Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (6.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Logfile of random's system information tool 1.09 (written by random/random)
Run by Caleb at 2012-02-16 23:44:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 348 GB (36%) free of 954 GB
Total RAM: 4094 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:36 PM, on 2/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Caleb.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.velocitymicro.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
O4 - HKLM\..\Run: [FastFox] "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Dropbox.lnk = Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSIC0C7.tmp
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: lxdu_device - Unknown owner - C:\Windows\system32\lxducoms.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: S3D Service (Win64) - iZ3D Inc. - C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uvnc_service_gs - UltraVNC - C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13449 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.05514000.1714270066 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.05514180.1202944576 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507000.1037309215 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507180.776696128 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507300.602088124 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507480.1281630207 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507600.1398156043 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507780.852222904 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507900.1593264717 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=1084.04507A80.1931042460 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=1084.053AFC00.398220811 /prefetch:3
"C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe"
C:\Windows\system32\rundll32.exe "C:\Users\Caleb\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Caleb\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll" --lang=en-US --channel=1084.09500E00.1110287527 --flash-broker=2084 /prefetch:4
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=1084.0973D000.298334674 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=1084.07EE0600.435193656 /prefetch:3
"C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=1084.0C87A300.232616600 /prefetch:3
"C:\Users\Caleb\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default
prefs.js - "browser.startup.homepage" - "http://www.msn.com/?pc=Z192&install_date=20111012"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wtxpcom@mybrowserbar.com:4.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Javaâ,,¢ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Javaâ,,¢ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPMFireLauncher.dll
NPMFireLauncher.xpt
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml.old
eBay.xml
google.xml
wikipedia.xml
yahoo.xml
C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\extensions\
staged
{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\searchplugins\
bing-zugo.xml
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-08-06 75656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 825184]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2010-09-17 57928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-10-27 641400]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-12-08 5486464]
"Google Update"=C:\Users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2011-08-30 112400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gbridge]
C:\Program Files (x86)\Gbridge LLC\Gbridge\pstartw.exe [2010-06-10 90912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2010-09-17 57928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-04-01 17093512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Caleb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-01-18 24246216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Caleb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"FILE NAME"=C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe [2011-02-21 254976]
"Razer Naga Driver"=C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [2011-02-17 953744]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"TurboV EVO"=C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [2010-07-07 9936000]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-11-09 343168]
"KORG USB-MIDI Driver"=C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [2011-03-30 393616]
"FastFox"=C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe [2012-01-29 721412]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll [2010-01-28 104448]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi5"=KORGUM64.DRV
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-02-16 23:44:32 ----D---- C:\rsit
2012-02-16 23:44:32 ----D---- C:\Program Files\trend micro
2012-02-16 23:14:06 ----A---- C:\Windows\ntbtlog.txt
2012-02-10 14:49:44 ----D---- C:\AMD
2012-01-31 21:15:26 ----A---- C:\Windows\system32\drivers\hitmanpro36.sys
2012-01-31 21:13:59 ----D---- C:\Program Files\HitmanPro
2012-01-31 21:12:07 ----D---- C:\ProgramData\HitmanPro
2012-01-31 21:07:56 ----A---- C:\TDSSKiller.2.7.8.0_31.01.2012_21.07.56_log.txt
2012-01-31 00:39:17 ----D---- C:\Users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 00:38:55 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-01-31 00:38:55 ----D---- C:\Program Files\SUPERAntiSpyware
2012-01-31 00:35:01 ----D---- C:\Program Files (x86)\Trend Micro
2012-01-30 19:05:51 ----D---- C:\cinject_0.4.3
2012-01-30 18:41:39 ----D---- C:\Program Files (x86)\QuickTime
2012-01-30 18:40:48 ----D---- C:\Program Files (x86)\Safari
2012-01-29 22:40:16 ----D---- C:\Users\Caleb\AppData\Roaming\Spotify
2012-01-26 00:38:03 ----A---- C:\Windows\system32\schannel.dll
2012-01-26 00:38:02 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-26 00:38:02 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-26 00:38:02 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-26 00:38:02 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-26 00:38:01 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-26 00:38:01 ----A---- C:\Windows\system32\lsass.exe
2012-01-26 00:38:01 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-26 00:38:00 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-26 00:38:00 ----A---- C:\Windows\system32\webio.dll
2012-01-26 00:38:00 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-26 00:38:00 ----A---- C:\Windows\system32\sspicli.dll
2012-01-26 00:38:00 ----A---- C:\Windows\system32\secur32.dll
2012-01-26 00:37:59 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-19 00:41:56 ----D---- C:\Users\Caleb\AppData\Roaming\GlarySoft
2012-01-17 04:44:07 ----D---- C:\ProgramData\Intuit
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\wextract.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\url.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\occache.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\msls31.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\mshta.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\inseng.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\icardie.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2012-01-17 04:24:29 ----A---- C:\Windows\SYSWOW64\admparse.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\wininet.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\wextract.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\webcheck.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\vbscript.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\urlmon.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\url.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\pngfilt.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\occache.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\msrating.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\msls31.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\mshtmler.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\mshtmled.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\mshtml.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\mshta.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\msfeedssync.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\msfeeds.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\licmgr10.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\jsproxy.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\jscript9.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\jscript.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\inseng.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\imgutil.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iexpress.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieUnatt.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieui.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iesysprep.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iesetup.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iertutil.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iernonce.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iepeers.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieframe.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\iedkcs32.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieapfltr.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieapfltr.dat
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieakui.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieaksie.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ieakeng.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\ie4uinit.exe
2012-01-17 04:24:29 ----A---- C:\Windows\system32\icardie.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\dxtrans.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\dxtmsft.dll
2012-01-17 04:24:29 ----A---- C:\Windows\system32\admparse.dll
======List of files/folders modified in the last 1 month======
2012-02-16 23:44:34 ----D---- C:\Windows\Temp
2012-02-16 23:44:32 ----RD---- C:\Program Files
2012-02-16 23:14:06 ----D---- C:\Windows
2012-02-16 22:47:36 ----D---- C:\Users\Caleb\AppData\Roaming\uTorrent
2012-02-16 22:47:23 ----D---- C:\Windows\SoftwareDistribution
2012-02-16 22:13:34 ----D---- C:\Windows\System32
2012-02-16 22:13:34 ----D---- C:\Windows\inf
2012-02-16 22:13:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-16 04:27:05 ----D---- C:\ProgramData\LogMeIn
2012-02-15 09:53:34 ----D---- C:\Windows\Prefetch
2012-02-14 21:58:21 ----D---- C:\Windows\system32\config
2012-02-14 21:47:29 ----D---- C:\Windows\system32\catroot
2012-02-14 21:47:23 ----D---- C:\Windows\winsxs
2012-02-14 21:46:58 ----D---- C:\Windows\system32\catroot2
2012-02-14 21:44:39 ----SHD---- C:\System Volume Information
2012-02-13 22:15:33 ----D---- C:\Program Files (x86)\LogMeIn
2012-02-10 15:12:47 ----SHD---- C:\Windows\Installer
2012-02-10 14:44:33 ----D---- C:\Users\Caleb\AppData\Roaming\Dropbox
2012-02-10 14:43:46 ----A---- C:\Windows\system32\LMIRfsClientNP.dll
2012-02-10 14:43:45 ----A---- C:\Windows\system32\LMIport.dll
2012-02-10 14:43:45 ----A---- C:\Windows\system32\LMIinit.dll
2012-01-31 21:15:26 ----D---- C:\Windows\system32\drivers
2012-01-31 21:12:20 ----D---- C:\Program Files (x86)\Steam
2012-01-31 21:12:07 ----HD---- C:\ProgramData
2012-01-31 21:11:48 ----D---- C:\Windows\Logs
2012-01-31 21:11:48 ----D---- C:\Windows\debug
2012-01-31 00:35:01 ----RD---- C:\Program Files (x86)
2012-01-30 20:08:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-30 20:04:59 ----D---- C:\Program Files (x86)\AirPort
2012-01-30 19:51:17 ----D---- C:\Netgame
2012-01-30 19:29:23 ----D---- C:\Program Files (x86)\Pando Networks
2012-01-30 19:26:53 ----D---- C:\Users\Caleb\AppData\Roaming\SystemRequirementsLab
2012-01-30 19:16:03 ----D---- C:\Users\Caleb\AppData\Roaming\RIFT
2012-01-30 19:16:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-30 19:11:10 ----D---- C:\Program Files (x86)\Electronic Arts
2012-01-30 18:41:39 ----D---- C:\Windows\SysWOW64
2012-01-29 22:45:47 ----D---- C:\Program Files (x86)\Minilyrics
2012-01-29 22:37:01 ----D---- C:\ProgramData\NCH Software
2012-01-29 22:37:00 ----D---- C:\Program Files (x86)\NCH Software
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-26 00:01:30 ----D---- C:\Users\Caleb\AppData\Roaming\Skype
2012-01-20 16:30:47 ----D---- C:\Program Files (x86)\PS3 Media Server
2012-01-19 01:29:37 ----D---- C:\Windows\Tasks
2012-01-19 01:29:37 ----D---- C:\Windows\system32\wfp
2012-01-19 01:29:37 ----D---- C:\Windows\system32\wbem
2012-01-19 01:29:37 ----D---- C:\Windows\system32\DriverStore
2012-01-19 01:29:36 ----D---- C:\Windows\AppCompat
2012-01-19 01:29:36 ----D---- C:\Users\Caleb\AppData\Roaming\vlc
2012-01-19 01:29:36 ----D---- C:\Users\Caleb\AppData\Roaming\Rainmeter
2012-01-19 01:29:35 ----D---- C:\Program Files (x86)\Glary Utilities
2012-01-19 01:29:34 ----D---- C:\Windows\registration
2012-01-19 01:27:25 ----D---- C:\Windows\rescache
2012-01-18 06:23:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-01-18 02:24:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-18 00:30:46 ----D---- C:\Windows\SYSWOW64\migration
2012-01-18 00:30:46 ----D---- C:\Windows\SYSWOW64\en-US
2012-01-18 00:30:46 ----D---- C:\Program Files\Internet Explorer
2012-01-18 00:30:46 ----D---- C:\Program Files (x86)\Internet Explorer
2012-01-18 00:30:45 ----D---- C:\Windows\system32\migration
2012-01-18 00:30:45 ----D---- C:\Windows\system32\en-US
2012-01-18 00:30:45 ----D---- C:\Windows\PolicyDefinitions
2012-01-17 07:45:31 ----D---- C:\Users\Caleb\AppData\Roaming\IObit
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv91xx;mv91xx; C:\Windows\system32\drivers\mv91xx.sys [2010-08-27 297000]
R0 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys [2007-04-15 151848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\drivers\SiWinAcc.sys [2010-04-13 22568]
R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\drivers\SiRemFil.sys [2010-04-13 16936]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-27 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 gbridge;Gbridge Virtual Miniport; C:\Windows\system32\DRIVERS\gbridge64.sys [2009-10-12 48192]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-15 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-26 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-26 184968]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver; C:\Windows\system32\DRIVERS\rtl819xp.sys [2009-10-07 612352]
R3 RzSynapse;Razer Driver; C:\Windows\system32\DRIVERS\RzSynapse.sys [2010-12-16 126464]
R3 T2Fltr;Razer Nostromo; C:\Windows\system32\drivers\T2Fltr.sys [2011-01-16 22912]
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 165680]
R3 VJoystick;Virtual JoyStick KMDF HID Minidriver; C:\Windows\system32\DRIVERS\VJoystick.sys [2010-09-30 13312]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
S1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-05 13368]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
S1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2009-05-27 43704]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 128816]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta; C:\Windows\system32\DRIVERS\dualshock3_x64.sys [2011-05-25 16256]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2010-09-17 72216]
S3 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2007-12-19 209424]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-11-09 10567680]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-11-09 325632]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 BTCFilterService;USB Networking Driver Filter Service; C:\Windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-13 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-05-14 97056]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-05-14 131360]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-05-14 19872]
S3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-27 20336]
S3 iaStor;iaStor; C:\Windows\system32\drivers\iaStor.sys [2005-02-17 502784]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\Windows\System32\Drivers\KORGUM64.SYS [2011-03-30 33656]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2010-09-17 11552]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
S3 MegaSR1;MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [2009-07-08 462344]
S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 31744]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2011-03-31 30208]
S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 8576]
S3 Motousbnet;Motorola USB Networking Driver Service; C:\Windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2011-03-31 30208]
S3 motusbdevice;Motorola USB Dev Driver; C:\Windows\system32\DRIVERS\motusbdevice.sys []
S3 mv91cons;mv91cons; C:\Windows\system32\drivers\mv91cons.sys [2010-08-27 23080]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
S3 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2007-04-15 127272]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.; \??\C:\Windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver; C:\Windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290); C:\Windows\system32\DRIVERS\PTQHBUS.sys [2009-12-15 69264]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290); C:\Windows\system32\DRIVERS\PTQHMDM.sys [2009-12-15 177040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290); C:\Windows\system32\DRIVERS\PTQHVSP.sys [2009-12-15 177040]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-22 33184]
S3 RFCOMM;Bluetoot
Hi, cspence2393. Welcome to LandzDown Forum.
You did receive a reply at Geeks to Go on February 12. See http://www.geekstogo.com/forum/topic/313949-task-manager-cmd-notepad-etc-blocked-repeated-bootrec/page__view__findpost__p__2120218
From the partial log posted here, it appears you did run TDSSKiller as requested at Geeks to Go. Since someone has already begun helping you at GTG, will you be continuing there?
I returned to geekstogo every day to check and never had any notifications that anyone responded. I stopped checking the actual topic so I missed it. I can ask them to reopen my topic if you would prefer that.
The important thing is that you get help from one (and only one) site. It just confuses things to get different instructions from different sources at the same time. That's a prescription for turning a computer into a doorstop.
Besides G2G, what other site is/was helping you?
Your topic said you were referred here.
I suppose the choice of where to seek help is yours.
If you wish to proceed here, we will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
Due to the length of your log, the forum software cut off the end. Please go to C:\RSIT and launch log.txt. From there, scroll down toward the bottom and locate the line in bold below. Copy/paste the remainder of the log following that line and paste it in your next reply.
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-22 33184]
While you are in the RSIT folder, please open info.txt and post that log.
I note that you ran TDSSKiller. Please provide a copy of that log. It is located at C:\TDSSKiller.2.7.8.0_31.01.2012_21.07.56_log.txt
One last thing at this point. As I see you ran the logs in Safe mode with networking, are you unable to use the computer in normal mode?
