
001519.0328 2068 Filetrace - ok
001519.0344 2068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) CWindowssystem32DRIVERSflpydisk.sys
001519.0344 2068 flpydisk - ok
 
001519.0359 2068 FltMgr (da6b67270fd9db3697b20fce94950741) CWindowssystem32driversfltmgr.sys
001519.0359 2068 FltMgr - ok
001519.0375 2068 FsDepends (d43703496149971890703b4b1b723eac) CWindowssystem32driversFsDepends.sys
001519.0375 2068 FsDepends - ok
001519.0391 2068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) CWindowssystem32driversFs_Rec.sys
001519.0391 2068 Fs_Rec - ok
001519.0422 2068 fvevol (1f7b25b858fa27015169fe95e54108ed) CWindowssystem32DRIVERSfvevol.sys
001519.0422 2068 fvevol - ok
001519.0437 2068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) CWindowssystem32DRIVERSgagp30kx.sys
001519.0437 2068 gagp30kx - ok
001519.0484 2068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) CWindowssystem32DRIVERSGEARAspiWDM.sys
001519.0484 2068 GEARAspiWDM - ok
001519.0515 2068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) CWindowssystem32drivershcw85cir.sys
001519.0515 2068 hcw85cir - ok
001519.0531 2068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) CWindowssystem32driversHDAudBus.sys
001519.0531 2068 HDAudBus - ok
001519.0547 2068 HidBatt (78e86380454a7b10a5eb255dc44a355f) CWindowssystem32DRIVERSHidBatt.sys
001519.0547 2068 HidBatt - ok
001519.0562 2068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) CWindowssystem32DRIVERShidbth.sys
001519.0562 2068 HidBth - ok
001519.0578 2068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) CWindowssystem32DRIVERShidir.sys
001519.0578 2068 HidIr - ok
001519.0609 2068 HidUsb (9592090a7e2b61cd582b612b6df70536) CWindowssystem32DRIVERShidusb.sys
001519.0609 2068 HidUsb - ok
001519.0640 2068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) CWindowssystem32driversHpSAMD.sys
001519.0640 2068 HpSAMD - ok
001519.0687 2068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) CWindowssystem32driversHTTP.sys
001519.0687 2068 HTTP - ok
001519.0718 2068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) CWindowssystem32drivershwpolicy.sys
001519.0718 2068 hwpolicy - ok
001519.0749 2068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) CWindowssystem32driversi8042prt.sys
001519.0749 2068 i8042prt - ok
001519.0781 2068 iaStor (abbf174cb394f5c437410a788b7e404a) CWindowssystem32DRIVERSiaStor.sys
001519.0796 2068 iaStor - ok
001519.0827 2068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) CWindowssystem32driversiaStorV.sys
001519.0827 2068 iaStorV - ok
001519.0859 2068 iirsp (5c18831c61933628f5bb0ea2675b9d21) CWindowssystem32DRIVERSiirsp.sys
001519.0859 2068 iirsp - ok
001519.0905 2068 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) CWindowssystem32driversRTKVHD64.sys
001519.0905 2068 IntcAzAudAddService - ok
001519.0937 2068 intelide (f00f20e70c6ec3aa366910083a0518aa) CWindowssystem32driversintelide.sys
001519.0937 2068 intelide - ok
001519.0937 2068 intelppm (ada036632c664caa754079041cf1f8c1) CWindowssystem32DRIVERSintelppm.sys
001519.0937 2068 intelppm - ok
001519.0983 2068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) CWindowssystem32DRIVERSipfltdrv.sys
001519.0983 2068 IpFilterDriver - ok
001519.0999 2068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) CWindowssystem32driversIPMIDrv.sys
001519.0999 2068 IPMIDRV - ok
001520.0030 2068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) CWindowssystem32driversipnat.sys
001520.0030 2068 IPNAT - ok
001520.0061 2068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) CWindowssystem32driversirenum.sys
001520.0061 2068 IRENUM - ok
001520.0077 2068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) CWindowssystem32driversisapnp.sys
001520.0093 2068 isapnp - ok
001520.0124 2068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) CWindowssystem32driversmsiscsi.sys
001520.0124 2068 iScsiPrt - ok
001520.0155 2068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) CWindowssystem32DRIVERSkbdclass.sys
001520.0155 2068 kbdclass - ok
001520.0171 2068 kbdhid (0705eff5b42a9db58548eec3b26bb484) CWindowssystem32DRIVERSkbdhid.sys
001520.0171 2068 kbdhid - ok
001520.0202 2068 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) CWindowssystem32Driversksecdd.sys
001520.0202 2068 KSecDD - ok
001520.0233 2068 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) CWindowssystem32Driversksecpkg.sys
001520.0233 2068 KSecPkg - ok
001520.0249 2068 ksthunk (6869281e78cb31a43e969f06b57347c4) CWindowssystem32driversksthunk.sys
001520.0249 2068 ksthunk - ok
001520.0280 2068 lltdio (1538831cf8ad2979a04c423779465827) CWindowssystem32DRIVERSlltdio.sys
001520.0280 2068 lltdio - ok
001520.0327 2068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) CWindowssystem32DRIVERSlsi_fc.sys
001520.0327 2068 LSI_FC - ok
001520.0327 2068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) CWindowssystem32DRIVERSlsi_sas.sys
001520.0342 2068 LSI_SAS - ok
001520.0342 2068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) CWindowssystem32DRIVERSlsi_sas2.sys
001520.0342 2068 LSI_SAS2 - ok
001520.0358 2068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) CWindowssystem32DRIVERSlsi_scsi.sys
001520.0358 2068 LSI_SCSI - ok
001520.0373 2068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) CWindowssystem32driversluafv.sys
001520.0373 2068 luafv - ok
001520.0405 2068 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) CWindowssystem32driversmbam.sys
001520.0405 2068 MBAMProtector - ok
001520.0436 2068 megasas (a55805f747c6edb6a9080d7c633bd0f4) CWindowssystem32DRIVERSmegasas.sys
001520.0436 2068 megasas - ok
001520.0451 2068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) CWindowssystem32DRIVERSMegaSR.sys
001520.0451 2068 MegaSR - ok
001520.0483 2068 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) CWindowssystem32driversmfeapfk.sys
001520.0483 2068 mfeapfk - ok
001520.0514 2068 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) CWindowssystem32driversmfeavfk.sys
001520.0514 2068 mfeavfk - ok
001520.0514 2068 mfeavfk01 - ok
001520.0545 2068 mfefirek (670dffe55e2f9ab99d9169c428bcece9) CWindowssystem32driversmfefirek.sys
001520.0545 2068 mfefirek - ok
001520.0576 2068 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) CWindowssystem32driversmfehidk.sys
001520.0576 2068 mfehidk - ok
001520.0592 2068 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) CWindowssystem32DRIVERSmfenlfk.sys
001520.0592 2068 mfenlfk - ok
001520.0607 2068 mferkdet (65776bd8029e409935b90de30bf99526) CWindowssystem32driversmferkdet.sys
001520.0607 2068 mferkdet - ok