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-22 33184]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-05-24 253728]
S3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8190p.sys [2008-08-07 556544]
S3 Si3124r5;Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [2010-04-13 340008]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-22 21328]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S3 VKbms;Virtual HID Minidriver; C:\Windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-11-09 204288]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
S2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-06-04 864032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 136176]
S2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2012-01-31 105800]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler; C:\Windows\Installer\MSIC0C7.tmp [2011-07-02 102400]
S2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-10 375176]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2012-02-10 147336]
S2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2010-11-08 407424]
S2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S2 lxdu_device;lxdu_device; C:\Windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 S3D Service (Win32);S3D Service (Win32); C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-18 360960]
S2 S3D Service (Win64);S3D Service (Win64); C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-18 614400]
S2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 uvnc_service_gs;uvnc_service_gs; C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-07 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-06-28 403240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-02-16 23:44:39
======Uninstall list======
-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
-->C:\Windows\CtDrvIns.exe -uninstall -script OA002.uns -unsext NTamd64 -plugin OA002Pin.dll -pluginres OA002Pin.crl -nodisconprompt -langid 0x0409
-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Alien Arena 2011-->"C:\Program Files (x86)\Alien Arena 7_50\unins000.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{0BD776F3-057D-4C11-020C-4FA9B13D04F9} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{B95653AB-0E7F-204A-3226-17E9F38E6951}
AMD Media Foundation Decoders-->MsiExec.exe /X{A6FE29A0-622B-2763-88AA-D1E084F77CD9}
AndreaMosaic 3.33.0-->C:\Windows\iun6002.exe "C:\Program Files (x86)\AndreaMosaic\irunin.ini"
Anki-->"C:\Program Files (x86)\Anki\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{9C98CA38-4C1A-4AC8-B55C-169497C8826B}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
Audacity 1.3.13 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Bulletstorm-->MsiExec.exe /I{45410935-3E72-472B-8C35-AB1000008200}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
Bulletstorm-->MsiExec.exe /X{45410935-3E72-472B-8C35-AB1000008200}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Catalyst Control Center - Branding-->MsiExec.exe /I{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Celestia 1.6.0-->"C:\Program Files (x86)\Celestia\unins000.exe"
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Deus Ex - Human Revolution version 1.0-->"C:\Program Files (x86)\Square Enix\Deus Ex - Human Revolution\unins000.exe"
Electric Sheep 2.7b29-->C:\Program Files (x86)\Electric Sheep\uninst.exe
Express Burn Disc Burning Software-->C:\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe
Express Zip File Compression Software-->C:\Program Files (x86)\NCH Software\ExpressZip\uninst.exe
FastFox-->C:\Program Files (x86)\NCH Software\FastFox\uninst.exe
FFmpeg v0.6.2 for Audacity-->"C:\Program Files (x86)\Ffmpeg For Audacity\unins000.exe"
Foxit Reader 5.1-->"C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe"
FreeApps-->C:\Program Files (x86)\FreeApps\FreeApps.exe /uninstall
FreeMind-->"C:\Program Files (x86)\FreeMind\unins000.exe"
Gbridge (remove only)-->C:\Program Files (x86)\Gbridge LLC\Gbridge\uninstall.exe
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.34.0.1190-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Talk Plugin-->MsiExec.exe /I{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12210
Grand Theft Auto: Episodes from Liberty City-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12220
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HitmanPro 3.6-->"C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall
Hyperdesk - DarkMatter Subspace-->MsiExec.exe /X{20AFAB5E-0631-4A3F-934F-EFC59479A26E}
Inkscape 0.48.1 -->C:\Program Files (x86)\Inkscape\Uninstall.exe
IObit Malware Fighter-->"C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe"
iTunes-->MsiExec.exe /I{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}
iZ3D Driver Remove-->"C:\Program Files (x86)\iZ3D Driver\unins000.exe"
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Java(TM) 7 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417000FF}
Java(TM) SE Development Kit 7 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170000}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{B3CB5BA3-3E98-4E85-944E-B03D055F8450}
Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
Live 8.1.1-->C:\PROGRA~2\Ableton\LIVE81~1.1\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE81~1.1\Install\INSTALL.LOG
LogMeIn-->MsiExec.exe /I{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Manga Studio EX 4.0-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Smith Micro\MangaStudio EX 4E\MS4_E_EX.isu"
ManyCam 2.6.55 (remove only)-->"C:\Program Files (x86)\ManyCam\uninstall.exe"
Mass Effect 2-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
Mathematica Extras 8.0 (2063897)-->"C:\ProgramData\Mathematica\Applications\Extras\UninstallFiles\Windows\unins000.exe"
MediaMonkey 3.2-->"C:\Program Files (x86)\MediaMonkey\unins000.exe"
MediaMonkey Script: MiniLyrics Embedder v1.4b-->"C:\Program Files (x86)\MediaMonkey\unins001.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{D9C50188-12D5-4D3E-8F00-682346C2AA5F}
Minecraft Terrain Changer-->MsiExec.exe /I{281CFC74-A43E-47A8-BBA9-ED0FF0FFFE59}
Minilyrics(remove only)-->"C:\Program Files (x86)\Minilyrics\uninst-ml.exe"
Monitor Webcam Driver (1.01.02.0804) -->C:\Windows\CtDrvIns.exe -uninstall -script OA002.uns -unsext NTamd64 -plugin OA002Pin.dll -pluginres OA002Pin.crl -nodisconprompt -langid 0x0409
MotioninJoy DS3 driver version 0.6.0004-->"C:\Program Files\MotioninJoy\unins000.exe"
MotoHelper 2.0.53 Driver 5.2.0-->C:\Program Files (x86)\Motorola\MotoHelper\uninstall.exe
MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}
Motorola Mobile Drivers Installation 5.2.0-->MsiExec.exe /X{1CCF1727-A817-4FEE-A028-5466FB542934}
Mozilla Firefox 6.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
ObjectDock Plus 2-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
Oracle VM VirtualBox 4.1.2-->MsiExec.exe /I{9B9E4031-ED35-4BE0-A397-BEC2CC88C471}
Paint.NET v3.5.8-->MsiExec.exe /X{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}
PANTECH Handset USB Driver V2-->C:\Program Files\Pantech\MSM USB Driver\Uninstall64.exe
Pantech PCSuite-->"C:\Program Files (x86)\InstallShield Installation Information\{9B3F33D3-E2BC-4BAE-93AB-41700072F680}\setup.exe" -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Pop-Up Card Designer-->"C:\Program Files (x86)\tamasoftware\popupcard_en\epuninst.exe" /s
Portal 2-->"C:\Program Files (x86)\Valve\Portal 2\unins000.exe"
Portal-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400
PS3 Media Server-->"C:\Program Files (x86)\PS3 Media Server\uninst.exe"
Python 3.2.2 (64-bit)-->MsiExec.exe /I{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFE}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Rainmeter-->C:\Program Files\Rainmeter\uninst.exe
Razer Naga-->MsiExec.exe /X{ED4108A9-60FD-4F18-AF42-122219977773}
Razer Nostromo Firmware Updater-->MsiExec.exe /I{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}
Razer Nostromo-->C:\Program Files (x86)\InstallShield Installation Information\{3FB61967-FF66-43B6-89F9-DF15FD9F3015}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Reason 5.0-->"C:\Program Files (x86)\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Revo Uninstaller 1.92-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Skypeâ,,¢ 5.3-->MsiExec.exe /X{F1CECE09-7CBE-4E98-B435-DA87CDA86167}
Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe"
Speccy-->"C:\Program Files\Speccy\uninst.exe"
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Stardock Software-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.10.0-->"C:\Program Files (x86)\Stellarium\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synthesia (remove only)-->"C:\Program Files (x86)\Synthesia\uninstall.exe"
Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboV EVO-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{491D92A9-69CA-4EB4-81D3-0106F9337957}\setup.exe" -l0x9
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraISO Premium V9.36-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)-->"C:\Program Files\Wolfram Research\Mathematica\8.0\SystemFiles\UninstallFiles\Windows\unins000.exe"
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wunderlist-->MsiExec.exe /X{3031A053-DC97-4D03-9179-BF6F98F63FA2}
Wunderlist-->MsiExec.exe /X{4C354FE5-1363-45DC-B2E4-1DB40C7D6AE9}
Yawcam 0.3.7-->"C:\Program Files (x86)\Yawcam\unins000.exe"
======System event log======
Computer Name: Caleb-VM
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 292801
Source Name: volsnap
Time Written: 20110922061051.412587-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name cs1.nemesis.eu.org timed out after none of the configured DNS servers responded.
Record Number: 292790
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922041236.297770-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name idowns.org timed out after none of the configured DNS servers responded.
Record Number: 292785
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922022151.293697-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name tracker.irc.su timed out after none of the configured DNS servers responded.
Record Number: 292765
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922001115.333506-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name www.sot.com timed out after none of the configured DNS servers responded.
Record Number: 292721
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110921232329.678600-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: Caleb-VM
Event Code: 215
Message: WinMail (3188) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Record Number: 685
Source Name: ESENT
Time Written: 20110226005910.000000-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 215
Message: WinMail (1088) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Record Number: 679
Source Name: ESENT
Time Written: 20110226005909.000000-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 412) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 668
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20110226005847.760352-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Caleb-VM
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 665
Source Name: Microsoft-Windows-Search
Time Written: 20110226005803.000000-000
Event Type: Warning
User:
Computer Name: Caleb-VM
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 663
Source Name: Microsoft-Windows-WMI
Time Written: 20110226015639.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ec27
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144632.567858-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ed16
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: REBEKAH-PC
Source Network Address: 192.168.1.32
Source Port: 58241
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 23658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144622.128261-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ec27
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: REBEKAH-PC
Source Network Address: 192.168.1.32
Source Port: 58240
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 23657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144622.105260-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fe62ef
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23656
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725143432.074649-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fe6200
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23655
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725143432.072648-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Java\jre6\bin;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1e05
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"windows_tracing_flags"=3
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"VBOX_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\
"asl.log"=Destination=file
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-02-16 23:44:39
======Uninstall list======
-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
-->C:\Windows\CtDrvIns.exe -uninstall -script OA002.uns -unsext NTamd64 -plugin OA002Pin.dll -pluginres OA002Pin.crl -nodisconprompt -langid 0x0409
-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Alien Arena 2011-->"C:\Program Files (x86)\Alien Arena 7_50\unins000.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{0BD776F3-057D-4C11-020C-4FA9B13D04F9} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{B95653AB-0E7F-204A-3226-17E9F38E6951}
AMD Media Foundation Decoders-->MsiExec.exe /X{A6FE29A0-622B-2763-88AA-D1E084F77CD9}
AndreaMosaic 3.33.0-->C:\Windows\iun6002.exe "C:\Program Files (x86)\AndreaMosaic\irunin.ini"
Anki-->"C:\Program Files (x86)\Anki\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{9C98CA38-4C1A-4AC8-B55C-169497C8826B}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
Audacity 1.3.13 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Bulletstorm-->MsiExec.exe /I{45410935-3E72-472B-8C35-AB1000008200}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
Bulletstorm-->MsiExec.exe /X{45410935-3E72-472B-8C35-AB1000008200}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Catalyst Control Center - Branding-->MsiExec.exe /I{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Celestia 1.6.0-->"C:\Program Files (x86)\Celestia\unins000.exe"
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Deus Ex - Human Revolution version 1.0-->"C:\Program Files (x86)\Square Enix\Deus Ex - Human Revolution\unins000.exe"
Electric Sheep 2.7b29-->C:\Program Files (x86)\Electric Sheep\uninst.exe
Express Burn Disc Burning Software-->C:\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe
Express Zip File Compression Software-->C:\Program Files (x86)\NCH Software\ExpressZip\uninst.exe
FastFox-->C:\Program Files (x86)\NCH Software\FastFox\uninst.exe
FFmpeg v0.6.2 for Audacity-->"C:\Program Files (x86)\Ffmpeg For Audacity\unins000.exe"
Foxit Reader 5.1-->"C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe"
FreeApps-->C:\Program Files (x86)\FreeApps\FreeApps.exe /uninstall
FreeMind-->"C:\Program Files (x86)\FreeMind\unins000.exe"
Gbridge (remove only)-->C:\Program Files (x86)\Gbridge LLC\Gbridge\uninstall.exe
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.34.0.1190-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Talk Plugin-->MsiExec.exe /I{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12210
Grand Theft Auto: Episodes from Liberty City-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12220
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HitmanPro 3.6-->"C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall
Hyperdesk - DarkMatter Subspace-->MsiExec.exe /X{20AFAB5E-0631-4A3F-934F-EFC59479A26E}
Inkscape 0.48.1 -->C:\Program Files (x86)\Inkscape\Uninstall.exe
IObit Malware Fighter-->"C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe"
iTunes-->MsiExec.exe /I{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}
iZ3D Driver Remove-->"C:\Program Files (x86)\iZ3D Driver\unins000.exe"
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Java(TM) 7 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417000FF}
Java(TM) SE Development Kit 7 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170000}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{B3CB5BA3-3E98-4E85-944E-B03D055F8450}
Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
Live 8.1.1-->C:\PROGRA~2\Ableton\LIVE81~1.1\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE81~1.1\Install\INSTALL.LOG
LogMeIn-->MsiExec.exe /I{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Manga Studio EX 4.0-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Smith Micro\MangaStudio EX 4E\MS4_E_EX.isu"
ManyCam 2.6.55 (remove only)-->"C:\Program Files (x86)\ManyCam\uninstall.exe"
Mass Effect 2-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
Mathematica Extras 8.0 (2063897)-->"C:\ProgramData\Mathematica\Applications\Extras\UninstallFiles\Windows\unins000.exe"
MediaMonkey 3.2-->"C:\Program Files (x86)\MediaMonkey\unins000.exe"
MediaMonkey Script: MiniLyrics Embedder v1.4b-->"C:\Program Files (x86)\MediaMonkey\unins001.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{D9C50188-12D5-4D3E-8F00-682346C2AA5F}
Minecraft Terrain Changer-->MsiExec.exe /I{281CFC74-A43E-47A8-BBA9-ED0FF0FFFE59}
Minilyrics(remove only)-->"C:\Program Files (x86)\Minilyrics\uninst-ml.exe"
Monitor Webcam Driver (1.01.02.0804) -->C:\Windows\CtDrvIns.exe -uninstall -script OA002.uns -unsext NTamd64 -plugin OA002Pin.dll -pluginres OA002Pin.crl -nodisconprompt -langid 0x0409
MotioninJoy DS3 driver version 0.6.0004-->"C:\Program Files\MotioninJoy\unins000.exe"
MotoHelper 2.0.53 Driver 5.2.0-->C:\Program Files (x86)\Motorola\MotoHelper\uninstall.exe
MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}
Motorola Mobile Drivers Installation 5.2.0-->MsiExec.exe /X{1CCF1727-A817-4FEE-A028-5466FB542934}
Mozilla Firefox 6.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
ObjectDock Plus 2-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}
Oracle VM VirtualBox 4.1.2-->MsiExec.exe /I{9B9E4031-ED35-4BE0-A397-BEC2CC88C471}
Paint.NET v3.5.8-->MsiExec.exe /X{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}
PANTECH Handset USB Driver V2-->C:\Program Files\Pantech\MSM USB Driver\Uninstall64.exe
Pantech PCSuite-->"C:\Program Files (x86)\InstallShield Installation Information\{9B3F33D3-E2BC-4BAE-93AB-41700072F680}\setup.exe" -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Pop-Up Card Designer-->"C:\Program Files (x86)\tamasoftware\popupcard_en\epuninst.exe" /s
Portal 2-->"C:\Program Files (x86)\Valve\Portal 2\unins000.exe"
Portal-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400
PS3 Media Server-->"C:\Program Files (x86)\PS3 Media Server\uninst.exe"
Python 3.2.2 (64-bit)-->MsiExec.exe /I{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFE}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Rainmeter-->C:\Program Files\Rainmeter\uninst.exe
Razer Naga-->MsiExec.exe /X{ED4108A9-60FD-4F18-AF42-122219977773}
Razer Nostromo Firmware Updater-->MsiExec.exe /I{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}
Razer Nostromo-->C:\Program Files (x86)\InstallShield Installation Information\{3FB61967-FF66-43B6-89F9-DF15FD9F3015}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Reason 5.0-->"C:\Program Files (x86)\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Revo Uninstaller 1.92-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Skypeâ,,¢ 5.3-->MsiExec.exe /X{F1CECE09-7CBE-4E98-B435-DA87CDA86167}
Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe"
Speccy-->"C:\Program Files\Speccy\uninst.exe"
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Stardock Software-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellarium 0.10.0-->"C:\Program Files (x86)\Stellarium\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synthesia (remove only)-->"C:\Program Files (x86)\Synthesia\uninstall.exe"
Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboV EVO-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{491D92A9-69CA-4EB4-81D3-0106F9337957}\setup.exe" -l0x9
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraISO Premium V9.36-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)-->"C:\Program Files\Wolfram Research\Mathematica\8.0\SystemFiles\UninstallFiles\Windows\unins000.exe"
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wunderlist-->MsiExec.exe /X{3031A053-DC97-4D03-9179-BF6F98F63FA2}
Wunderlist-->MsiExec.exe /X{4C354FE5-1363-45DC-B2E4-1DB40C7D6AE9}
Yawcam 0.3.7-->"C:\Program Files (x86)\Yawcam\unins000.exe"
======System event log======
Computer Name: Caleb-VM
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 292801
Source Name: volsnap
Time Written: 20110922061051.412587-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name cs1.nemesis.eu.org timed out after none of the configured DNS servers responded.
Record Number: 292790
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922041236.297770-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name idowns.org timed out after none of the configured DNS servers responded.
Record Number: 292785
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922022151.293697-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name tracker.irc.su timed out after none of the configured DNS servers responded.
Record Number: 292765
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110922001115.333506-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Caleb-VM
Event Code: 1014
Message: Name resolution for the name www.sot.com timed out after none of the configured DNS servers responded.
Record Number: 292721
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110921232329.678600-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: Caleb-VM
Event Code: 215
Message: WinMail (3188) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Record Number: 685
Source Name: ESENT
Time Written: 20110226005910.000000-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 215
Message: WinMail (1088) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Record Number: 679
Source Name: ESENT
Time Written: 20110226005909.000000-000
Event Type: Error
User:
Computer Name: Caleb-VM
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 412) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 668
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20110226005847.760352-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Caleb-VM
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 665
Source Name: Microsoft-Windows-Search
Time Written: 20110226005803.000000-000
Event Type: Warning
User:
Computer Name: Caleb-VM
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 663
Source Name: Microsoft-Windows-WMI
Time Written: 20110226015639.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ec27
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144632.567858-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ed16
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: REBEKAH-PC
Source Network Address: 192.168.1.32
Source Port: 58241
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 23658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144622.128261-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x200ec27
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: REBEKAH-PC
Source Network Address: 192.168.1.32
Source Port: 58240
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 23657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725144622.105260-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fe62ef
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23656
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725143432.074649-000
Event Type: Audit Success
User:
Computer Name: Caleb-VM
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fe6200
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 23655
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110725143432.072648-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Java\jre6\bin;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1e05
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"windows_tracing_flags"=3
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"VBOX_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\
"asl.log"=Destination=file
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF----------------
Normal boot works but many programs do not and it eventually becomes unresponsive.
Hi, cspence2393.
P2PFile sharing programs such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa are a major conduit for malware and a likely source of your current issues.
P2P have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.
In order to receive further assistance, please uninstall both uTorrent and Live 8.1.1.
Please provide the logs from the following tools:
Please download WVCheck from http://artellos.com/ccount/click.php?id=7 .
- Double-click WVCheck.exe.
- As indicated by the prompt, This program can take a while depending on your hard drive space.
- Once the program is done, copy the contents of the notepad file as a reply.
Download
CKScanner from
here (http://downloads.malwareremoval.com/CKScanner.exe)
Important : Save it to your desktop.
- Double-click CKScanner.exe and click Search For Files.
- After a very short time, when the cursor hourglass disappears, click Save List To File.
- A message box will verify that the file is saved. Please run the program only once.
- Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1936_18-02-2012
-----------------------
Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Safe Mode with Networking
Systemroot Path: C:\Windows
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-02-14 23:07:07
Last Success Time for Update Download: 2012-02-15 03:48:08
Last Success Time for Update Installation: 2012-02-15 03:45:32
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/11/2010 21:24:21
Modification; 20/11/2010 21:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3
-------- End of File, program close at 1937_18-02-2012 --------
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.IEJDNS
----- EOF -----
Sorry getting rid of all that took a long time.
QuoteCKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.IEJDNS
----- EOF -----
Sorry getting rid of all that took a long time.
Please explain.
You said to get rid of all the file sharing programs so I did. I'm sorry to have kept you waiting as it took a long time to remove everything.
Hi, cspence2393.
Doesn't it figure that I can't find my additional notes from the other day! I'll try to reconstruct from memory.
Although you updated to Jave 7u3, the update didn't remove
Java(TM) 6 Update 29 so you need to uninstall it. Also, if you are not a developer, you shouldn't need
Java(TM) SE Development Kit 7 and can uninstall that as well.
IObit:
Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
-- Independent Review: IObit: Trusting Your Antivirus Vendor (http://antivirus.about.com/od/antivirussoftwarereviews/a/iobittrustingantivirus.htm)
-- Additional Example: IOBit are back, facing more theft allegations. This time it involves TuneUp Utilities. (http://news.hostexploit.com/cyber-security-news/4154-iobit-are-back-facing-more-theft-allegations-this-time-it-involves-tuneup-utilities.html)
Malwarebytes Topics:
-- IOBit Steals Malwarebytes' Intellectual Property (http://forums.malwarebytes.org/index.php?showtopic=29681)
-- IOBit's Denial of Theft Unconvincing (http://forums.malwarebytes.org/index.php?showtopic=30989)
-- IOBit Theft Conclusion (http://forums.malwarebytes.org/index.php?showtopic=33217)
Registry Cleaners:
Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.
Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.
Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.
Windows 7 is much more efficient at managing the registry than previous Windows versions. If you are very knowledgeable of the registry, you can use Ccleaner to delete keys left over when uninstalling programs. However, these few keys will not make 1 millisecond's difference in performance. If you run CCleaner or any other registry cleaner and do not know precisely what you are doing, you will have problems down the road. There are no gains to be had from using a registry cleaner and the risk is great.
Forget all the "wisdom" you learned about XP. Windows 7 is not XP and does not manage the registry the same as XP.
From Microsoft at Increase PC speed: Optimize your computer, help your PC run faster (http://www.microsoft.com/athome/setup/optimize.aspx):
QuoteNote: This article does not address or recommend tinkering with the registry files. Such activities can be detrimental to your computer and should only be attempted by properly trained professionals.
Also see Are registry cleaners necessary? (http://windows.microsoft.com/en-US/windows-vista/Are-registry-cleaners-necessary)
Should you at any time tinker with the registry, first create a backup. See Back up the registry (http://windows.microsoft.com/en-us/windows7/Back-up-the-registry)
Uninstall:
Based on the above remarks about IOBit and Registry Cleaners, I suggest you consider uninstalling the following programs in addition to the above-mentioned Java:
IObit Malware Fighter
Glary Utilities 2.34.0.1190
Next, please post a fresh DDS log as well as the previously-requested TDSSKiller log which should be located at C:\TDSSKiller.2.7.8.0_31.01.2012_21.07.56_log.txt.
Also, please indicate what problems you are having with your computer.
21:07:56.0088 2864 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
21:07:56.0476 2864 ============================================================
21:07:56.0476 2864 Current date / time: 2012/01/31 21:07:56.0476
21:07:56.0476 2864 SystemInfo:
21:07:56.0476 2864
21:07:56.0476 2864 OS Version: 6.1.7601 ServicePack: 1.0
21:07:56.0476 2864 Product type: Workstation
21:07:56.0476 2864 ComputerName: CALEB-VM
21:07:56.0476 2864 UserName: Caleb
21:07:56.0476 2864 Windows directory: C:\Windows
21:07:56.0476 2864 System windows directory: C:\Windows
21:07:56.0476 2864 Running under WOW64
21:07:56.0476 2864 Processor architecture: Intel x64
21:07:56.0476 2864 Number of processors: 4
21:07:56.0476 2864 Page size: 0x1000
21:07:56.0476 2864 Boot type: Safe boot with network
21:07:56.0476 2864 ============================================================
21:07:57.0485 2864 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:07:57.0487 2864 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:07:57.0522 2864 Drive \Device\Harddisk5\DR5 - Size: 0x7AE0000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:07:57.0526 2864 \Device\Harddisk0\DR0:
21:07:57.0526 2864 MBR used
21:07:57.0526 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:07:57.0526 2864 \Device\Harddisk5\DR5:
21:07:57.0527 2864 MBR used
21:07:57.0527 2864 \Device\Harddisk5\DR5\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D6E0
21:07:57.0543 2864 Initialize success
21:07:57.0543 2864 ============================================================
21:07:59.0622 1292 ============================================================
21:07:59.0622 1292 Scan started
21:07:59.0622 1292 Mode: Manual;
21:07:59.0622 1292 ============================================================
21:08:00.0215 1292 Scan interrupted by user!
21:08:00.0215 1292 Scan interrupted by user!
21:08:00.0215 1292 Scan interrupted by user!
21:08:00.0215 1292 ============================================================
21:08:00.0215 1292 Scan finished
21:08:00.0215 1292 ============================================================
21:08:00.0215 2024 Detected object count: 0
21:08:00.0215 2024 Actual detected object count: 0
21:08:03.0307 2204 ============================================================
21:08:03.0307 2204 Scan started
21:08:03.0307 2204 Mode: Manual;
21:08:03.0307 2204 ============================================================
21:08:03.0494 2204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:08:03.0494 2204 1394ohci - ok
21:08:03.0510 2204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:08:03.0510 2204 ACPI - ok
21:08:03.0541 2204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:08:03.0541 2204 AcpiPmi - ok
21:08:03.0623 2204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:08:03.0624 2204 adp94xx - ok
21:08:03.0650 2204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:08:03.0651 2204 adpahci - ok
21:08:03.0667 2204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:08:03.0667 2204 adpu320 - ok
21:08:03.0761 2204 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:08:03.0763 2204 AFD - ok
21:08:03.0820 2204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:08:03.0820 2204 agp440 - ok
21:08:03.0878 2204 ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys
21:08:03.0878 2204 ahcix64s - ok
21:08:03.0907 2204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:08:03.0907 2204 aliide - ok
21:08:03.0941 2204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:08:03.0941 2204 amdide - ok
21:08:03.0968 2204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:08:03.0968 2204 AmdK8 - ok
21:08:04.0158 2204 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:08:04.0253 2204 amdkmdag - ok
21:08:04.0290 2204 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
21:08:04.0291 2204 amdkmdap - ok
21:08:04.0359 2204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:08:04.0360 2204 AmdPPM - ok
21:08:04.0409 2204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:08:04.0409 2204 amdsata - ok
21:08:04.0430 2204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:08:04.0430 2204 amdsbs - ok
21:08:04.0451 2204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:08:04.0451 2204 amdxata - ok
21:08:04.0491 2204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:08:04.0491 2204 AppID - ok
21:08:04.0535 2204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:08:04.0535 2204 arc - ok
21:08:04.0558 2204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:08:04.0558 2204 arcsas - ok
21:08:04.0565 2204 AsIO - ok
21:08:04.0630 2204 AsUpIO - ok
21:08:04.0692 2204 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
21:08:04.0692 2204 aswFsBlk - ok
21:08:04.0754 2204 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
21:08:04.0754 2204 aswMonFlt - ok
21:08:04.0786 2204 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
21:08:04.0786 2204 aswRdr - ok
21:08:04.0817 2204 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
21:08:04.0817 2204 aswSnx - ok
21:08:04.0864 2204 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
21:08:04.0864 2204 aswSP - ok
21:08:05.0035 2204 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
21:08:05.0035 2204 aswTdi - ok
21:08:05.0082 2204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:05.0082 2204 AsyncMac - ok
21:08:05.0162 2204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:08:05.0162 2204 atapi - ok
21:08:05.0227 2204 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
21:08:05.0228 2204 AtiHDAudioService - ok
21:08:05.0308 2204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:08:05.0310 2204 b06bdrv - ok
21:08:05.0341 2204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:08:05.0342 2204 b57nd60a - ok
21:08:05.0359 2204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:08:05.0359 2204 Beep - ok
21:08:05.0407 2204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:08:05.0408 2204 blbdrive - ok
21:08:05.0487 2204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:08:05.0487 2204 bowser - ok
21:08:05.0506 2204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:08:05.0506 2204 BrFiltLo - ok
21:08:05.0523 2204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:08:05.0523 2204 BrFiltUp - ok
21:08:05.0547 2204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:08:05.0548 2204 Brserid - ok
21:08:05.0564 2204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:05.0564 2204 BrSerWdm - ok
21:08:05.0591 2204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:05.0591 2204 BrUsbMdm - ok
21:08:05.0625 2204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:05.0625 2204 BrUsbSer - ok
21:08:05.0655 2204 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
21:08:05.0655 2204 BTCFilterService - ok
21:08:05.0739 2204 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:08:05.0739 2204 BthEnum - ok
21:08:05.0774 2204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:08:05.0774 2204 BTHMODEM - ok
21:08:05.0794 2204 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:08:05.0794 2204 BthPan - ok
21:08:05.0839 2204 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:08:05.0841 2204 BTHPORT - ok
21:08:05.0882 2204 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:08:05.0882 2204 BTHUSB - ok
21:08:05.0972 2204 btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
21:08:05.0972 2204 btwaudio - ok
21:08:06.0009 2204 btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
21:08:06.0010 2204 btwavdt - ok
21:08:06.0057 2204 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:08:06.0057 2204 btwl2cap - ok
21:08:06.0094 2204 btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
21:08:06.0094 2204 btwrchid - ok
21:08:06.0168 2204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:08:06.0168 2204 cdfs - ok
21:08:06.0214 2204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:08:06.0214 2204 cdrom - ok
21:08:06.0261 2204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:08:06.0261 2204 circlass - ok
21:08:06.0292 2204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:08:06.0292 2204 CLFS - ok
21:08:06.0386 2204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:08:06.0386 2204 CmBatt - ok
21:08:06.0402 2204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:08:06.0402 2204 cmdide - ok
21:08:06.0448 2204 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:08:06.0448 2204 CNG - ok
21:08:06.0464 2204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:08:06.0464 2204 Compbatt - ok
21:08:06.0542 2204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:08:06.0542 2204 CompositeBus - ok
21:08:06.0604 2204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:08:06.0604 2204 crcdisk - ok
21:08:06.0636 2204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:08:06.0636 2204 DfsC - ok
21:08:06.0651 2204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:08:06.0651 2204 discache - ok