001520.0639 2068 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) CWindowssystem32driversmfewfpk.sys
001520.0639 2068 mfewfpk - ok
001520.0654 2068 Modem (800ba92f7010378b09f9ed9270f07137) CWindowssystem32driversmodem.sys
001520.0654 2068 Modem - ok
001520.0685 2068 monitor (b03d591dc7da45ece20b3b467e6aadaa) CWindowssystem32DRIVERSmonitor.sys
001520.0685 2068 monitor - ok
001520.0717 2068 mouclass (7d27ea49f3c1f687d357e77a470aea99) CWindowssystem32DRIVERSmouclass.sys
001520.0717 2068 mouclass - ok
001520.0732 2068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) CWindowssystem32DRIVERSmouhid.sys
001520.0732 2068 mouhid - ok
001520.0763 2068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) CWindowssystem32driversmountmgr.sys
001520.0763 2068 mountmgr - ok
001520.0779 2068 mpio (a44b420d30bd56e145d6a2bc8768ec58) CWindowssystem32driversmpio.sys
001520.0779 2068 mpio - ok
001520.0810 2068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) CWindowssystem32driversmpsdrv.sys
001520.0810 2068 mpsdrv - ok
001520.0841 2068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) CWindowssystem32driversmrxdav.sys
001520.0857 2068 MRxDAV - ok
001520.0888 2068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) CWindowssystem32DRIVERSmrxsmb.sys
001520.0888 2068 mrxsmb - ok
001520.0919 2068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) CWindowssystem32DRIVERSmrxsmb10.sys
001520.0919 2068 mrxsmb10 - ok
001520.0935 2068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) CWindowssystem32DRIVERSmrxsmb20.sys
001520.0935 2068 mrxsmb20 - ok
001520.0966 2068 msahci (c25f0bafa182cbca2dd3c851c2e75796) CWindowssystem32driversmsahci.sys
001520.0966 2068 msahci - ok
001520.0982 2068 msdsm (db801a638d011b9633829eb6f663c900) CWindowssystem32driversmsdsm.sys
001520.0982 2068 msdsm - ok
001520.0997 2068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) CWindowssystem32driversMsfs.sys
001520.0997 2068 Msfs - ok
001521.0013 2068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) CWindowsSystem32driversmshidkmdf.sys
001521.0013 2068 mshidkmdf - ok
001521.0044 2068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) CWindowssystem32driversmsisadrv.sys
001521.0044 2068 msisadrv - ok
001521.0060 2068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) CWindowssystem32driversMSKSSRV.sys
001521.0060 2068 MSKSSRV - ok
001521.0091 2068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) CWindowssystem32driversMSPCLOCK.sys
001521.0091 2068 MSPCLOCK - ok
001521.0107 2068 MSPQM (4ed981241db27c3383d72092b618a1d0) CWindowssystem32driversMSPQM.sys
001521.0107 2068 MSPQM - ok
001521.0153 2068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) CWindowssystem32driversMsRPC.sys
001521.0153 2068 MsRPC - ok
001521.0169 2068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) CWindowssystem32driversmssmbios.sys
001521.0169 2068 mssmbios - ok
001521.0185 2068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) CWindowssystem32driversMSTEE.sys
001521.0185 2068 MSTEE - ok
001521.0200 2068 MTConfig (7ea404308934e675bffde8edf0757bcd) CWindowssystem32DRIVERSMTConfig.sys
001521.0200 2068 MTConfig - ok
001521.0216 2068 Mup (f9a18612fd3526fe473c1bda678d61c8) CWindowssystem32Driversmup.sys
001521.0216 2068 Mup - ok
001521.0247 2068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) CWindowssystem32DRIVERSnwifi.sys
001521.0247 2068 NativeWifiP - ok
001521.0294 2068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) CWindowssystem32driversndis.sys
001521.0309 2068 NDIS - ok
001521.0325 2068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) CWindowssystem32DRIVERSndiscap.sys
001521.0325 2068 NdisCap - ok
001521.0325 2068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) CWindowssystem32DRIVERSndistapi.sys
001521.0325 2068 NdisTapi - ok
001521.0356 2068 Ndisuio (136185f9fb2cc61e573e676aa5402356) CWindowssystem32DRIVERSndisuio.sys
001521.0356 2068 Ndisuio - ok
001521.0387 2068 NdisWan (53f7305169863f0a2bddc49e116c2e11) CWindowssystem32DRIVERSndiswan.sys
001521.0387 2068 NdisWan - ok
001521.0419 2068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) CWindowssystem32driversNDProxy.sys
001521.0419 2068 NDProxy - ok
001521.0434 2068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) CWindowssystem32DRIVERSnetbios.sys
001521.0434 2068 NetBIOS - ok
001521.0450 2068 NetBT (09594d1089c523423b32a4229263f068) CWindowssystem32DRIVERSnetbt.sys
001521.0450 2068 NetBT - ok
001521.0481 2068 nfrd960 (77889813be4d166cdab78ddba990da92) CWindowssystem32DRIVERSnfrd960.sys
001521.0481 2068 nfrd960 - ok
001521.0512 2068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) CWindowssystem32driversNpfs.sys
001521.0512 2068 Npfs - ok
001521.0528 2068 nsiproxy (e7f5ae18af4168178a642a9247c63001) CWindowssystem32driversnsiproxy.sys
001521.0528 2068 nsiproxy - ok
001521.0590 2068 Ntfs (a2f74975097f52a00745f9637451fdd8) CWindowssystem32driversNtfs.sys
001521.0590 2068 Ntfs - ok
001521.0606 2068 Null (9899284589f75fa8724ff3d16aed75c1) CWindowssystem32driversNull.sys
001521.0606 2068 Null - ok
001521.0637 2068 nvraid (0a92cb65770442ed0dc44834632f66ad) CWindowssystem32driversnvraid.sys
001521.0637 2068 nvraid - ok
001521.0668 2068 nvstor (dab0e87525c10052bf65f06152f37e4a) CWindowssystem32driversnvstor.sys
001521.0668 2068 nvstor - ok
001521.0699 2068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) CWindowssystem32driversnv_agp.sys
001521.0699 2068 nv_agp - ok
001521.0731 2068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) CWindowssystem32driversohci1394.sys
001521.0731 2068 ohci1394 - ok
001521.0762 2068 Parport (0086431c29c35be1dbc43f52cc273887) CWindowssystem32DRIVERSparport.sys
001521.0762 2068 Parport - ok
001521.0793 2068 partmgr (871eadac56b0a4c6512bbe32753ccf79) CWindowssystem32driverspartmgr.sys
001521.0793 2068 partmgr - ok
001521.0840 2068 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) cprogram filesdell support centerpcdsrvc_x64.pkms
001521.0840 2068 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
001521.0871 2068 pci (94575c0571d1462a0f70bde6bd6ee6b3) CWindowssystem32driverspci.sys
001521.0871 2068 pci - ok
001521.0902 2068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) CWindowssystem32driverspciide.sys
001521.0902 2068 pciide - ok
001521.0933 2068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) CWindowssystem32DRIVERSpcmcia.sys
001521.0933 2068 pcmcia - ok
001521.0949 2068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) CWindowssystem32driverspcw.sys
001521.0949 2068 pcw - ok
001521.0980 2068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) CWindowssystem32driverspeauth.sys
001521.0980 2068 PEAUTH - ok
001522.0011 2068 phaudlwr (fe8af03efec0387fbbfcfd32e328db9a) CWindowssystem32DRIVERSphaudlwr.sys
001522.0011 2068 phaudlwr - ok
001522.0043 2068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) CWindowssystem32DRIVERSraspptp.sys
001522.0043 2068 PptpMiniport - ok
001522.0074 2068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) CWindowssystem32DRIVERSprocessr.sys
001522.0074 2068 Processor - ok
001522.0105 2068 Psched (0557cf5a2556bd58e26384169d72438d) CWindowssystem32DRIVERSpacer.sys
001522.0105 2068 Psched - ok
001522.0121 2068 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) CWindowssystem32DriversPxHlpa64.sys
001522.0121 2068 PxHlpa64 - ok
001522.0152 2068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) CWindowssystem32DRIVERSql2300.sys
001522.0167 2068 ql2300 - ok
001522.0199 2068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) CWindowssystem32DRIVERSql40xx.sys
001522.0199 2068 ql40xx - ok
001522.0230 2068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) CWindowssystem32driversqwavedrv.sys
001522.0230 2068 QWAVEdrv - ok
001522.0261 2068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) CWindowssystem32DRIVERSrasacd.sys
001522.0261 2068 RasAcd - ok
001522.0277 2068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) CWindowssystem32DRIVERSAgileVpn.sys
001522.0277 2068 RasAgileVpn - ok
001522.0308 2068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) CWindowssystem32DRIVERSrasl2tp.sys
001522.0308 2068 Rasl2tp - ok
001522.0323 2068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) CWindowssystem32DRIVERSraspppoe.sys
001522.0323 2068 RasPppoe - ok
001522.0339 2068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) CWindowssystem32DRIVERSrassstp.sys
001522.0339 2068 RasSstp - ok
001522.0370 2068 rdbss (77f665941019a1594d887a74f301fa2f) CWindowssystem32DRIVERSrdbss.sys
001522.0386 2068 rdbss - ok
001522.0401 2068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) CWindowssystem32DRIVERSrdpbus.sys
001522.0401 2068 rdpbus - ok
001522.0417 2068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) CWindowssystem32DRIVERSRDPCDD.sys
001522.0417 2068 RDPCDD - ok
001522.0464 2068 RDPENCDD (bb5971a4f00659529a5c44831af22365) CWindowssystem32driversrdpencdd.sys
001522.0464 2068 RDPENCDD - ok
001522.0479 2068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) CWindowssystem32driversrdprefmp.sys
001522.0479 2068 RDPREFMP - ok
001522.0526 2068 RDPWD (15b66c206b5cb095bab980553f38ed23) CWindowssystem32driversRDPWD.sys
001522.0526 2068 RDPWD - ok
001522.0557 2068 rdyboost (34ed295fa0121c241bfef24764fc4520) CWindowssystem32driversrdyboost.sys
001522.0557 2068 rdyboost - ok
001522.0589 2068 rspndr (ddc86e4f8e7456261e637e3552e804ff) CWindowssystem32DRIVERSrspndr.sys
001522.0589 2068 rspndr - ok
001522.0604 2068 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) CWindowssystem32DriversRtsUStor.sys
001522.0604 2068 RSUSBSTOR - ok
001522.0635 2068 RTL8167 (777fc2c418465404e3d8a290dc247d24) CWindowssystem32DRIVERSRt64win7.sys
001522.0635 2068 RTL8167 - ok
001522.0667 2068 sbp2port (ac03af3329579fffb455aa2daabbe22b) CWindowssystem32driverssbp2port.sys
001522.0667 2068 sbp2port - ok
001522.0698 2068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) CWindowssystem32DRIVERSscfilter.sys
001522.0698 2068 scfilter - ok
001522.0729 2068 secdrv (3ea8a16169c26afbeb544e0e48421186) CWindowssystem32driverssecdrv.sys
001522.0729 2068 secdrv - ok
001522.0760 2068 Serenum (cb624c0035412af0debec78c41f5ca1b) CWindowssystem32DRIVERSserenum.sys
001522.0760 2068 Serenum - ok
001522.0776 2068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) CWindowssystem32DRIVERSserial.sys
001522.0776 2068 Serial - ok
001522.0807 2068 sermouse (1c545a7d0691cc4a027396535691c3e3) CWindowssystem32DRIVERSsermouse.sys
001522.0807 2068 sermouse - ok
001522.0838 2068 sffdisk (a554811bcd09279536440c964ae35bbf) CWindowssystem32driverssffdisk.sys
001522.0838 2068 sffdisk - ok
001522.0854 2068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) CWindowssystem32driverssffp_mmc.sys
001522.0854 2068 sffp_mmc - ok
001522.0885 2068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) CWindowssystem32driverssffp_sd.sys
001522.0885 2068 sffp_sd - ok
001522.0916 2068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) CWindowssystem32DRIVERSsfloppy.sys
001522.0916 2068 sfloppy - ok
001522.0947 2068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) CWindowssystem32DRIVERSSiSRaid2.sys
001522.0947 2068 SiSRaid2 - ok
001522.0994 2068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) CWindowssystem32DRIVERSsisraid4.sys
001522.0994 2068 SiSRaid4 - ok
001523.0010 2068 Smb (548260a7b8654e024dc30bf8a7c5baa4) CWindowssystem32DRIVERSsmb.sys
001523.0010 2068 Smb - ok
001523.0088 2068 SPC1330 (88cc2a38b87925e1f6a6bb515014d05c) CWindowssystem32DRIVERSspc1330.sys
001523.0088 2068 SPC1330 - ok
001523.0135 2068 spldr (b9e31e5cacdfe584f34f730a677803f9) CWindowssystem32driversspldr.sys
001523.0135 2068 spldr - ok
001523.0181 2068 srv (441fba48bff01fdb9d5969ebc1838f0b) CWindowssystem32DRIVERSsrv.sys
001523.0181 2068 srv - ok
001523.0213 2068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) CWindowssystem32DRIVERSsrv2.sys
001523.0213 2068 srv2 - ok
001523.0244 2068 srvnet (27e461f0be5bff5fc737328f749538c3) CWindowssystem32DRIVERSsrvnet.sys
001523.0244 2068 srvnet - ok
001523.0244 2068 stexstor (f3817967ed533d08327dc73bc4d5542a) CWindowssystem32DRIVERSstexstor.sys
001523.0244 2068 stexstor - ok
001523.0275 2068 StillCam (decacb6921ded1a38642642685d77dac) CWindowssystem32DRIVERSserscan.sys
001523.0275 2068 StillCam - ok
001523.0291 2068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) CWindowssystem32driversswenum.sys
001523.0291 2068 swenum - ok
001523.0353 2068 Tcpip (fc62769e7bff2896035aeed399108162) CWindowssystem32driverstcpip.sys
001523.0353 2068 Tcpip - ok
001523.0384 2068 TCPIP6 (fc62769e7bff2896035aeed399108162) CWindowssystem32DRIVERStcpip.sys
001523.0400 2068 TCPIP6 - ok
001523.0431 2068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) CWindowssystem32driverstcpipreg.sys
001523.0431 2068 tcpipreg - ok
001523.0447 2068 TDPIPE (3371d21011695b16333a3934340c4e7c) CWindowssystem32driverstdpipe.sys
001523.0447 2068 TDPIPE - ok
001523.0462 2068 TDTCP (e4245bda3190a582d55ed09e137401a9) CWindowssystem32driverstdtcp.sys
001523.0462 2068 TDTCP - ok
001523.0493 2068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) CWindowssystem32DRIVERStdx.sys
001523.0493 2068 tdx - ok
001523.0509 2068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) CWindowssystem32driverstermdd.sys