21:08:06.0702 2204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:08:06.0703 2204 Disk - ok
21:08:06.0776 2204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:08:06.0776 2204 drmkaud - ok
21:08:06.0839 2204 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:08:06.0840 2204 dtsoftbus01 - ok
21:08:06.0878 2204 dualshock3 (578af51b92667da718cc0a061edc0e33) C:\Windows\system32\DRIVERS\dualshock3_x64.sys
21:08:06.0878 2204 dualshock3 - ok
21:08:06.0947 2204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:08:06.0950 2204 DXGKrnl - ok
21:08:07.0044 2204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:08:07.0054 2204 ebdrv - ok
21:08:07.0123 2204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:08:07.0124 2204 elxstor - ok
21:08:07.0166 2204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:08:07.0166 2204 ErrDev - ok
21:08:07.0228 2204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:08:07.0229 2204 exfat - ok
21:08:07.0263 2204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:08:07.0264 2204 fastfat - ok
21:08:07.0283 2204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:08:07.0283 2204 fdc - ok
21:08:07.0305 2204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:08:07.0305 2204 FileInfo - ok
21:08:07.0384 2204 FileMonitor (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
21:08:07.0384 2204 FileMonitor - ok
21:08:07.0445 2204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:08:07.0445 2204 Filetrace - ok
21:08:07.0478 2204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:08:07.0478 2204 flpydisk - ok
21:08:07.0514 2204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:08:07.0515 2204 FltMgr - ok
21:08:07.0537 2204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:08:07.0538 2204 FsDepends - ok
21:08:07.0555 2204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:08:07.0556 2204 Fs_Rec - ok
21:08:07.0584 2204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:08:07.0585 2204 fvevol - ok
21:08:07.0608 2204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:08:07.0608 2204 gagp30kx - ok
21:08:07.0689 2204 gbridge (830e853d557da8f4d9449699e53cbee0) C:\Windows\system32\DRIVERS\gbridge64.sys
21:08:07.0689 2204 gbridge - ok
21:08:07.0743 2204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:08:07.0743 2204 GEARAspiWDM - ok
21:08:07.0801 2204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:08:07.0801 2204 hcw85cir - ok
21:08:07.0844 2204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:08:07.0846 2204 HdAudAddService - ok
21:08:07.0867 2204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:08:07.0867 2204 HDAudBus - ok
21:08:07.0920 2204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:08:07.0920 2204 HidBatt - ok
21:08:07.0934 2204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:08:07.0935 2204 HidBth - ok
21:08:07.0950 2204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:08:07.0950 2204 HidIr - ok
21:08:08.0011 2204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:08:08.0011 2204 HidUsb - ok
21:08:08.0037 2204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:08:08.0037 2204 HpSAMD - ok
21:08:08.0078 2204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:08:08.0081 2204 HTTP - ok
21:08:08.0100 2204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:08:08.0100 2204 hwpolicy - ok
21:08:08.0180 2204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:08:08.0180 2204 i8042prt - ok
21:08:08.0222 2204 iaStor (5f118f3081afbc833a2d9cd1c213411a) C:\Windows\system32\drivers\iaStor.sys
21:08:08.0223 2204 iaStor - ok
21:08:08.0268 2204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:08:08.0269 2204 iaStorV - ok
21:08:08.0288 2204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:08:08.0288 2204 iirsp - ok
21:08:08.0359 2204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:08:08.0359 2204 intelide - ok
21:08:08.0426 2204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:08:08.0426 2204 intelppm - ok
21:08:08.0462 2204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:08.0462 2204 IpFilterDriver - ok
21:08:08.0486 2204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:08:08.0486 2204 IPMIDRV - ok
21:08:08.0510 2204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:08:08.0511 2204 IPNAT - ok
21:08:08.0581 2204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:08:08.0581 2204 IRENUM - ok
21:08:08.0595 2204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:08:08.0595 2204 isapnp - ok
21:08:08.0648 2204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:08:08.0649 2204 iScsiPrt - ok
21:08:08.0708 2204 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:08:08.0708 2204 ISODrive - ok
21:08:08.0795 2204 iZ3DInjectionDriver (ae72046ad733d2764d5de373de0cc180) C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys
21:08:08.0795 2204 iZ3DInjectionDriver - ok
21:08:08.0825 2204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:08:08.0825 2204 kbdclass - ok
21:08:08.0903 2204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:08:08.0903 2204 kbdhid - ok
21:08:08.0947 2204 KORGUMDS (b3f33ead5e5ad0704c4ae8d9cb2d4a2e) C:\Windows\system32\Drivers\KORGUM64.SYS
21:08:08.0947 2204 KORGUMDS - ok
21:08:09.0000 2204 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:08:09.0000 2204 KSecDD - ok
21:08:09.0013 2204 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:08:09.0013 2204 KSecPkg - ok
21:08:09.0055 2204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:08:09.0056 2204 ksthunk - ok
21:08:09.0160 2204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:08:09.0161 2204 lltdio - ok
21:08:09.0252 2204 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:08:09.0252 2204 LMIInfo - ok
21:08:09.0299 2204 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:08:09.0299 2204 lmimirr - ok
21:08:09.0314 2204 LMIRfsClientNP - ok
21:08:09.0377 2204 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:08:09.0377 2204 LMIRfsDriver - ok
21:08:09.0439 2204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:08:09.0439 2204 LSI_FC - ok
21:08:09.0470 2204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:08:09.0470 2204 LSI_SAS - ok
21:08:09.0502 2204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:08:09.0502 2204 LSI_SAS2 - ok
21:08:09.0517 2204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:08:09.0517 2204 LSI_SCSI - ok
21:08:09.0548 2204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:08:09.0548 2204 luafv - ok
21:08:09.0642 2204 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
21:08:09.0642 2204 ManyCam - ok
21:08:09.0689 2204 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:08:09.0689 2204 MBAMProtector - ok
21:08:09.0736 2204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:08:09.0736 2204 megasas - ok
21:08:09.0773 2204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:08:09.0774 2204 MegaSR - ok
21:08:09.0806 2204 MegaSR1 (99f2b93c85f76722919133f656ea2958) C:\Windows\system32\drivers\MegaSR1.sys
21:08:09.0807 2204 MegaSR1 - ok
21:08:09.0839 2204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:08:09.0839 2204 Modem - ok
21:08:09.0896 2204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:08:09.0897 2204 monitor - ok
21:08:09.0938 2204 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
21:08:09.0939 2204 motandroidusb - ok
21:08:09.0994 2204 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
21:08:09.0994 2204 motccgp - ok
21:08:10.0021 2204 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:08:10.0021 2204 motccgpfl - ok
21:08:10.0090 2204 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
21:08:10.0090 2204 MotioninJoyXFilter - ok
21:08:10.0109 2204 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
21:08:10.0109 2204 motmodem - ok
21:08:10.0152 2204 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
21:08:10.0153 2204 MotoSwitchService - ok
21:08:10.0167 2204 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
21:08:10.0167 2204 Motousbnet - ok
21:08:10.0222 2204 motport (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motport.sys
21:08:10.0222 2204 motport - ok
21:08:10.0229 2204 motusbdevice - ok
21:08:10.0269 2204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:08:10.0269 2204 mouclass - ok
21:08:10.0307 2204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:08:10.0307 2204 mouhid - ok
21:08:10.0326 2204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:08:10.0327 2204 mountmgr - ok
21:08:10.0343 2204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:08:10.0344 2204 mpio - ok
21:08:10.0369 2204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:08:10.0369 2204 mpsdrv - ok
21:08:10.0397 2204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:08:10.0398 2204 MRxDAV - ok
21:08:10.0433 2204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:10.0434 2204 mrxsmb - ok
21:08:10.0505 2204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:10.0506 2204 mrxsmb10 - ok
21:08:10.0532 2204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:10.0532 2204 mrxsmb20 - ok
21:08:10.0560 2204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:08:10.0560 2204 msahci - ok
21:08:10.0585 2204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:08:10.0585 2204 msdsm - ok
21:08:10.0602 2204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:08:10.0602 2204 Msfs - ok
21:08:10.0620 2204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:08:10.0620 2204 mshidkmdf - ok
21:08:10.0636 2204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:08:10.0636 2204 msisadrv - ok
21:08:10.0716 2204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:08:10.0716 2204 MSKSSRV - ok
21:08:10.0733 2204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:10.0733 2204 MSPCLOCK - ok
21:08:10.0750 2204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:08:10.0750 2204 MSPQM - ok
21:08:10.0763 2204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:08:10.0764 2204 MsRPC - ok
21:08:10.0793 2204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:08:10.0793 2204 mssmbios - ok
21:08:10.0823 2204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:08:10.0824 2204 MSTEE - ok
21:08:10.0840 2204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:08:10.0840 2204 MTConfig - ok
21:08:10.0882 2204 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
21:08:10.0883 2204 MTsensor - ok
21:08:10.0941 2204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:08:10.0942 2204 Mup - ok
21:08:10.0983 2204 mv91cons (b54b122dcea87b66c6dc4a364fb1453f) C:\Windows\system32\drivers\mv91cons.sys
21:08:10.0983 2204 mv91cons - ok
21:08:11.0010 2204 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\drivers\mv91xx.sys
21:08:11.0011 2204 mv91xx - ok
21:08:11.0070 2204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:08:11.0071 2204 NativeWifiP - ok
21:08:11.0118 2204 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:08:11.0118 2204 NDIS - ok
21:08:11.0134 2204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:11.0134 2204 NdisCap - ok
21:08:11.0243 2204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:11.0243 2204 NdisTapi - ok
21:08:11.0274 2204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:11.0274 2204 Ndisuio - ok
21:08:11.0290 2204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:11.0290 2204 NdisWan - ok
21:08:11.0330 2204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:08:11.0331 2204 NDProxy - ok
21:08:11.0352 2204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:08:11.0352 2204 NetBIOS - ok
21:08:11.0374 2204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:08:11.0375 2204 NetBT - ok
21:08:11.0455 2204 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
21:08:11.0458 2204 netr7364 - ok
21:08:11.0507 2204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:08:11.0507 2204 nfrd960 - ok
21:08:11.0542 2204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:08:11.0542 2204 Npfs - ok
21:08:11.0560 2204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:08:11.0560 2204 nsiproxy - ok
21:08:11.0616 2204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:08:11.0621 2204 Ntfs - ok
21:08:11.0640 2204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:08:11.0640 2204 Null - ok
21:08:11.0721 2204 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:08:11.0721 2204 nusb3hub - ok
21:08:11.0753 2204 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:08:11.0754 2204 nusb3xhc - ok
21:08:11.0801 2204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:08:11.0802 2204 nvraid - ok
21:08:11.0822 2204 nvrd64 (8787d3eece88611a313de7608c44c04d) C:\Windows\system32\drivers\nvrd64.sys
21:08:11.0823 2204 nvrd64 - ok
21:08:11.0841 2204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:08:11.0841 2204 nvstor - ok
21:08:11.0858 2204 nvstor64 (f3d7b0ede156583f6fd3d2b5e898e2b6) C:\Windows\system32\drivers\nvstor64.sys
21:08:11.0858 2204 nvstor64 - ok
21:08:11.0930 2204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:08:11.0931 2204 nv_agp - ok
21:08:11.0975 2204 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
21:08:11.0976 2204 OA002Afx - ok
21:08:12.0004 2204 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
21:08:12.0005 2204 OA002Ufd - ok
21:08:12.0048 2204 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
21:08:12.0049 2204 OA002Vid - ok
21:08:12.0101 2204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:08:12.0101 2204 ohci1394 - ok
21:08:12.0131 2204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:08:12.0132 2204 Parport - ok
21:08:12.0154 2204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:08:12.0154 2204 partmgr - ok
21:08:12.0174 2204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:08:12.0174 2204 pci - ok
21:08:12.0191 2204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:08:12.0191 2204 pciide - ok
21:08:12.0217 2204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:08:12.0218 2204 pcmcia - ok
21:08:12.0242 2204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:08:12.0243 2204 pcw - ok
21:08:12.0265 2204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:08:12.0267 2204 PEAUTH - ok
21:08:12.0342 2204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:08:12.0342 2204 PptpMiniport - ok
21:08:12.0358 2204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:08:12.0358 2204 Processor - ok
21:08:12.0422 2204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:08:12.0423 2204 Psched - ok
21:08:12.0476 2204 PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
21:08:12.0476 2204 PTQHBUS - ok
21:08:12.0536 2204 PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
21:08:12.0537 2204 PTQHMDM - ok
21:08:12.0548 2204 PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
21:08:12.0549 2204 PTQHVSP - ok
21:08:12.0598 2204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:08:12.0602 2204 ql2300 - ok
21:08:12.0623 2204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:08:12.0624 2204 ql40xx - ok
21:08:12.0640 2204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:08:12.0641 2204 QWAVEdrv - ok
21:08:12.0658 2204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:08:12.0658 2204 RasAcd - ok
21:08:12.0729 2204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:08:12.0730 2204 RasAgileVpn - ok
21:08:12.0765 2204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:08:12.0766 2204 Rasl2tp - ok
21:08:12.0787 2204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:08:12.0787 2204 RasPppoe - ok
21:08:12.0817 2204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:08:12.0818 2204 RasSstp - ok
21:08:12.0836 2204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:08:12.0837 2204 rdbss - ok
21:08:12.0856 2204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:08:12.0856 2204 rdpbus - ok
21:08:12.0878 2204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:08:12.0878 2204 RDPCDD - ok
21:08:12.0957 2204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:08:12.0957 2204 RDPENCDD - ok
21:08:12.0973 2204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:08:12.0973 2204 RDPREFMP - ok
21:08:13.0000 2204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:08:13.0001 2204 RDPWD - ok
21:08:13.0038 2204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:08:13.0039 2204 rdyboost - ok
21:08:13.0125 2204 RegFilter (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
21:08:13.0125 2204 RegFilter - ok
21:08:13.0192 2204 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:08:13.0193 2204 RFCOMM - ok
21:08:13.0286 2204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:08:13.0286 2204 rspndr - ok
21:08:13.0343 2204 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
21:08:13.0344 2204 RTHDMIAzAudService - ok
21:08:13.0386 2204 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:08:13.0387 2204 RTL8167 - ok
21:08:13.0417 2204 rtl8190pn64 (a052fec0974fa649dab1f01cf96f45d7) C:\Windows\system32\DRIVERS\rtl8190p.sys
21:08:13.0419 2204 rtl8190pn64 - ok
21:08:13.0449 2204 rtl819xpn64 (ad462be7b3899e4f1ac2256381578b2c) C:\Windows\system32\DRIVERS\rtl819xp.sys
21:08:13.0451 2204 rtl819xpn64 - ok
21:08:13.0526 2204 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
21:08:13.0527 2204 RzSynapse - ok
21:08:13.0623 2204 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:08:13.0623 2204 SASDIFSV - ok
21:08:13.0640 2204 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:08:13.0641 2204 SASKUTIL - ok
21:08:13.0678 2204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:08:13.0678 2204 sbp2port - ok
21:08:13.0694 2204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:08:13.0694 2204 scfilter - ok