001523.0509 2068 TermDD - ok
001523.0556 2068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) CWindowssystem32DRIVERStssecsrv.sys
001523.0556 2068 tssecsrv - ok
001523.0587 2068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) CWindowssystem32driverstsusbflt.sys
001523.0587 2068 TsUsbFlt - ok
001523.0603 2068 tunnel (3566a8daafa27af944f5d705eaa64894) CWindowssystem32DRIVERStunnel.sys
001523.0603 2068 tunnel - ok
001523.0634 2068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) CWindowssystem32DRIVERSuagp35.sys
001523.0634 2068 uagp35 - ok
001523.0665 2068 udfs (ff4232a1a64012baa1fd97c7b67df593) CWindowssystem32DRIVERSudfs.sys
001523.0665 2068 udfs - ok
001523.0696 2068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) CWindowssystem32driversuliagpkx.sys
001523.0696 2068 uliagpkx - ok
001523.0712 2068 umbus (dc54a574663a895c8763af0fa1ff7561) CWindowssystem32DRIVERSumbus.sys
001523.0712 2068 umbus - ok
001523.0727 2068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) CWindowssystem32DRIVERSumpass.sys
001523.0743 2068 UmPass - ok
001523.0759 2068 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) CWindowssystem32Driversusbaapl64.sys
001523.0759 2068 USBAAPL64 - ok
001523.0805 2068 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) CWindowssystem32driversusbaudio.sys
001523.0805 2068 usbaudio - ok
001523.0837 2068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) CWindowssystem32DRIVERSusbccgp.sys
001523.0837 2068 usbccgp - ok
001523.0868 2068 usbcir (af0892a803fdda7492f595368e3b68e7) CWindowssystem32driversusbcir.sys
001523.0868 2068 usbcir - ok
001523.0883 2068 usbehci (c025055fe7b87701eb042095df1a2d7b) CWindowssystem32DRIVERSusbehci.sys
001523.0883 2068 usbehci - ok
001523.0915 2068 usbhub (287c6c9410b111b68b52ca298f7b8c24) CWindowssystem32DRIVERSusbhub.sys
001523.0915 2068 usbhub - ok
001523.0946 2068 usbohci (58e546bbaf87664fc57e0f6081e4f609) CWindowssystem32DRIVERSusbohci.sys
001523.0946 2068 usbohci - ok
001523.0961 2068 usbprint (73188f58fb384e75c4063d29413cee3d) CWindowssystem32DRIVERSusbprint.sys
001523.0961 2068 usbprint - ok
001523.0993 2068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) CWindowssystem32DRIVERSUSBSTOR.SYS
001523.0993 2068 USBSTOR - ok
001524.0008 2068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) CWindowssystem32DRIVERSusbuhci.sys
001524.0008 2068 usbuhci - ok
001524.0039 2068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) CWindowssystem32driversvdrvroot.sys
001524.0039 2068 vdrvroot - ok
001524.0071 2068 vga (da4da3f5e02943c2dc8c6ed875de68dd) CWindowssystem32DRIVERSvgapnp.sys
001524.0071 2068 vga - ok
001524.0086 2068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) CWindowsSystem32driversvga.sys
001524.0086 2068 VgaSave - ok
001524.0133 2068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) CWindowssystem32driversvhdmp.sys
001524.0133 2068 vhdmp - ok
001524.0149 2068 viaide (e5689d93ffe4e5d66c0178761240dd54) CWindowssystem32driversviaide.sys
001524.0149 2068 viaide - ok
001524.0164 2068 volmgr (d2aafd421940f640b407aefaaebd91b0) CWindowssystem32driversvolmgr.sys
001524.0164 2068 volmgr - ok
001524.0195 2068 volmgrx (a255814907c89be58b79ef2f189b843b) CWindowssystem32driversvolmgrx.sys
001524.0195 2068 volmgrx - ok
001524.0211 2068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) CWindowssystem32driversvolsnap.sys
001524.0227 2068 volsnap - ok
001524.0242 2068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) CWindowssystem32DRIVERSvsmraid.sys
001524.0242 2068 vsmraid - ok
001524.0258 2068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) CWindowssystem32DRIVERSvwifibus.sys
001524.0258 2068 vwifibus - ok
001524.0273 2068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) CWindowssystem32DRIVERSvwififlt.sys
001524.0273 2068 vwififlt - ok
001524.0320 2068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) CWindowssystem32DRIVERSwacompen.sys
001524.0320 2068 WacomPen - ok
001524.0336 2068 WANARP (356afd78a6ed4457169241ac3965230c) CWindowssystem32DRIVERSwanarp.sys
001524.0336 2068 WANARP - ok
001524.0336 2068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) CWindowssystem32DRIVERSwanarp.sys
001524.0336 2068 Wanarpv6 - ok
001524.0367 2068 Wd (72889e16ff12ba0f235467d6091b17dc) CWindowssystem32DRIVERSwd.sys
001524.0367 2068 Wd - ok
001524.0383 2068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) CWindowssystem32driversWdf01000.sys
001524.0383 2068 Wdf01000 - ok
001524.0398 2068 WfpLwf (611b23304bf067451a9fdee01fbdd725) CWindowssystem32DRIVERSwfplwf.sys
001524.0398 2068 WfpLwf - ok
001524.0461 2068 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) CWindowssystem32DRIVERSwimfltr.sys
001524.0461 2068 WimFltr - ok
001524.0492 2068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) CWindowssystem32driverswimmount.sys
001524.0492 2068 WIMMount - ok
001524.0523 2068 WinUsb (fe88b288356e7b47b74b13372add906d) CWindowssystem32DRIVERSWinUsb.sys
001524.0523 2068 WinUsb - ok
001524.0554 2068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) CWindowssystem32driverswmiacpi.sys
001524.0554 2068 WmiAcpi - ok
001524.0570 2068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) CWindowssystem32driversws2ifsl.sys
001524.0570 2068 ws2ifsl - ok
001524.0601 2068 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) CWindowssystem32DRIVERSWSDPrint.sys
001524.0601 2068 WSDPrintDevice - ok
001524.0632 2068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) CWindowssystem32driversWudfPf.sys
001524.0632 2068 WudfPf - ok
001524.0648 2068 WUDFRd (cf8d590be3373029d57af80914190682) CWindowssystem32DRIVERSWUDFRd.sys
001524.0648 2068 WUDFRd - ok
001524.0663 2068 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) DeviceHarddisk0DR0
001524.0710 2068 DeviceHarddisk0DR0 - ok
001524.0710 2068 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) DeviceHarddisk1DR1
001524.0726 2068 DeviceHarddisk1DR1 - ok
001524.0726 2068 Boot (0x1200) (7cdc77da22ea59a2f5f62b30082d529f) DeviceHarddisk0DR0Partition0
001524.0726 2068 DeviceHarddisk0DR0Partition0 - ok
001524.0741 2068 Boot (0x1200) (ba37b10aa64f3aa1a686b9d939799e77) DeviceHarddisk0DR0Partition1
001524.0741 2068 DeviceHarddisk0DR0Partition1 - ok
001524.0741 2068 Boot (0x1200) (5f6af2bd8588d4f27d42d6d83d357916) DeviceHarddisk1DR1Partition0
001524.0757 2068 DeviceHarddisk1DR1Partition0 - ok
001524.0757 2068 ============================================================
001524.0757 2068 Scan finished
001524.0757 2068 ============================================================
001524.0757 6288 Detected object count 0
001524.0757 6288 Actual detected object count 0
 