21:08:13.0727 2204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:08:13.0727 2204 secdrv - ok
21:08:13.0799 2204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:08:13.0799 2204 Serenum - ok
21:08:13.0812 2204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:08:13.0812 2204 Serial - ok
21:08:13.0828 2204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:08:13.0828 2204 sermouse - ok
21:08:13.0859 2204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:08:13.0859 2204 sffdisk - ok
21:08:13.0875 2204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:08:13.0875 2204 sffp_mmc - ok
21:08:13.0875 2204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:08:13.0875 2204 sffp_sd - ok
21:08:13.0890 2204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:08:13.0890 2204 sfloppy - ok
21:08:13.0937 2204 Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
21:08:13.0937 2204 Si3124r5 - ok
21:08:13.0953 2204 SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
21:08:13.0953 2204 SiFilter - ok
21:08:13.0968 2204 SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
21:08:13.0968 2204 SiRemFil - ok
21:08:14.0046 2204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:08:14.0046 2204 SiSRaid2 - ok
21:08:14.0078 2204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:08:14.0078 2204 SiSRaid4 - ok
21:08:14.0203 2204 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
21:08:14.0203 2204 SmartDefragDriver - ok
21:08:14.0290 2204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:08:14.0290 2204 Smb - ok
21:08:14.0359 2204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:08:14.0359 2204 spldr - ok
21:08:14.0425 2204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:08:14.0427 2204 srv - ok
21:08:14.0465 2204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:08:14.0466 2204 srv2 - ok
21:08:14.0487 2204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:08:14.0487 2204 srvnet - ok
21:08:14.0529 2204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:08:14.0530 2204 stexstor - ok
21:08:14.0594 2204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:08:14.0594 2204 swenum - ok
21:08:14.0634 2204 T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
21:08:14.0635 2204 T2Fltr - ok
21:08:14.0689 2204 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:08:14.0695 2204 Tcpip - ok
21:08:14.0764 2204 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:08:14.0770 2204 TCPIP6 - ok
21:08:14.0795 2204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:08:14.0796 2204 tcpipreg - ok
21:08:14.0829 2204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:08:14.0829 2204 TDPIPE - ok
21:08:14.0840 2204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:08:14.0840 2204 TDTCP - ok
21:08:14.0873 2204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:08:14.0874 2204 tdx - ok
21:08:14.0916 2204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:08:14.0916 2204 TermDD - ok
21:08:15.0012 2204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:08:15.0012 2204 tssecsrv - ok
21:08:15.0148 2204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:08:15.0149 2204 TsUsbFlt - ok
21:08:15.0270 2204 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:08:15.0271 2204 TsUsbGD - ok
21:08:15.0306 2204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:08:15.0307 2204 tunnel - ok
21:08:15.0329 2204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:08:15.0329 2204 uagp35 - ok
21:08:15.0348 2204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:08:15.0349 2204 udfs - ok
21:08:15.0406 2204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:08:15.0406 2204 uliagpkx - ok
21:08:15.0458 2204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:08:15.0459 2204 umbus - ok
21:08:15.0478 2204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:08:15.0478 2204 UmPass - ok
21:08:15.0552 2204 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
21:08:15.0552 2204 UrlFilter - ok
21:08:15.0647 2204 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:08:15.0647 2204 USBAAPL64 - ok
21:08:15.0698 2204 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:08:15.0699 2204 usbaudio - ok
21:08:15.0728 2204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:08:15.0728 2204 usbccgp - ok
21:08:15.0779 2204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:08:15.0779 2204 usbcir - ok
21:08:15.0800 2204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:08:15.0800 2204 usbehci - ok
21:08:15.0846 2204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:08:15.0847 2204 usbhub - ok
21:08:15.0911 2204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:08:15.0911 2204 usbohci - ok
21:08:15.0947 2204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:08:15.0947 2204 usbprint - ok
21:08:15.0985 2204 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:08:15.0985 2204 usbscan - ok
21:08:16.0029 2204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:08:16.0029 2204 USBSTOR - ok
21:08:16.0051 2204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:08:16.0051 2204 usbuhci - ok
21:08:16.0135 2204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:08:16.0135 2204 usbvideo - ok
21:08:16.0233 2204 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:08:16.0234 2204 VBoxDrv - ok
21:08:16.0263 2204 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:08:16.0264 2204 VBoxNetAdp - ok
21:08:16.0285 2204 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:08:16.0286 2204 VBoxNetFlt - ok
21:08:16.0348 2204 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:08:16.0349 2204 VBoxUSBMon - ok
21:08:16.0399 2204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:08:16.0399 2204 vdrvroot - ok
21:08:16.0421 2204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:08:16.0421 2204 vga - ok
21:08:16.0447 2204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:08:16.0447 2204 VgaSave - ok
21:08:16.0461 2204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:08:16.0462 2204 vhdmp - ok
21:08:16.0530 2204 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
21:08:16.0534 2204 VIAHdAudAddService - ok
21:08:16.0588 2204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:08:16.0588 2204 viaide - ok
21:08:16.0639 2204 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
21:08:16.0639 2204 VJoystick - ok
21:08:16.0654 2204 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
21:08:16.0654 2204 VKbms - ok
21:08:16.0695 2204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:08:16.0696 2204 volmgr - ok
21:08:16.0720 2204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:08:16.0722 2204 volmgrx - ok
21:08:16.0742 2204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:08:16.0743 2204 volsnap - ok
21:08:16.0834 2204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:08:16.0835 2204 vsmraid - ok
21:08:16.0855 2204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:08:16.0855 2204 vwifibus - ok
21:08:16.0871 2204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:08:16.0871 2204 vwififlt - ok
21:08:16.0918 2204 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:08:16.0918 2204 vwifimp - ok
21:08:16.0964 2204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:08:16.0964 2204 WacomPen - ok
21:08:17.0042 2204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:17.0042 2204 WANARP - ok
21:08:17.0042 2204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:17.0042 2204 Wanarpv6 - ok
21:08:17.0074 2204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:08:17.0074 2204 Wd - ok
21:08:17.0105 2204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:08:17.0105 2204 Wdf01000 - ok
21:08:17.0181 2204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:08:17.0181 2204 WfpLwf - ok
21:08:17.0210 2204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:08:17.0210 2204 WIMMount - ok
21:08:17.0314 2204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:08:17.0315 2204 WinUsb - ok
21:08:17.0351 2204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:08:17.0352 2204 WmiAcpi - ok
21:08:17.0443 2204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:08:17.0444 2204 ws2ifsl - ok
21:08:17.0478 2204 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:08:17.0478 2204 WSDPrintDevice - ok
21:08:17.0504 2204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:08:17.0505 2204 WudfPf - ok
21:08:17.0528 2204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:08:17.0529 2204 WUDFRd - ok
21:08:17.0597 2204 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
21:08:17.0597 2204 xusb21 - ok
21:08:17.0659 2204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:08:17.0702 2204 \Device\Harddisk0\DR0 - ok
21:08:17.0708 2204 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR5
21:08:18.0007 2204 \Device\Harddisk5\DR5 - ok
21:08:18.0008 2204 Boot (0x1200) (958086814565f7cd71b2545bdbc42ba5) \Device\Harddisk0\DR0\Partition0
21:08:18.0009 2204 \Device\Harddisk0\DR0\Partition0 - ok
21:08:18.0011 2204 Boot (0x1200) (3456f189a0b7fca9591216f84fcd074d) \Device\Harddisk5\DR5\Partition0
21:08:18.0012 2204 \Device\Harddisk5\DR5\Partition0 - ok
21:08:18.0012 2204 ============================================================
21:08:18.0012 2204 Scan finished
21:08:18.0012 2204 ============================================================
21:08:18.0015 2212 Detected object count: 0
21:08:18.0015 2212 Actual detected object count: 0
21:09:18.0542 2948 Deinitialize success
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Caleb at 2:18:25 on 2012-02-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2249 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.velocitymicro.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [FastFox] "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [DeleteDir[B64] WIPE_B64.TMP] cmd.exe /C RD /S /Q C:\Users\Caleb\AppData\Local\Temp\WIPE_B64.TMP
mRunOnce: [DeleteDir[B82] Alien Arena 7_50] cmd.exe /C RD /S /Q C:\PROGRA~2\ALIENA~1
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
StartupFolder: C:\Users\Caleb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Caleb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr
Thanks for the TDSSKiller log, cspence2393. Unfortunately, due to the length of that log, it cut off the rest of the DDS.scr log and don't forget to include a summery of the problems you've been having.
Please copy/paste from IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr to the end.
Thanks!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Caleb at 19:52:45 on 2012-02-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2453 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caleb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.velocitymicro.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [FastFox] "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [DeleteDir[B64] WIPE_B64.TMP] cmd.exe /C RD /S /Q C:\Users\Caleb\AppData\Local\Temp\WIPE_B64.TMP
mRunOnce: [DeleteDir[B82] Alien Arena 7_50] cmd.exe /C RD /S /Q C:\PROGRA~2\ALIENA~1
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
StartupFolder: C:\Users\Caleb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Caleb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C6015BAA-8D1F-40AA-A66D-F928FC6B634C} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\140707C65602E4564777F627B602534683539313 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\140707C65602E4564777F627B602662666931363 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\25564602A5F6E656 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\350756E6365627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\4596666616E697 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E38DF810-D166-47D0-8421-C89FF9F8E953}\77962756C6563737 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
STS: CAveStartButtonChangerObject Class: {f791a188-699d-4fd4-955a-eb59e89b1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun-x64: [FastFox] "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [DeleteDir[B64] WIPE_B64.TMP] cmd.exe /C RD /S /Q C:\Users\Caleb\AppData\Local\Temp\WIPE_B64.TMP
mRunOnce-x64: [DeleteDir[B82] Alien Arena 7_50] cmd.exe /C RD /S /Q C:\PROGRA~2\ALIENA~1
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
STS-X64: CAveStartButtonChangerObject Class: {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Caleb\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Caleb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Caleb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\drivers\mv91xx.sys --> C:\Windows\system32\drivers\mv91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 gbridge;Gbridge Virtual Miniport;C:\Windows\system32\DRIVERS\gbridge64.sys --> C:\Windows\system32\DRIVERS\gbridge64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 T2Fltr;Razer Nostromo;C:\Windows\system32\drivers\T2Fltr.sys --> C:\Windows\system32\drivers\T2Fltr.sys [?]
R3 VJoystick;Virtual JoyStick KMDF HID Minidriver;C:\Windows\system32\DRIVERS\VJoystick.sys --> C:\Windows\system32\DRIVERS\VJoystick.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-9-24 43704]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-11-19 109056]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-5 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta;C:\Windows\system32\DRIVERS\dualshock3_x64.sys --> C:\Windows\system32\DRIVERS\dualshock3_x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-22 136176]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-1-31 105800]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSIC0C7.tmp [2011-7-2 102400]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
S2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-2 652360]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
S2 S3D Service (Win32);S3D Service (Win32);C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-9-24 360960]
S2 S3D Service (Win64);S3D Service (Win64);C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-9-24 614400]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-30 2358656]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
S2 uvnc_service_gs;uvnc_service_gs;C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-6-12 1587536]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-22 136176]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\system32\Drivers\KORGUM64.SYS --> C:\Windows\system32\Drivers\KORGUM64.SYS [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MegaSR1;MegaSR1;C:\Windows\system32\drivers\MegaSR1.sys --> C:\Windows\system32\drivers\MegaSR1.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 mv91cons;mv91cons;C:\Windows\system32\drivers\mv91cons.sys --> C:\Windows\system32\drivers\mv91cons.sys [?]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);C:\Windows\system32\DRIVERS\PTQHBUS.sys --> C:\Windows\system32\DRIVERS\PTQHBUS.sys [?]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);C:\Windows\system32\DRIVERS\PTQHMDM.sys --> C:\Windows\system32\DRIVERS\PTQHMDM.sys [?]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);C:\Windows\system32\DRIVERS\PTQHVSP.sys --> C:\Windows\system32\DRIVERS\PTQHVSP.sys [?]
S3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8190p.sys --> C:\Windows\system32\DRIVERS\rtl8190p.sys [?]
S3 Si3124r5;Si3124r5;C:\Windows\system32\drivers\Si3124r5.sys --> C:\Windows\system32\drivers\Si3124r5.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-02-19 00:57:44 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-02-19 00:57:16 -------- d-----w- C:\Program Files\Unlocker
2012-02-17 23:51:05 -------- d-----w- C:\Users\Caleb\AppData\Roaming\mIRC
2012-02-17 23:51:05 -------- d-----w- C:\Program Files (x86)\mIRC
2012-02-17 05:54:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{328F7277-0DAD-47A2-AFB6-B03688D77EC6}\offreg.dll
2012-02-17 05:44:32 -------- d-----w- C:\Program Files\trend micro
2012-02-15 03:45:27 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{328F7277-0DAD-47A2-AFB6-B03688D77EC6}\mpengine.dll
2012-02-10 20:49:44 -------- d-----w- C:\AMD
2012-02-01 03:15:26 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-02-01 03:13:59 -------- d-----w- C:\Program Files\HitmanPro
2012-02-01 03:12:07 -------- d-----w- C:\ProgramData\HitmanPro
2012-01-31 06:39:17 -------- d-----w- C:\Users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 06:38:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-31 06:38:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-31 06:35:01 388096 ----a-r- C:\Users\Caleb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 06:35:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-31 01:05:51 -------- d-----w- C:\cinject_0.4.3
2012-01-30 04:40:49 -------- d-----w- C:\Users\Caleb\AppData\Local\Spotify
2012-01-30 04:40:16 -------- d-----w- C:\Users\Caleb\AppData\Roaming\Spotify
2012-01-26 06:37:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
==================== Find3M ====================
.
2012-02-10 20:43:46 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-02-10 20:43:45 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-02-10 20:43:45 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-01-29 11:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-01 19:03:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 06:04:01 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2011-12-18 06:04:00 80768 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:52:52.18 ===============
Thats a new DDS log.
Symptoms:
Unable to use notepad, command prompt, change time and date, device manager, etc.