aswMBR log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-25 00:33:04
-----------------------------
00:33:04.826 OS Version: Windows x64 6.1.7601 Service Pack 1
00:33:04.826 Number of processors: 8 586 0x1A05
00:33:04.826 ComputerName: AARONROSS-PC UserName: Aaron Ross
00:33:08.414 Initialize success
00:51:15.201 AVAST engine defs: 11122401
01:04:46.852 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:04:46.852 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 3
01:04:46.867 Disk 0 MBR read successfully
01:04:46.867 Disk 0 MBR scan
01:04:46.867 Disk 0 Windows VISTA default MBR code
01:04:46.883 Service scanning
01:04:47.835 Modules scanning
01:04:47.835 Disk 0 trace - called modules:
01:04:47.866 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:04:47.866 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aed6060]
01:04:47.866 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab6c050]
01:04:49.083 AVAST engine scan C:\Windows
01:04:51.719 AVAST engine scan C:\Windows\system32
01:06:09.126 AVAST engine scan C:\Windows\system32\drivers
01:06:17.862 AVAST engine scan C:\Users\Aaron Ross
01:15:52.833 AVAST engine scan C:\ProgramData
01:23:44.765 Scan finished successfully
01:26:23.916 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Ross\Desktop\MBR.dat"
01:26:23.916 The log file has been saved successfully to "C:\Users\Aaron Ross\Desktop\aswMBR.txt"
01:26:59.006 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Ross\Desktop\MBR.dat"
01:26:59.021 The log file has been saved successfully to "C:\Users\Aaron Ross\Desktop\aswMBR2.txt"
 
ComboFixLog:

ComboFix 11-12-20.04 - Aaron Ross 12/25/2011 1:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9425 [GMT -5:00]
Running from: c:\users\Aaron Ross\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2307D429-A4E0-43E0-A317-4A843A04BEFE}.xps
c:\users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89E1BD1D-AB4C-4AE3-9459-E3CD30EE7A06}.xps
c:\users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9EDA50E0-2EC1-4C4A-86D9-D871A41EDB68}.xps
c:\windows\vspc1330.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-16 13:28 . 2011-12-23 21:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-16 13:07 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-16 13:07 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-16 13:07 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 13:07 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 13:07 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-16 13:07 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:08 . 2011-12-15 00:08 -------- d-----w- c:\program files (x86)\EASEUS
2011-12-14 23:32 . 2011-12-14 23:32 -------- d-----w- c:\program files (x86)\Passware
2011-12-13 22:51 . 2011-12-13 22:54 -------- d-----w- C:\Log
2011-12-13 22:51 . 2011-12-14 02:16 -------- d-----w- c:\program files (x86)\Stellar Phoenix Windows Data Recovery
2011-12-09 14:55 . 2011-12-09 14:55 -------- d-----w- c:\users\Aaron Ross\AppData\Local\WB Games
2011-12-09 10:51 . 2011-12-16 12:41 -------- d-----w- c:\program files (x86)\The Lord of the Rings - War in the North
2011-12-06 05:01 . 2011-12-16 12:41 -------- d-----w- c:\program files (x86)\Yontoo
2011-12-06 00:36 . 2011-12-06 00:37 -------- d-----w- c:\users\Aaron Ross\AppData\Local\dxhr
2011-12-06 00:35 . 2011-12-06 00:35 -------- d-----w- c:\users\Aaron Ross\AppData\Local\28050
2011-12-05 04:13 . 2011-12-17 02:33 -------- d-----w- c:\program files (x86)\LIMBO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 19:32 . 2011-02-19 06:11 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16 . 2011-02-19 06:11 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-10-14 04:28 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2010-10-14 04:28 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-10-14 04:28 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-14 04:28 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-10-14 04:28 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2010-10-14 04:28 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-10-14 04:28 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 18:16 . 2010-10-14 04:28 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-09-29 16:29 . 2011-11-09 05:41 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-23 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Aaron Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 SPC1330;USB2.0 PC Camera (SPC1330);c:\windows\system32\DRIVERS\spc1330.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-23 04:09]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291757901-1728682472-3769939207-1001Core.job
- c:\users\Aaron Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 20:28]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291757901-1728682472-3769939207-1001UA.job
- c:\users\Aaron Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 20:28]
.
2011-12-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2011-12-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2011-12-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
2011-12-20 c:\windows\Tasks\WebReg HP Photosmart Plus B209a-m.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 00:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-10-29 4775176]
"PLF1330"="c:\windows\PLF1330.exe" [2010-01-05 40960]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 71.252.0.12 71.242.0.12 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SPC1330 - c:\windows\vspc1330.exe
Toolbar-Locked - (no file)
HKLM-Run-spc1330 - c:\windows\vspc1330.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Excel Key Demo - h:\documents\HCC\IST166\Labs\Lab5\demos\un-xlkeyd.exe
AddRemove-uCertify M77-605 - c:\program files (x86)\uCertify\uninstall.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1291757901-1728682472-3769939207-1001\Software\SecuROM\License information*]
"datasecu"=hex:32,23,85,f7,62,01,ab,3c,18,99,f2,8d,f8,9c,69,01,e5,fe,83,40,d1,
ed,e8,0f,f3,4c,0b,d5,cc,0c,5c,c7,9e,8e,7a,af,8e,fc,80,37,90,7f,40,8a,95,73,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2011-12-25 01:39:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 06:39
.
Pre-Run: 671,394,983,936 bytes free
Post-Run: 673,365,336,064 bytes free
.
- - End Of File - - DDA4F3DA57AC6F551E807D2577C341BE
 