Gradually slower response times until computer is unusable.
Repeated black screens of death (after log in only a cursor appears) requiring fixing the boot record.
Interference with security software including scans.
Thanks cspence2393. I don't know that this will help, but let's give it a try.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
ComboFix 12-02-21.01 - Caleb 02/21/2012 23:05:29.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3272 [GMT -6:00]
Running from: c:\users\Caleb\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\lol
c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini
c:\program files (x86)\lol\LeagueOfLegends\data1.cab
c:\program files (x86)\lol\LeagueOfLegends\data1.hdr
c:\program files (x86)\lol\LeagueOfLegends\data2.cab
c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll
c:\program files (x86)\lol\LeagueOfLegends\layout.bin
c:\program files (x86)\lol\LeagueOfLegends\setup.exe
c:\program files (x86)\lol\LeagueOfLegends\setup.ini
c:\program files (x86)\lol\LeagueOfLegends\setup.inx
c:\program files (x86)\lol\LeagueOfLegends\setup.isn
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\install.log
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\WinPcapInstall.dll
c:\users\Caleb\AppData\Roaming\mIRC\logs\status.log
c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\searchplugins\bing-zugo.xml
c:\windows\es.exe
c:\windows\iun6002.exe
c:\windows\pthreadGC2.dll
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 04:50 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04791B3-C41D-444F-A5AE-B2EB035CB6D2}\mpengine.dll
2012-02-19 00:57 . 2012-02-19 00:57 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-19 00:57 . 2012-02-19 00:57 -------- d-----w- c:\program files\Unlocker
2012-02-17 23:51 . 2012-02-18 06:06 -------- d-----w- c:\users\Caleb\AppData\Roaming\mIRC
2012-02-17 23:51 . 2012-02-17 23:51 -------- d-----w- c:\program files (x86)\mIRC
2012-02-17 05:44 . 2012-02-18 06:40 -------- d-----w- C:\rsit
2012-02-17 05:44 . 2012-02-17 05:44 -------- d-----w- c:\program files\trend micro
2012-02-15 03:47 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:47 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 03:47 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:47 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 03:47 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 03:47 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 03:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 20:49 . 2012-02-10 20:49 -------- d-----w- C:\AMD
2012-02-01 03:15 . 2012-02-10 20:50 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-01 03:13 . 2012-02-01 03:15 -------- d-----w- c:\program files\HitmanPro
2012-02-01 03:12 . 2012-02-01 03:15 -------- d-----w- c:\programdata\HitmanPro
2012-01-31 06:39 . 2012-01-31 06:39 -------- d-----w- c:\users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 06:38 . 2012-01-31 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-31 06:38 . 2012-01-31 06:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-31 06:35 . 2012-01-31 06:35 388096 ----a-r- c:\users\Caleb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 06:35 . 2012-01-31 06:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-31 01:05 . 2012-01-31 01:05 -------- d-----w- C:\cinject_0.4.3
2012-01-31 00:40 . 2012-01-31 00:40 -------- d-----w- c:\program files (x86)\Safari
2012-01-30 04:40 . 2012-02-18 06:31 -------- d-----w- c:\users\Caleb\AppData\Local\Spotify
2012-01-30 04:40 . 2012-02-18 06:16 -------- d-----w- c:\users\Caleb\AppData\Roaming\Spotify
2012-01-26 06:37 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:43 . 2011-03-01 23:10 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-10 20:43 . 2011-03-01 23:10 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-10 20:43 . 2011-03-01 23:10 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 10:24 . 2012-01-17 10:24 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24 448512 ----a-w- c:\windows\system32\html.iec
2012-01-17 10:24 . 2012-01-17 10:24 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-17 10:24 . 2012-01-17 10:24 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-17 10:24 . 2012-01-17 10:24 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-01 19:03 . 2011-05-17 16:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 06:04 . 2011-03-01 23:10 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-18 06:04 . 2011-03-01 23:10 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-12-10 21:24 . 2011-04-02 06:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-02-26 01:11 256960 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"FILE NAME"="c:\program files (x86)\Razer\Nostromo\t2Hid.exe" [2011-02-21 254976]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"FastFox"="c:\program files (x86)\NCH Software\FastFox\fastfox.exe" [2012-01-30 721412]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteDir[B64] WIPE_B64.TMP"="RD" [X]
"DeleteDir[B82] Alien Arena 7_50"="RD" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-29 240288]
.
c:\users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-9-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2009-05-28 43704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta;c:\windows\system32\DRIVERS\dualshock3_x64.sys
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-02-01 105800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC0C7.tmp [2011-07-02 102400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-10 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-19 360960]
R2 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-19 614400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000Core.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000UA.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"combofix"="c:\combofix\CF10159.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelContextmenu"="del" [X]
"combofix"="c:\combofix\CF10159.3XE" [2010-11-21 345088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Toolbar-Locked - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC0C7.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,1e,45,aa,f8,44,39,70,f2,eb,9b,c8,c7,1c,4e,b1,42,b3,8d,0c,bb,67,34,
b8,6f,b0,75,26,f7,7a,52,ca,c0,63,03,e5,ac,ae,6c,cd,0a,24,dd,0f,f4,d3,26,be,\
"??"=hex:3a,77,22,69,6d,c5,c6,1c,be,d9,b0,24,93,d3,99,26
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,a3,52,82,2e,11,c6,f7,44,b3,89,ba,e0,2d,2d,2e,02,0c,dc,71,02,
5d,33,4c,94,3d,f3,29,72,6b,59,11,e6,57,66,67,92,f1,dc,6b,17,d9,8c,ce,10,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-22 16:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 22:37
.
Pre-Run: 654,473,363,456 bytes free
Post-Run: 657,000,640,512 bytes free
.
- - End Of File - - 9F83AF28BC382C95099D28ECBA098769
Any improvement in the symptoms?
Quote from: cspence2393 on February 21, 2012, 01:58:36 AM
Symptoms:
Unable to use notepad, command prompt, change time and date, device manager, etc.
Gradually slower response times until computer is unusable.
Repeated black screens of death (after log in only a cursor appears) requiring fixing the boot record.
Interference with security software including scans.
Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-24 05:52:46
# local_time=2012-02-23 11:52:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81602525 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=337117
# found=3
# cleaned=0
# scan_time=3690
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I
Booting not in safe mode results in a black screen of death. I can fix the boot record but I have to repeat the process each time. Safe mode is fine.
Please download the
TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky... save it to your Desktop.
<-Important!!!- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
- Click the Start Scan button. Do not use the computer during the scan!
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
19:36:53.0369 1780 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
19:36:53.0759 1780 ============================================================
19:36:53.0759 1780 Current date / time: 2012/02/24 19:36:53.0759
19:36:53.0759 1780 SystemInfo:
19:36:53.0759 1780
19:36:53.0759 1780 OS Version: 6.1.7601 ServicePack: 1.0
19:36:53.0759 1780 Product type: Workstation
19:36:53.0759 1780 ComputerName: CALEB-VM
19:36:53.0759 1780 UserName: Caleb
19:36:53.0759 1780 Windows directory: C:\Windows
19:36:53.0759 1780 System windows directory: C:\Windows
19:36:53.0759 1780 Running under WOW64
19:36:53.0759 1780 Processor architecture: Intel x64
19:36:53.0759 1780 Number of processors: 4
19:36:53.0759 1780 Page size: 0x1000
19:36:53.0759 1780 Boot type: Safe boot with network
19:36:53.0759 1780 ============================================================
19:36:54.0508 1780 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
19:36:54.0508 1780 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:36:54.0539 1780 \Device\Harddisk0\DR0:
19:36:54.0539 1780 MBR used
19:36:54.0539 1780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:36:54.0570 1780 Initialize success
19:36:54.0570 1780 ============================================================
19:37:47.0042 2512 ============================================================
19:37:47.0042 2512 Scan started
19:37:47.0043 2512 Mode: Manual;
19:37:47.0043 2512 ============================================================
19:37:47.0922 2512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:37:47.0924 2512 1394ohci - ok
19:37:47.0943 2512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:37:47.0946 2512 ACPI - ok
19:37:47.0970 2512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:37:47.0971 2512 AcpiPmi - ok
19:37:48.0008 2512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:37:48.0013 2512 adp94xx - ok
19:37:48.0052 2512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:37:48.0056 2512 adpahci - ok
19:37:48.0069 2512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:37:48.0071 2512 adpu320 - ok
19:37:48.0121 2512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:37:48.0124 2512 AFD - ok
19:37:48.0180 2512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:37:48.0181 2512 agp440 - ok
19:37:48.0213 2512 ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys
19:37:48.0215 2512 ahcix64s - ok
19:37:48.0250 2512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:37:48.0251 2512 aliide - ok
19:37:48.0276 2512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:37:48.0277 2512 amdide - ok
19:37:48.0301 2512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:37:48.0302 2512 AmdK8 - ok
19:37:48.0432 2512 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:48.0523 2512 amdkmdag - ok
19:37:48.0569 2512 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
19:37:48.0569 2512 amdkmdap - ok
19:37:48.0601 2512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:37:48.0601 2512 AmdPPM - ok
19:37:48.0647 2512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:37:48.0647 2512 amdsata - ok
19:37:48.0663 2512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:37:48.0663 2512 amdsbs - ok
19:37:48.0679 2512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:37:48.0679 2512 amdxata - ok
19:37:48.0725 2512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:37:48.0725 2512 AppID - ok
19:37:48.0819 2512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:37:48.0819 2512 arc - ok
19:37:48.0835 2512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:37:48.0835 2512 arcsas - ok
19:37:48.0835 2512 AsIO - ok
19:37:48.0881 2512 AsUpIO - ok
19:37:48.0897 2512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:48.0897 2512 AsyncMac - ok
19:37:48.0928 2512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:37:48.0928 2512 atapi - ok
19:37:48.0959 2512 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:37:48.0959 2512 AtiHDAudioService - ok
19:37:49.0006 2512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:37:49.0022 2512 b06bdrv - ok
19:37:49.0084 2512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:49.0084 2512 b57nd60a - ok
19:37:49.0100 2512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:37:49.0100 2512 Beep - ok
19:37:49.0131 2512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:49.0131 2512 blbdrive - ok
19:37:49.0178 2512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:37:49.0178 2512 bowser - ok
19:37:49.0193 2512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:37:49.0193 2512 BrFiltLo - ok
19:37:49.0209 2512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:37:49.0209 2512 BrFiltUp - ok
19:37:49.0303 2512 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:37:49.0303 2512 BridgeMP - ok
19:37:49.0318 2512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:37:49.0334 2512 Brserid - ok
19:37:49.0349 2512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:49.0349 2512 BrSerWdm - ok
19:37:49.0381 2512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:49.0381 2512 BrUsbMdm - ok
19:37:49.0396 2512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:49.0396 2512 BrUsbSer - ok
19:37:49.0427 2512 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
19:37:49.0427 2512 BTCFilterService - ok
19:37:49.0459 2512 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:37:49.0459 2512 BthEnum - ok
19:37:49.0521 2512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:37:49.0521 2512 BTHMODEM - ok
19:37:49.0568 2512 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:37:49.0568 2512 BthPan - ok
19:37:49.0615 2512 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
19:37:49.0630 2512 BTHPORT - ok
19:37:49.0661 2512 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
19:37:49.0661 2512 BTHUSB - ok
19:37:49.0693 2512 btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
19:37:49.0693 2512 btwaudio - ok
19:37:49.0724 2512 btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
19:37:49.0724 2512 btwavdt - ok
19:37:49.0817 2512 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:37:49.0817 2512 btwl2cap - ok
19:37:49.0833 2512 btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
19:37:49.0833 2512 btwrchid - ok
19:37:49.0880 2512 catchme - ok
19:37:49.0895 2512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:49.0895 2512 cdfs - ok
19:37:49.0927 2512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:49.0927 2512 cdrom - ok
19:37:49.0989 2512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:37:49.0989 2512 circlass - ok
19:37:50.0020 2512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:37:50.0020 2512 CLFS - ok
19:37:50.0067 2512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:37:50.0068 2512 CmBatt - ok
19:37:50.0080 2512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:37:50.0081 2512 cmdide - ok
19:37:50.0114 2512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:37:50.0118 2512 CNG - ok
19:37:50.0145 2512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:37:50.0146 2512 Compbatt - ok
19:37:50.0170 2512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:37:50.0170 2512 CompositeBus - ok
19:37:50.0212 2512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:37:50.0213 2512 crcdisk - ok
19:37:50.0245 2512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:37:50.0246 2512 DfsC - ok
19:37:50.0259 2512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:37:50.0259 2512 discache - ok
19:37:50.0273 2512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:37:50.0274 2512 Disk - ok
19:37:50.0303 2512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:37:50.0303 2512 drmkaud - ok
19:37:50.0333 2512 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:37:50.0336 2512 dtsoftbus01 - ok
19:37:50.0363 2512 dualshock3 (578af51b92667da718cc0a061edc0e33) C:\Windows\system32\DRIVERS\dualshock3_x64.sys
19:37:50.0364 2512 dualshock3 - ok
19:37:50.0420 2512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:50.0429 2512 DXGKrnl - ok
19:37:50.0482 2512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:37:50.0512 2512 ebdrv - ok
19:37:50.0568 2512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:37:50.0573 2512 elxstor - ok
19:37:50.0633 2512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:37:50.0634 2512 ErrDev - ok
19:37:50.0655 2512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:37:50.0657 2512 exfat - ok
19:37:50.0681 2512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:37:50.0683 2512 fastfat - ok
19:37:50.0701 2512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:37:50.0702 2512 fdc - ok
19:37:50.0711 2512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:37:50.0712 2512 FileInfo - ok
19:37:50.0739 2512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:37:50.0739 2512 Filetrace - ok
19:37:50.0754 2512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:37:50.0755 2512 flpydisk - ok
19:37:50.0786 2512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:37:50.0789 2512 FltMgr - ok
19:37:50.0805 2512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:37:50.0805 2512 FsDepends - ok
19:37:50.0859 2512 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:50.0859 2512 Fs_Rec - ok
19:37:51.0003 2512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:37:51.0004 2512 fvevol - ok
19:37:51.0019 2512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:37:51.0020 2512 gagp30kx - ok
19:37:51.0053 2512 gbridge (830e853d557da8f4d9449699e53cbee0) C:\Windows\system32\DRIVERS\gbridge64.sys
19:37:51.0054 2512 gbridge - ok
19:37:51.0102 2512 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:51.0103 2512 GEARAspiWDM - ok
19:37:51.0136 2512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:37:51.0137 2512 hcw85cir - ok
19:37:51.0180 2512 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:37:51.0184 2512 HdAudAddService - ok
19:37:51.0206 2512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:51.0207 2512 HDAudBus - ok
19:37:51.0264 2512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:37:51.0264 2512 HidBatt - ok
19:37:51.0279 2512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:37:51.0280 2512 HidBth - ok
19:37:51.0302 2512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:37:51.0303 2512 HidIr - ok
19:37:51.0338 2512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:51.0339 2512 HidUsb - ok
19:37:51.0381 2512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:37:51.0382 2512 HpSAMD - ok
19:37:51.0421 2512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:37:51.0427 2512 HTTP - ok
19:37:51.0482 2512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:37:51.0483 2512 hwpolicy - ok
19:37:51.0517 2512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:51.0519 2512 i8042prt - ok
19:37:51.0554 2512 iaStor (5f118f3081afbc833a2d9cd1c213411a) C:\Windows\system32\drivers\iaStor.sys
19:37:51.0559 2512 iaStor - ok
19:37:51.0587 2512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:37:51.0591 2512 iaStorV - ok
19:37:51.0616 2512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:37:51.0616 2512 iirsp - ok
19:37:51.0628 2512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:37:51.0629 2512 intelide - ok
19:37:51.0695 2512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:51.0696 2512 intelppm - ok
19:37:51.0723 2512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:51.0723 2512 IpFilterDriver - ok
19:37:51.0738 2512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:37:51.0739 2512 IPMIDRV - ok
19:37:51.0754 2512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:37:51.0756 2512 IPNAT - ok
19:37:51.0804 2512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:37:51.0805 2512 IRENUM - ok
19:37:51.0826 2512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:37:51.0826 2512 isapnp - ok
19:37:51.0844 2512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:37:51.0879 2512 iScsiPrt - ok
19:37:51.0943 2512 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
19:37:51.0945 2512 ISODrive - ok
19:37:51.0989 2512 iZ3DInjectionDriver (ae72046ad733d2764d5de373de0cc180) C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys
19:37:51.0991 2512 iZ3DInjectionDriver - ok
19:37:52.0044 2512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:52.0045 2512 kbdclass - ok
19:37:52.0064 2512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:52.0065 2512 kbdhid - ok
19:37:52.0107 2512 KORGUMDS (b3f33ead5e5ad0704c4ae8d9cb2d4a2e) C:\Windows\system32\Drivers\KORGUM64.SYS
19:37:52.0108 2512 KORGUMDS - ok
19:37:52.0135 2512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:37:52.0136 2512 KSecDD - ok
19:37:52.0157 2512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:37:52.0158 2512 KSecPkg - ok
19:37:52.0175 2512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:37:52.0175 2512 ksthunk - ok
19:37:52.0263 2512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:52.0263 2512 lltdio - ok
19:37:52.0328 2512 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
19:37:52.0329 2512 LMIInfo - ok
19:37:52.0380 2512 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
19:37:52.0380 2512 lmimirr - ok
19:37:52.0395 2512 LMIRfsClientNP - ok
19:37:52.0412 2512 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
19:37:52.0413 2512 LMIRfsDriver - ok
19:37:52.0463 2512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:37:52.0480 2512 LSI_FC - ok
19:37:52.0519 2512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:37:52.0521 2512 LSI_SAS - ok
19:37:52.0547 2512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:37:52.0548 2512 LSI_SAS2 - ok
19:37:52.0569 2512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:52.0570 2512 LSI_SCSI - ok
19:37:52.0607 2512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:37:52.0608 2512 luafv - ok
19:37:52.0633 2512 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
19:37:52.0634 2512 ManyCam - ok
19:37:52.0664 2512 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:37:52.0665 2512 MBAMProtector - ok
19:37:52.0716 2512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:37:52.0717 2512 megasas - ok
19:37:52.0763 2512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:37:52.0766 2512 MegaSR - ok
19:37:52.0810 2512 MegaSR1 (99f2b93c85f76722919133f656ea2958) C:\Windows\system32\drivers\MegaSR1.sys
19:37:52.0815 2512 MegaSR1 - ok
19:37:52.0862 2512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:37:52.0862 2512 Modem - ok
19:37:52.0915 2512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:37:52.0916 2512 monitor - ok
19:37:52.0952 2512 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
19:37:52.0952 2512 motandroidusb - ok
19:37:53.0009 2512 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
19:37:53.0010 2512 motccgp - ok
19:37:53.0041 2512 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:37:53.0042 2512 motccgpfl - ok
19:37:53.0083 2512 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
19:37:53.0085 2512 MotioninJoyXFilter - ok
19:37:53.0108 2512 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
19:37:53.0109 2512 motmodem - ok
19:37:53.0165 2512 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
19:37:53.0165 2512 MotoSwitchService - ok
19:37:53.0179 2512 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:37:53.0180 2512 Motousbnet - ok
19:37:53.0202 2512 motport (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motport.sys
19:37:53.0203 2512 motport - ok
19:37:53.0237 2512 motusbdevice - ok
19:37:53.0271 2512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:53.0272 2512 mouclass - ok
19:37:53.0293 2512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:53.0293 2512 mouhid - ok
19:37:53.0307 2512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:37:53.0308 2512 mountmgr - ok
19:37:53.0329 2512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:37:53.0331 2512 mpio - ok
19:37:53.0346 2512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:37:53.0347 2512 mpsdrv - ok
19:37:53.0366 2512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:37:53.0367 2512 MRxDAV - ok
19:37:53.0411 2512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:53.0412 2512 mrxsmb - ok
19:37:53.0444 2512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:53.0446 2512 mrxsmb10 - ok
19:37:53.0454 2512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:53.0454 2512 mrxsmb20 - ok
19:37:53.0480 2512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:37:53.0481 2512 msahci - ok
19:37:53.0500 2512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:37:53.0506 2512 msdsm - ok
19:37:53.0525 2512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:37:53.0525 2512 Msfs - ok
19:37:53.0548 2512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:37:53.0548 2512 mshidkmdf - ok
19:37:53.0575 2512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:37:53.0576 2512 msisadrv - ok
19:37:53.0632 2512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:53.0632 2512 MSKSSRV - ok
19:37:53.0648 2512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:53.0649 2512 MSPCLOCK - ok
19:37:53.0671 2512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:37:53.0671 2512 MSPQM - ok
19:37:53.0694 2512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:37:53.0697 2512 MsRPC - ok
19:37:53.0723 2512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:53.0724 2512 mssmbios - ok
19:37:53.0747 2512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:37:53.0747 2512 MSTEE - ok
19:37:53.0761 2512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:37:53.0761 2512 MTConfig - ok
19:37:53.0789 2512 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
19:37:53.0789 2512 MTsensor - ok
19:37:53.0808 2512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:37:53.0809 2512 Mup - ok
19:37:53.0860 2512 mv91cons (b54b122dcea87b66c6dc4a364fb1453f) C:\Windows\system32\drivers\mv91cons.sys
19:37:53.0860 2512 mv91cons - ok
19:37:53.0885 2512 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\drivers\mv91xx.sys
19:37:53.0886 2512 mv91xx - ok
19:37:53.0918 2512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:53.0920 2512 NativeWifiP - ok
19:37:53.0953 2512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:37:53.0961 2512 NDIS - ok
19:37:53.0986 2512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:53.0986 2512 NdisCap - ok
19:37:54.0014 2512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:54.0014 2512 NdisTapi - ok
19:37:54.0054 2512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:54.0055 2512 Ndisuio - ok
19:37:54.0063 2512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:54.0064 2512 NdisWan - ok
19:37:54.0080 2512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:37:54.0081 2512 NDProxy - ok
19:37:54.0100 2512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:37:54.0100 2512 NetBIOS - ok
19:37:54.0110 2512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:37:54.0111 2512 NetBT - ok
19:37:54.0149 2512 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
19:37:54.0156 2512 netr7364 - ok
19:37:54.0189 2512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:37:54.0190 2512 nfrd960 - ok
19:37:54.0238 2512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:37:54.0238 2512 Npfs - ok
19:37:54.0250 2512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:37:54.0250 2512 nsiproxy - ok
19:37:54.0296 2512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:37:54.0311 2512 Ntfs - ok
19:37:54.0322 2512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:37:54.0322 2512 Null - ok
19:37:54.0351 2512 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:37:54.0352 2512 nusb3hub - ok
19:37:54.0380 2512 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:37:54.0389 2512 nusb3xhc - ok
19:37:54.0449 2512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:37:54.0451 2512 nvraid - ok
19:37:54.0482 2512 nvrd64 (8787d3eece88611a313de7608c44c04d) C:\Windows\system32\drivers\nvrd64.sys
19:37:54.0485 2512 nvrd64 - ok
19:37:54.0502 2512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:37:54.0504 2512 nvstor - ok
19:37:54.0545 2512 nvstor64 (f3d7b0ede156583f6fd3d2b5e898e2b6) C:\Windows\system32\drivers\nvstor64.sys
19:37:54.0546 2512 nvstor64 - ok
19:37:54.0575 2512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:37:54.0576 2512 nv_agp - ok
19:37:54.0625 2512 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
19:37:54.0628 2512 OA002Afx - ok
19:37:54.0645 2512 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
19:37:54.0647 2512 OA002Ufd - ok
19:37:54.0682 2512 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
19:37:54.0685 2512 OA002Vid - ok
19:37:54.0704 2512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:37:54.0704 2512 ohci1394 - ok
19:37:54.0728 2512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:37:54.0729 2512 Parport - ok
19:37:54.0752 2512 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:37:54.0752 2512 partmgr - ok
19:37:54.0762 2512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:37:54.0763 2512 pci - ok
19:37:54.0776 2512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:37:54.0776 2512 pciide - ok
19:37:54.0811 2512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:37:54.0813 2512 pcmcia - ok
19:37:54.0861 2512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:37:54.0861 2512 pcw - ok
19:37:54.0877 2512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:37:54.0882 2512 PEAUTH - ok
19:37:54.0906 2512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:54.0906 2512 PptpMiniport - ok
19:37:54.0927 2512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:37:54.0928 2512 Processor - ok
19:37:54.0977 2512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:37:54.0977 2512 Psched - ok
19:37:55.0027 2512 PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
19:37:55.0028 2512 PTQHBUS - ok
19:37:55.0065 2512 PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
19:37:55.0067 2512 PTQHMDM - ok
19:37:55.0086 2512 PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
19:37:55.0088 2512 PTQHVSP - ok
19:37:55.0134 2512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:37:55.0148 2512 ql2300 - ok
19:37:55.0168 2512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:37:55.0169 2512 ql40xx - ok
19:37:55.0185 2512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:37:55.0185 2512 QWAVEdrv - ok
19:37:55.0206 2512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:55.0207 2512 RasAcd - ok
19:37:55.0288 2512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:55.0288 2512 RasAgileVpn - ok
19:37:55.0301 2512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:55.0302 2512 Rasl2tp - ok
19:37:55.0311 2512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:55.0311 2512 RasPppoe - ok
19:37:55.0319 2512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:55.0319 2512 RasSstp - ok
19:37:55.0329 2512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:55.0331 2512 rdbss - ok
19:37:55.0358 2512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:37:55.0359 2512 rdpbus - ok
19:37:55.0380 2512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:55.0380 2512 RDPCDD - ok
19:37:55.0413 2512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:37:55.0413 2512 RDPENCDD - ok
19:37:55.0421 2512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:37:55.0421 2512 RDPREFMP - ok
19:37:55.0445 2512 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:37:55.0446 2512 RDPWD - ok
19:37:55.0498 2512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:37:55.0499 2512 rdyboost - ok
19:37:55.0574 2512 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:37:55.0576 2512 RFCOMM - ok
19:37:55.0600 2512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:55.0600 2512 rspndr - ok
19:37:55.0630 2512 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
19:37:55.0632 2512 RTHDMIAzAudService - ok
19:37:55.0661 2512 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:37:55.0665 2512 RTL8167 - ok
19:37:55.0703 2512 rtl8190pn64 (a052fec0974fa649dab1f01cf96f45d7) C:\Windows\system32\DRIVERS\rtl8190p.sys
19:37:55.0708 2512 rtl8190pn64 - ok
19:37:55.0760 2512 rtl819xpn64 (ad462be7b3899e4f1ac2256381578b2c) C:\Windows\system32\DRIVERS\rtl819xp.sys
19:37:55.0766 2512 rtl819xpn64 - ok
19:37:55.0796 2512 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
19:37:55.0797 2512 RzSynapse - ok
19:37:55.0872 2512 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:37:55.0873 2512 SASDIFSV - ok
19:37:55.0875 2512 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:37:55.0876 2512 SASKUTIL - ok
19:37:55.0901 2512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:37:55.0902 2512 sbp2port - ok
19:37:55.0938 2512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:37:55.0939 2512 scfilter - ok
19:37:55.0988 2512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:37:55.0988 2512 secdrv - ok
19:37:56.0031 2512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:37:56.0031 2512 Serenum - ok
19:37:56.0043 2512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:37:56.0045 2512 Serial - ok
19:37:56.0062 2512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:37:56.0062 2512 sermouse - ok
19:37:56.0080 2512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:37:56.0080 2512 sffdisk - ok
19:37:56.0102 2512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:56.0102 2512 sffp_mmc - ok
19:37:56.0109 2512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:37:56.0110 2512 sffp_sd - ok
19:37:56.0130 2512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:37:56.0130 2512 sfloppy - ok
19:37:56.0190 2512 Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
19:37:56.0193 2512 Si3124r5 - ok
19:37:56.0234 2512 SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
19:37:56.0235 2512 SiFilter - ok
19:37:56.0242 2512 SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
19:37:56.0243 2512 SiRemFil - ok
19:37:56.0276 2512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:37:56.0276 2512 SiSRaid2 - ok
19:37:56.0293 2512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:37:56.0294 2512 SiSRaid4 - ok
19:37:56.0317 2512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:37:56.0318 2512 Smb - ok
19:37:56.0349 2512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:37:56.0350 2512 spldr - ok
19:37:56.0377 2512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:37:56.0380 2512 srv - ok
19:37:56.0405 2512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:37:56.0408 2512 srv2 - ok
19:37:56.0416 2512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:37:56.0417 2512 srvnet - ok
19:37:56.0482 2512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:37:56.0482 2512 stexstor - ok
19:37:56.0501 2512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:37:56.0502 2512 swenum - ok
19:37:56.0537 2512 T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
19:37:56.0537 2512 T2Fltr - ok
19:37:56.0588 2512 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:37:56.0605 2512 Tcpip - ok
19:37:56.0647 2512 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:37:56.0652 2512 TCPIP6 - ok
19:37:56.0669 2512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:37:56.0670 2512 tcpipreg - ok
19:37:56.0723 2512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:37:56.0723 2512 TDPIPE - ok
19:37:56.0734 2512 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:37:56.0734 2512 TDTCP - ok
19:37:56.0761 2512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:37:56.0761 2512 tdx - ok
19:37:56.0784 2512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:37:56.0785 2512 TermDD - ok
19:37:56.0815 2512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:56.0816 2512 tssecsrv - ok
19:37:56.0851 2512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:37:56.0851 2512 TsUsbFlt - ok
19:37:56.0870 2512 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:37:56.0870 2512 TsUsbGD - ok
19:37:56.0930 2512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:37:56.0931 2512 tunnel - ok
19:37:56.0953 2512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:37:56.0954 2512 uagp35 - ok
19:37:56.0973 2512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:37:56.0975 2512 udfs - ok
19:37:56.0985 2512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:37:56.0986 2512 uliagpkx - ok
19:37:57.0005 2512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:37:57.0006 2512 umbus - ok