Okay, I don't know if this is a normal thing after ComboFix or not...
It is not allowing me to access anything on my computer..? It gives me the same error message: Illegal operation.. Something about the file being marked for deletion...? Help...?
 
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Click to expand...

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Log:

OTL logfile created on: 12/25/2011 1:34:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron Ross\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.02 Gb Available Physical Memory | 83.60% Memory free
23.98 Gb Paging File | 21.67 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 626.44 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 1.86 Gb Free Space | 49.87% Space Free | Partition Type: FAT32

Computer Name: AARONROSS-PC | User Name: Aaron Ross | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 13:32:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron Ross\Desktop\OTL.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/03 02:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/05 03:39:20 | 000,040,960 | ---- | M] (sonix) -- C:\Windows\PLF1330.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 02:26:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/14 02:23:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:22:48 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:22:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 02:22:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 02:22:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 02:22:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 02:22:29 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 02:22:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/03 02:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/30 04:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/08/11 19:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 19:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 19:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 19:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 19:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 19:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 19:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/16 08:02:20 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/19 01:05:24 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/19 01:03:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/04 02:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 02:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/19 12:47:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/30 18:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 14:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/29 01:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/05 03:41:40 | 003,297,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spc1330.sys -- (SPC1330) USB2.0 PC Camera (SPC1330)
DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/24 07:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/05 09:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/15 16:02:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/05 09:20:18 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron Ross\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Aaron Ross\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron Ross\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Aaron Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/25 01:34:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20111112061611.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111112061611.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLF1330] C:\Windows\PLF1330.exe (sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [spc1330] C:\Windows\vspc1330.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Aaron Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1291757901-1728682472-3769939207-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF2A45E9-F44F-4C78-9508-7EAA07F87FC7}: DhcpNameServer = 71.252.0.12 71.242.0.12 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 13:33:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron Ross\Desktop\OTL.exe
[2011/12/25 13:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/25 13:25:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\Desktop\Repair
[2011/12/25 01:34:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/25 00:01:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{3AE7AE78-EA52-4D66-941C-BE9251E1679A}
[2011/12/25 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{650268FD-9B96-4B09-8C3C-6794BFC7847C}
[2011/12/20 09:46:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/20 09:46:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/20 09:46:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/20 09:45:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/20 09:42:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 22:05:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\Desktop\gmer
[2011/12/19 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{716BF4DD-C949-4A8D-A472-185F948C0F0D}
[2011/12/19 18:49:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{2A4497C1-E830-474E-91C7-63BC1EDA3C69}
[2011/12/18 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{57E9318E-3240-4435-896A-84EB8D9E2F87}
[2011/12/18 09:36:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/17 23:36:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{7319A5BD-0833-4EB3-A4D2-60A37CCB8543}
[2011/12/17 23:36:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{A74FAF9D-1FB8-4D41-9CD9-B310ABA32212}
[2011/12/16 22:23:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{26E89422-35B7-44AF-9D7B-1782B5A8C27B}
[2011/12/16 22:23:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{87B7F786-2C84-4637-B46E-321CEF18EBE1}
[2011/12/16 08:28:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/16 07:45:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{DF8755D9-9D41-4251-B9AC-770926ED97FA}
[2011/12/16 07:44:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{204E13CB-DF52-48AE-94D9-013EED14B739}
[2011/12/16 00:22:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/16 00:06:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{815D3EFC-6261-4723-A7C6-9270CCF86DE5}
[2011/12/16 00:06:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{37BB5F2F-309E-44BE-9B58-CBF6FD5C8EF4}
[2011/12/14 19:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Free Edition 5.5.1
[2011/12/14 19:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2011/12/14 18:43:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\Desktop\steg
[2011/12/14 18:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passware
[2011/12/13 17:51:39 | 000,000,000 | ---D | C] -- C:\Log
[2011/12/13 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[2011/12/13 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{E978D518-E25F-43DD-BE18-5A5519A4EF7F}
[2011/12/13 00:00:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{5E747CED-EA27-4C72-A863-E9190BB9D4F9}
[2011/12/12 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{C7A26270-F531-49E8-8441-2A8FFBABB6AA}
[2011/12/12 12:00:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{7A3B1A57-AF42-4478-B062-380F0C3C529A}
[2011/12/11 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{02439AB9-D373-45BD-B539-1A1887FD6F30}
[2011/12/11 20:51:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{E636ECFF-EBA8-49E8-A362-F08ED59BE4B4}
[2011/12/10 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{A15EB08F-EC5C-4DDA-8FC5-1DC01B72B47A}
[2011/12/10 12:33:58 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{5387E63A-CCA7-4E17-A068-EBBDF398BB11}
[2011/12/09 09:55:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\WB Games
[2011/12/09 09:51:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\Documents\ALI213
[2011/12/09 09:47:02 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{83249385-F1CB-47B9-9444-EFEDF6AA10D5}
[2011/12/09 09:46:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{477F4219-42C2-45CC-8A78-D9F1956C0086}
[2011/12/09 05:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Lord of the Rings - War in the North
[2011/12/08 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{5F6ED367-36F5-49FE-8D30-EEF3C39B97E5}
[2011/12/08 20:01:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{4077CA25-ED6A-4520-8910-55B47D346B60}
[2011/12/08 08:01:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{DB982D8E-0852-4371-AFCC-9700374EA63E}
[2011/12/08 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{1E8A1BDD-2142-45CE-BCD9-D73582AC042E}
[2011/12/07 20:00:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{FF32EC4C-B788-4E3B-8F15-271DB37258C8}
[2011/12/07 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{79922A80-B92C-4204-8516-B4E42B77AA21}
[2011/12/06 00:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2011/12/05 19:36:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\dxhr
[2011/12/05 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\28050
[2011/12/05 16:26:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{C1ED5646-6DA3-4BE3-B380-64BF975DC12D}
[2011/12/05 16:26:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{749F9282-9B51-42D6-9F81-126E0257A78A}
[2011/12/04 23:13:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
[2011/12/04 23:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LIMBO
[2011/12/04 18:15:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{9FD68727-0EB3-47F4-931D-3CB96D9B846D}
[2011/12/04 18:15:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{4F592D35-CD1D-4261-B851-E043E6319764}
[2011/12/03 10:53:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{45BCA740-CEA1-441D-9D20-E22FCFA8ED3F}
[2011/12/03 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{25D14A3D-CEDB-4E58-AE10-59B9101ECF31}
[2011/12/02 08:56:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{C6DC4EC3-1EA3-41B2-BE6F-D8FE3B6A244E}
[2011/12/02 08:56:44 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{CF4FFCF2-1A2C-4D06-AE19-E6F4F47F7E7E}
[2011/12/01 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{AD1ADC70-9835-4819-BCD7-17A1E466C2EF}
[2011/12/01 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{268FA93E-8478-4C4F-8952-B33288C650B3}
[2011/11/28 16:54:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{456F7FE2-83C0-4C94-B1AE-07E034696E87}
[2011/11/28 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{ADAF9690-EA8D-4E0C-AE55-C40C08D7D454}
[2011/11/27 13:30:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{6B808D02-1C09-4FF7-8EE1-EE40BFF7B9E1}
[2011/11/27 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{F5094410-6D11-456F-8D96-455B48EB3150}
[2011/11/26 01:17:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{51731400-B673-4205-A201-ABD3725AAFF9}
[2011/11/26 01:17:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron Ross\AppData\Local\{2ADE73D4-A286-4CC2-88D5-4E2EA5C85BDB}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aaron Ross\Desktop\*.tmp files -> C:\Users\Aaron Ross\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 13:34:55 | 000,744,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/25 13:34:55 | 000,635,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/25 13:34:55 | 000,111,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/25 13:33:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1291757901-1728682472-3769939207-1001UA.job
[2011/12/25 13:32:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron Ross\Desktop\OTL.exe
[2011/12/25 13:31:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 13:31:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 13:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/25 13:24:29 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 12:09:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/25 01:34:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/25 00:21:15 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/20 09:15:38 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart Plus B209a-m.job
[2011/12/18 09:38:49 | 579,223,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/16 22:17:48 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 21:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/16 18:58:46 | 000,757,140 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/16 17:52:54 | 000,460,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/05 15:55:18 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1291757901-1728682472-3769939207-1001Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aaron Ross\Desktop\*.tmp files -> C:\Users\Aaron Ross\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 09:46:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/20 09:46:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/20 09:46:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/20 09:46:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/20 09:46:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/20 09:15:38 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart Plus B209a-m.job
[2011/12/19 21:23:36 | 3801,808,895 | ---- | C] () -- C:\Users\Aaron Ross\Desktop\boxcr2.iso
[2011/12/18 09:35:55 | 579,223,076 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/16 20:30:56 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/11/05 08:13:31 | 000,201,770 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/07/31 15:14:54 | 000,000,151 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/05/04 23:12:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/06 17:50:39 | 000,000,035 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2011/03/02 22:23:36 | 000,000,098 | ---- | C] () -- C:\Users\Aaron Ross\AppData\Local\fusioncache.dat
[2011/02/28 23:36:07 | 000,757,140 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 02:52:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/19 01:05:49 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/02/19 01:05:49 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/02/19 01:05:49 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/02/19 01:05:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/02/19 01:05:49 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/01/05 03:39:54 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2010/01/05 03:38:56 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 04:51:05 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/01 19:04:15 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\.minecraft
[2011/08/03 07:26:16 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\Babylon
[2011/03/24 22:24:14 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\DAEMON Tools Lite
[2011/07/31 02:38:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\FrostWire
[2011/06/28 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\go
[2011/07/31 08:51:19 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\Kernel for Windows Data Recovery
[2011/02/24 11:23:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\Leadertech
[2011/07/31 08:59:47 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\OfficeRecovery
[2011/05/12 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\ooVoo Details
[2011/05/17 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\Participatory Culture Foundation
[2011/05/17 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\PCF-VLC
[2011/03/31 16:31:30 | 000,000,000 | ---D | M] -- C:\Users\Aaron Ross\AppData\Roaming\Windows Live Writer
[2011/12/16 21:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/16 22:17:48 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 07:42:54 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/25 00:21:15 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/25 01:39:32 | 000,020,362 | ---- | M] () -- C:\ComboFix.txt
[2011/02/19 02:46:22 | 000,033,047 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/12/25 13:24:29 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/12/25 13:24:34 | 4285,452,286 | -HS- | M] () -- C:\pagefile.sys
[2011/12/25 00:16:48 | 000,153,758 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_25.12.2011_00.14.58_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/26 09:25:42 | 000,000,221 | -HS- | M] () -- C:\Users\Aaron Ross\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/25 13:32:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron Ross\Desktop\OTL.exe
[1 C:\Users\Aaron Ross\Desktop\*.tmp files -> C:\Users\Aaron Ross\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2010/01/05 03:38:48 | 000,013,022 | ---- | M] () -- C:\Windows\spc1330.src
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/07 23:14:19 | 000,000,402 | -HS- | M] () -- C:\Users\Aaron Ross\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/06 17:50:39 | 000,000,035 | ---- | M] () -- C:\ProgramData\CamSuite.ini
[2011/11/05 09:24:18 | 000,001,266 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:63238B95

< End of report >
 
Extras Log:

OTL Extras logfile created on: 12/25/2011 1:34:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron Ross\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.02 Gb Available Physical Memory | 83.60% Memory free
23.98 Gb Paging File | 21.67 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 626.44 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 1.86 Gb Free Space | 49.87% Space Free | Partition Type: FAT32