19:37:57.0021 2512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:37:57.0022 2512 UmPass - ok
19:37:57.0061 2512 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:37:57.0062 2512 USBAAPL64 - ok
19:37:57.0104 2512 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:37:57.0105 2512 usbaudio - ok
19:37:57.0163 2512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:57.0164 2512 usbccgp - ok
19:37:57.0206 2512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:37:57.0207 2512 usbcir - ok
19:37:57.0228 2512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:37:57.0229 2512 usbehci - ok
19:37:57.0247 2512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:37:57.0251 2512 usbhub - ok
19:37:57.0266 2512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:37:57.0267 2512 usbohci - ok
19:37:57.0344 2512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:37:57.0345 2512 usbprint - ok
19:37:57.0368 2512 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:37:57.0369 2512 usbscan - ok
19:37:57.0391 2512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:57.0392 2512 USBSTOR - ok
19:37:57.0430 2512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:37:57.0431 2512 usbuhci - ok
19:37:57.0479 2512 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:37:57.0481 2512 usbvideo - ok
19:37:57.0581 2512 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:37:57.0583 2512 VBoxDrv - ok
19:37:57.0630 2512 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:37:57.0632 2512 VBoxNetAdp - ok
19:37:57.0646 2512 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:37:57.0648 2512 VBoxNetFlt - ok
19:37:57.0659 2512 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:37:57.0661 2512 VBoxUSBMon - ok
19:37:57.0695 2512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:37:57.0696 2512 vdrvroot - ok
19:37:57.0728 2512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:57.0728 2512 vga - ok
19:37:57.0736 2512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:37:57.0736 2512 VgaSave - ok
19:37:57.0755 2512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:37:57.0757 2512 vhdmp - ok
19:37:57.0854 2512 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
19:37:57.0865 2512 VIAHdAudAddService - ok
19:37:57.0882 2512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:37:57.0883 2512 viaide - ok
19:37:57.0918 2512 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
19:37:57.0919 2512 VJoystick - ok
19:37:57.0937 2512 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
19:37:57.0937 2512 VKbms - ok
19:37:57.0967 2512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:37:57.0968 2512 volmgr - ok
19:37:57.0978 2512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:37:57.0981 2512 volmgrx - ok
19:37:57.0991 2512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:37:57.0994 2512 volsnap - ok
19:37:58.0053 2512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:37:58.0055 2512 vsmraid - ok
19:37:58.0077 2512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:37:58.0077 2512 vwifibus - ok
19:37:58.0103 2512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:58.0103 2512 vwififlt - ok
19:37:58.0128 2512 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:37:58.0128 2512 vwifimp - ok
19:37:58.0147 2512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:37:58.0148 2512 WacomPen - ok
19:37:58.0189 2512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:58.0190 2512 WANARP - ok
19:37:58.0192 2512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:58.0192 2512 Wanarpv6 - ok
19:37:58.0226 2512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:37:58.0227 2512 Wd - ok
19:37:58.0240 2512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:37:58.0245 2512 Wdf01000 - ok
19:37:58.0329 2512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:58.0329 2512 WfpLwf - ok
19:37:58.0354 2512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:37:58.0354 2512 WIMMount - ok
19:37:58.0408 2512 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:37:58.0409 2512 WinUsb - ok
19:37:58.0448 2512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:37:58.0449 2512 WmiAcpi - ok
19:37:58.0489 2512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:37:58.0489 2512 ws2ifsl - ok
19:37:58.0541 2512 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:37:58.0542 2512 WSDPrintDevice - ok
19:37:58.0561 2512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:37:58.0562 2512 WudfPf - ok
19:37:58.0571 2512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:58.0573 2512 WUDFRd - ok
19:37:58.0605 2512 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
19:37:58.0606 2512 xusb21 - ok
19:37:58.0653 2512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:37:58.0696 2512 \Device\Harddisk0\DR0 - ok
19:37:58.0697 2512 Boot (0x1200) (958086814565f7cd71b2545bdbc42ba5) \Device\Harddisk0\DR0\Partition0
19:37:58.0698 2512 \Device\Harddisk0\DR0\Partition0 - ok
19:37:58.0698 2512 ============================================================
19:37:58.0698 2512 Scan finished
19:37:58.0698 2512 ============================================================
19:37:58.0711 2608 Detected object count: 0
19:37:58.0711 2608 Actual detected object count: 0
20:06:46.0956 0976 Deinitialize success
Hi, cspence2393
Let's take care of the findings from the ESET scan. Please uninstall the following:
Bulletstorm-->MsiExec.exe /I{45410935-3E72-472B-8C35-AB1000008200}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
Bulletstorm-->MsiExec.exe /X{45410935-3E72-472B-8C35-AB1000008200}
Ubisoft Game LauncherAfter uninstalling, check Program Files and delete the folders if left behind:
C:\Program Files (x86)\EA\Bulletstorm\
C:\Program Files (x86)\Ubisoft\Next,
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
File::
BestUninstallTool_Setup.exe
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 12-02-21.01 - Caleb 02/25/2012 22:35:00.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2866 [GMT -6:00]
Running from: c:\users\Caleb\Desktop\ComboFix.exe
Command switches used :: c:\users\Caleb\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 04:35 . 2012-02-26 04:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-26 04:35 . 2012-02-26 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 04:46 . 2012-02-24 04:46 -------- d-----w- c:\program files (x86)\ESET
2012-02-22 04:50 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04791B3-C41D-444F-A5AE-B2EB035CB6D2}\mpengine.dll
2012-02-19 00:57 . 2012-02-19 00:57 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-19 00:57 . 2012-02-19 00:57 -------- d-----w- c:\program files\Unlocker
2012-02-17 23:51 . 2012-02-18 06:06 -------- d-----w- c:\users\Caleb\AppData\Roaming\mIRC
2012-02-17 23:51 . 2012-02-17 23:51 -------- d-----w- c:\program files (x86)\mIRC
2012-02-17 05:44 . 2012-02-18 06:40 -------- d-----w- C:\rsit
2012-02-17 05:44 . 2012-02-17 05:44 -------- d-----w- c:\program files\trend micro
2012-02-15 03:47 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:47 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 03:47 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:47 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 03:47 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 03:47 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 03:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 20:49 . 2012-02-10 20:49 -------- d-----w- C:\AMD
2012-02-01 03:15 . 2012-02-10 20:50 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-01 03:13 . 2012-02-01 03:15 -------- d-----w- c:\program files\HitmanPro
2012-02-01 03:12 . 2012-02-01 03:15 -------- d-----w- c:\programdata\HitmanPro
2012-01-31 06:39 . 2012-01-31 06:39 -------- d-----w- c:\users\Caleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-31 06:38 . 2012-01-31 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-31 06:38 . 2012-01-31 06:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-31 06:35 . 2012-01-31 06:35 388096 ----a-r- c:\users\Caleb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 06:35 . 2012-01-31 06:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-31 01:05 . 2012-01-31 01:05 -------- d-----w- C:\cinject_0.4.3
2012-01-31 00:40 . 2012-01-31 00:40 -------- d-----w- c:\program files (x86)\Safari
2012-01-30 04:40 . 2012-02-18 06:31 -------- d-----w- c:\users\Caleb\AppData\Local\Spotify
2012-01-30 04:40 . 2012-02-18 06:16 -------- d-----w- c:\users\Caleb\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 20:43 . 2011-03-01 23:10 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-10 20:43 . 2011-03-01 23:10 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-10 20:43 . 2011-03-01 23:10 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 10:24 . 2012-01-17 10:24 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-17 10:24 . 2012-01-17 10:24 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-17 10:24 . 2012-01-17 10:24 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-17 10:24 . 2012-01-17 10:24 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-17 10:24 . 2012-01-17 10:24 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-17 10:24 . 2012-01-17 10:24 448512 ----a-w- c:\windows\system32\html.iec
2012-01-17 10:24 . 2012-01-17 10:24 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-17 10:24 . 2012-01-17 10:24 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-17 10:24 . 2012-01-17 10:24 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-17 10:24 . 2012-01-17 10:24 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-17 10:24 . 2012-01-17 10:24 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-17 10:24 . 2012-01-17 10:24 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-17 10:24 . 2012-01-17 10:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-17 10:24 . 2012-01-17 10:24 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-17 10:24 . 2012-01-17 10:24 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-17 10:24 . 2012-01-17 10:24 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-17 10:24 . 2012-01-17 10:24 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-17 10:24 . 2012-01-17 10:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-17 10:24 . 2012-01-17 10:24 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-01 19:03 . 2011-05-17 16:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 06:04 . 2011-03-01 23:10 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-18 06:04 . 2011-03-01 23:10 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-12-10 21:24 . 2011-04-02 06:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-02-26 01:11 256960 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"FILE NAME"="c:\program files (x86)\Razer\Nostromo\t2Hid.exe" [2011-02-21 254976]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"FastFox"="c:\program files (x86)\NCH Software\FastFox\fastfox.exe" [2012-01-30 721412]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteDir[B64] WIPE_B64.TMP"="RD" [X]
"DeleteDir[B82] Alien Arena 7_50"="RD" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-29 240288]
.
c:\users\Caleb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Caleb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-9-21 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2009-05-28 43704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dualshock3;SIXAXIS/DUALSHOCK3 (USB) Beta;c:\windows\system32\DRIVERS\dualshock3_x64.sys
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-02-01 105800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC0C7.tmp [2011-07-02 102400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-10 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-19 360960]
R2 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-19 614400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48823194
*Deregistered* - 48823194
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 02:52]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000Core.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821527708-2350592380-21829395-1000UA.job
- c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelContextmenu"="del" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\ilasm266.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111012&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC0C7.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,50,24,f9,4a,b1,45,4b,a3,68,54,\
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,1e,45,aa,f8,44,39,70,f2,eb,9b,c8,c7,1c,4e,b1,42,b3,8d,0c,bb,67,34,
b8,6f,b0,75,26,f7,7a,52,ca,c0,63,03,e5,ac,ae,6c,cd,0a,24,dd,0f,f4,d3,26,be,\
"??"=hex:3a,77,22,69,6d,c5,c6,1c,be,d9,b0,24,93,d3,99,26
.
[HKEY_USERS\S-1-5-21-2821527708-2350592380-21829395-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,a3,52,82,2e,11,c6,f7,44,b3,89,ba,e0,2d,2d,2e,02,0c,dc,71,02,
5d,33,4c,94,3d,f3,29,72,6b,59,11,e6,57,66,67,92,f1,dc,6b,17,d9,8c,ce,10,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Completion time: 2012-02-25 22:36:41
ComboFix-quarantined-files.txt 2012-02-26 04:36
ComboFix2.txt 2012-02-22 22:37
.
Pre-Run: 670,557,683,712 bytes free
Post-Run: 670,514,630,656 bytes free
.
- - End Of File - - 0EFC8C9E1DA7E9E147DEE964B7F84897
Why was ComboFix run in Safe Mode? You had been using Normal Mode previously.
I don't care for this from the log, although ComboFix has it deregistered.
Quote--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48823194
*Deregistered* - 48823194
Please do a new ESET scan, as instructed above (http://www.landzdown.com/analysis-and-malware-removal/no-help-from-two-other-removal-sites-referred-here/msg151071/#msg151071)
Combofix ran in reduced functionality mode because it wasnt the latest version any more as far as I can tell. I had it in normal mode before because it was the latest version. I didn't choose for it to do any of that and I didn't deregister it. I understand if I need to get a new version but you didn't mention it so I did what you said. Ill start the eset scan tonight and post the log later.
Hi, cspence2393.
If ComboFix prompted you to update, you most definitely should have done so.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-24 05:52:46
# local_time=2012-02-23 11:52:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81602525 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=337117
# found=3
# cleaned=0
# scan_time=3690
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6dbaaa35ad59614988e5bafb443d821a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-27 09:08:27
# local_time=2012-02-27 03:08:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 81872899 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=332861
# found=3
# cleaned=0
# scan_time=4258
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\com.inoxapps.finger_security1.apk a variant of Android/Adware.AirPush.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\net.ponury.faceniff.apk Android/HackTool.FaceNiff.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Caleb\Downloads\BestUninstallTool_Setup.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I
I don't know what to tell you. It appears that you are getting more malware rather than getting cleaned! One file in the new ESET scan is still on your computer from the previous scan but the other two are new, apparently backed up from your phone. Thus, I suggest you check the Android store for your phone for an antivirus software. If you know what apps you recently installed, I suggest removing them.
At this point, I suggest that you go to your downloads folder and delete BestUninstallTool_Setup.exe. My research confirms it is a trojan.
It is also recommended that you delete the following two files and remove them from your phone as well:
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\com.inoxapps.finger_security1.apk
C:\Users\Caleb\Documents\sdcopy\App_Manager\App_Backups\user_apps\net.ponury.faceniff.apk
What symptoms remain?
I think I forgot to check to scan archives last time which would account for those two apk files. They're just from a copy of my sd card from when I got a new one. I can delete them if necessary but I have them on my phone on purpose, and they aren't going to be executing anything on windows 7. They're not from a recent install, and phone is safe and sound.
As for the symptoms, I don't haven't tried to boot out of safe mode but once, and I had a black screen of death as expected. I know how to fix that, but have to repeat the process. I can check programs not running problem later tonight when I'm home.
I am now unable to get into boot windows normally and get KSOD no matter if I use the fix from prevx, fixmbr, or fixboot. Its definitely getting worse not better. I'm to the point now where I want the least painful way to get my files stored and reinstall windows 7.
Hi, cspence2393.
It appears that you are correct and a reinstall would be the best way to go. However, in the event you wish to pursue the BSOD issues, I have knowledgeable friends who have just opened a new forum specifically addressing BSODs and similar issues. You'll need to register and follow the instructions in this topic: Blue Screen of Death (BSOD) Posting Instructions - Windows 7 & Vista (http://199.193.246.210/~sysnativ/forums/showthread.php?42-Blue-Screen-of-Death-(BSOD)-Posting-Instructions-Windows-7-amp-Vista). You can also find them at Tech Support Forum: BSOD, App Crashes And Hangs (http://www.techsupportforum.com/forums/f299/).
If you decide to post at either of those sites, it may be helpful to them to provide a link back to this topic.
For completeness, please do the following to implement cleanup procedures and also to reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).
I don't have BSOD issues, I have KSOD (K for blacK). I just learned the shortened form recently. I ran the uninstall for combofix. Thanks for all your help.
Hi, cspence2393.
I agree that a clean install is the best path forward. The alternate suggestion of analysis was suggested because a KSOD or BSOD is generally triggered by a 3rd party service or software update or other unique combination, which could be determined by analysis of the logs from the tools used by those folks.
Take care.