Computer Name: AARONROSS-PC | User Name: Aaron Ross | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12F8DD7F-331C-4DA1-969B-DE8065AF6605}" = Philips SPC1330NC Webcam
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.4
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}" = Catalyst Control Center Graphics Previews Vista
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = Assassins Creed Brotherhood version 1.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch
"{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian
"{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese
"{56158912-D481-DE3A-298C-E13B24E3A87C}" = Catalyst Control Center Graphics Full New
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy
"{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish
"{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE0F537-96FA-8F84-FB5E-570EE86F636A}" = Catalyst Control Center Core Implementation
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C4141417-4905-47B9-8515-1CAF55D20B1F}" = Remotebook SideShow Gadget
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9815885-6775-46D8-8B67-30214ECF83C3}" = Dell Stage
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}" = Catalyst Control Center Graphics Full Existing
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian
"{EA100873-8DD1-4505-2D61-9666569B54B6}" = Catalyst Control Center Graphics Light
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.05.8032
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Combat Arms" = Combat Arms
"DAEMON Tools Lite" = DAEMON Tools Lite
"Doom 3" = Doom 3
"Excel Key Demo" = Excel Key 8.1 Demo
"gatesofandaron_is1" = Gates of Andaron 3.4.1
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"Guild Wars" = Guild Wars
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 42910" = Magicka
"Steam App 72850" = The Elder Scrolls V: Skyrim
"uCertify M77-605" = uCeritify M77-605 - MCAS: Using Microsoft Office Access 2007
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1291757901-1728682472-3769939207-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2011 9:31:43 PM | Computer Name = AaronRoss-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msiexec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce79d93 Faulting module name: RPCRT4.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c96e Exception code: 0xc0000005 Fault offset: 0x0000000000013cb4 Faulting
process id: 0x15bc Faulting application start time: 0x01ccb049b21d8b54 Faulting application
path: C:\Windows\system32\msiexec.exe Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
Id: 636cfe4e-1c85-11e1-98f4-f04da23a686c

Error - 12/2/2011 6:00:04 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (4924) Asapi: (17:00:04:3600)(4924) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 12/2/2011 6:00:04 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (4924) Asapi: (17:00:04:3860)(4924) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 12/3/2011 6:00:03 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (17:00:03:2800)(10588) libAsapi.DynamicLoadedPlugin
- Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 12/3/2011 6:00:03 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (17:00:03:2800)(10588) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 12/4/2011 6:00:01 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (6732) Asapi: (17:00:01:0920)(6732) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 12/4/2011 6:00:01 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (6732) Asapi: (17:00:01:1240)(6732) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 12/5/2011 6:00:04 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (8204) Asapi: (17:00:04:5160)(8204) libAsapi.DynamicLoadedPlugin -
Error -- 64 Unable to load library 'S3LogPusher.dll'

Error - 12/5/2011 6:00:04 PM | Computer Name = AaronRoss-PC | Source = PC-Doctor | ID = 1
Description = (8204) Asapi: (17:00:04:5170)(8204) Asapi.State - Error -- 123 Plugin
S3LogPusher.dll failed to load.

Error - 12/6/2011 12:34:43 AM | Computer Name = AaronRoss-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.376.0, time
stamp: 0x4a163449 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc00000fd Fault offset: 0x0002fb4c Faulting process
id: 0x44c Faulting application start time: 0x01ccad328410be82 Faulting application
path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 9dbbdf3a-1fc3-11e1-98f4-f04da23a686c

[ Dell Events ]
Error - 9/28/2011 9:16:25 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/29/2011 8:34:29 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/29/2011 8:34:29 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/5/2011 8:55:47 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/5/2011 8:55:47 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/17/2011 12:23:18 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/17/2011 12:23:18 AM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2011 8:43:45 PM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2011 8:43:45 PM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2011 10:33:11 PM | Computer Name = AaronRoss-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 12/25/2011 1:00:56 AM | Computer Name = AaronRoss-PC | Source = DCOM | ID = 10016
Description =

Error - 12/25/2011 2:27:20 AM | Computer Name = AaronRoss-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 12/25/2011 2:27:20 AM | Computer Name = AaronRoss-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/25/2011 2:30:30 AM | Computer Name = AaronRoss-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/25/2011 2:32:16 AM | Computer Name = AaronRoss-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/25/2011 2:32:54 AM | Computer Name = AaronRoss-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/25/2011 2:32:56 AM | Computer Name = AaronRoss-PC | Source = DCOM | ID = 10010
Description =

Error - 12/25/2011 2:35:03 AM | Computer Name = AaronRoss-PC | Source = DCOM | ID = 10016
Description =

Error - 12/25/2011 2:23:51 PM | Computer Name = AaronRoss-PC | Source = DCOM | ID = 10010
Description =

Error - 12/25/2011 2:25:45 PM | Computer Name = AaronRoss-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
You didn't say:
How is computer doing?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab (Reg Error: Key error.)
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:63238B95

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
My system is running fairly well, I havn't had any abnormal issues since rebooting normally after using scans on the boot disk. However, the internet is really slow. I downloaded one of the scanners at 10 - 12 KB/s. Could this have to do with the virus and eating up broadband?

OTL Log:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
ADS C:\ProgramData\Temp:63238B95 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron Ross
->Temp folder emptied: 10547020 bytes
->Temporary Internet Files folder emptied: 663591737 bytes
->Java cache emptied: 1820465 bytes
->Google Chrome cache emptied: 31943121 bytes
->Apple Safari cache emptied: 6828032 bytes
->Flash cache emptied: 1116 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1077326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52470 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 683.00 mb


[EMPTYFLASH]

User: Aaron Ross
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12262011_004841

Files\Folders moved on Reboot...
C:\Users\Aaron Ross\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDLUO2X9\ai[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXN2FET8\adServer[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1BH0AWO\12[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1BH0AWO\facebook_com[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWZI7WJE\permalink[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3L6WEHCR\ai[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3L6WEHCR\topic174849[1].html moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
Security Check Log:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
ESETScan Log:

C:\Users\Aaron Ross\Music\iTunes\FrostWire\Incomplete\T-5835489-wow i can get sexual too new single.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned -quarantined

C:\Users\Aaron Ross\Music\iTunes\FrostWire\Saved\centerfied stellar kart (from new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Last OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron Ross
->Temp folder emptied: 28317 bytes
->Temporary Internet Files folder emptied: 23745428 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17227 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


[EMPTYFLASH]

User: Aaron Ross
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_193252

Files\Folders moved on Reboot...
C:\Users\Aaron Ross\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RVA1MVD\clkurl=;ord=1389646990[1].htm moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RVA1MVD\topic174849-2[1].html moved successfully.
C:\Users\Aaron Ross\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
My computer is running like a charm, now!

I owe you more thanks than I can put into words, Broni!
Thank you very, very much for all your help, and the time you put into this site.
I know that I am not the only one who has needed help; keep up the great work!

I did want to ask one more thing, however. I was interested in just reformatting my computer for factory settings; just because I want a "fresh start" from all my program files and whatnot. What is your thought on this, and would you recommend doing so?
 
You're very welcome
smiley_says_hello.gif


There is no really any need for reinstalling.

123172~13.GIF
 
You must log in or register to reply here.

Similar threads

Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
206
Squid Surprise
Squid Surprise
midian182
Automakers must bring back physical controls if they want the top safety rating in Europe
2
Replies
39
Views
782
BadThad
BadThad
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
481
eriksnyman1
E

Latest posts

Back