Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can not load g-mail or goole on any pc in house [Solved]

Started by macdoo , Feb 16 2012 06:19 AM

  • This topic is locked This topic is locked
128 replies to this topic

#91 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 05:27 AM

Hi macdoo, Sounds good. We can continue in this thread

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove

#92 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 10:55 AM

ok I here on the suspected computer. It's not mine so I know ZERO about it. Don't even know what orerating sysytem.

#93 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 04:16 PM

Hi

Let's start with this.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next

Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • aswMBR log
  • mbr.zip (attached)
  • both OTL logs

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#94 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 05:19 PM

FYI this is still Macdoo / Heidi. I brought my brother in laws computer home since I'm becoming a pro at this. Here are the logs aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-03-01 17:49:36 ----------------------------- 17:49:36.493 OS Version: Windows x64 6.1.7601 Service Pack 1 17:49:36.493 Number of processors: 1 586 0x602 17:49:36.494 ComputerName: TED-PC UserName: Ted 17:49:37.411 Initialize success 17:50:23.332 AVAST engine defs: 12030101 17:51:00.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:51:00.971 Disk 0 Vendor: Hitachi_HTS725025A9A364 PC2OC72E Size: 238475MB BusType: 11 17:51:00.977 Device \Driver\atapi -> MajorFunction fffffa80028745c4 17:51:01.002 Disk 0 MBR read successfully 17:51:01.005 Disk 0 MBR scan 17:51:01.031 Disk 0 MBR:Pihar-C [Rtk] 17:51:01.034 Disk 0 TDL4@MBR code has been found 17:51:01.038 Disk 0 MBR hidden 17:51:01.047 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 17:51:01.057 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223611 MB offset 409600 17:51:01.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14560 MB offset 458364928 17:51:01.104 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808 17:51:01.111 Disk 0 MBR [TDL4] **ROOTKIT** 17:51:01.456 Disk 0 trace - called modules: 17:51:01.473 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80028745c4]<< 17:51:01.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024be060] 17:51:01.491 3 CLASSPNP.SYS[fffff8800110243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002476680] 17:51:01.498 \Driver\atapi[0xfffffa80027a6a40] -> IRP_MJ_CREATE -> 0xfffffa80028745c4 17:51:03.036 AVAST engine scan C:\Windows 17:51:05.045 AVAST engine scan C:\Windows\system32 17:54:03.658 AVAST engine scan C:\Windows\system32\drivers 17:54:16.047 AVAST engine scan C:\Users\Ted 17:59:02.760 AVAST engine scan C:\ProgramData 18:00:31.563 Scan finished successfully 18:01:25.675 Disk 0 MBR has been saved successfully to "C:\Users\Ted\Desktop\MBR.dat" 18:01:25.682 The log file has been saved successfully to "C:\Users\Ted\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   580bytes   256 downloads

Edited by macdoo, 01 March 2012 - 05:58 PM.

#95 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 06:24 PM

Hi macdoo, I see a major infection in the aswMBR log but I need the OTL logs before we can proceed. Please post them. Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#96 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 06:32 PM

guess i'm not a pro. i can only find this one



OTL logfile created on: 3/1/2012 7:00:10 PM - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 35.20% Memory free
3.90 Gb Paging File | 0.90 Gb Available in Paging File | 23.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 148.81 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE:64bit: - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...{...hTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...{...hTerms}&f=4
IE - HKCU\..\SearchScopes\{2005ACD9-727B-38B0-19F6-BE95434160E8}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...22&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ted\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/25 04:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 14:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 05:57:58 | 000,000,000 | ---D | M]

[2010/05/08 20:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Extensions
[2012/02/29 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/26 09:23:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\engine@conduit.com
[2011/03/26 09:24:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\piclens@cooliris.com
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\extensionManager
[2012/02/29 18:46:33 | 000,001,393 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\ajaxwhois-domain-search.xml
[2011/04/08 16:42:07 | 000,001,919 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\bing-zugo.xml
[2012/02/29 21:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/08 23:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/10 13:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/21 10:22:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/25 04:59:04 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/25 04:59:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...{...hTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Freemake Video Converter = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/22 15:55:15 | 000,000,855 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E99ED4-21AE-4C60-BF80-905DEF8BAF1D}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 01:52:08 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{4862bcd4-5b3c-11df-b565-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4862bcd4-5b3c-11df-b565-806e6f6e6963}\Shell\AutoRun\command - "" = F:\install.EXE id= ver=1.0.0.0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 18:02:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 17:48:47 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/02/22 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Facebook
[2012/02/16 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{780E1EAB-4F24-4977-B006-5F550A1077C4}
[2012/02/16 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{99712C03-8F46-4B4F-80B1-FC040550C60F}
[2012/02/16 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{020A6D07-6CD8-439F-9A84-BCC2F7E4C2D0}
[2012/02/16 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{BCBF0D45-80DE-4975-AA65-03A248DEA8C5}
[2012/02/16 01:00:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 01:00:37 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 01:00:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 01:00:29 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 01:00:16 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/16 01:00:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 01:00:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 01:00:14 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 01:00:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 01:00:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 01:00:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/03 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{0AF6D657-A8D4-4EC1-87BF-8831D761178F}

========== Files - Modified Within 30 Days ==========

[2012/03/01 19:00:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 18:09:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 18:01:51 | 000,000,580 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 18:01:25 | 000,000,512 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/03/01 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 06:58:45 | 029,606,317 | ---- | M] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:23:07 | 097,086,188 | ---- | M] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 22:00:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/29 20:17:06 | 1312,231,438 | ---- | M] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 19:10:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 15:20:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 15:20:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 12:29:32 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\BearShareNAG.job
[2012/02/29 12:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 12:29:08 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 05:17:51 | 048,442,644 | ---- | M] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 18:21:29 | 566,845,967 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 17:03:22 | 555,600,430 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:45:21 | 105,293,618 | ---- | M] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 14:11:02 | 554,484,464 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:39 | 011,084,510 | ---- | M] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:12:41 | 024,020,530 | ---- | M] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:53:41 | 027,498,265 | ---- | M] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:45:48 | 073,211,844 | ---- | M] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 19:07:10 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTed.job
[2012/02/27 17:44:22 | 559,288,807 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:17:05 | 046,251,650 | ---- | M] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:06:43 | 020,793,801 | ---- | M] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:56:57 | 043,659,600 | ---- | M] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:40 | 009,274,180 | ---- | M] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:13:09 | 042,070,755 | ---- | M] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [© RT].mp4.mp4
[2012/02/26 17:29:37 | 078,429,815 | ---- | M] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:12:03 | 034,597,824 | ---- | M] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:55:42 | 029,021,942 | ---- | M] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:43:52 | 026,063,381 | ---- | M] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:46:15 | 125,967,297 | ---- | M] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 15:55:15 | 000,000,855 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/22 14:41:48 | 1106,774,016 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:43:05 | 751,482,880 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | M] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:12:08 | 046,965,148 | ---- | M] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:25:03 | 030,939,136 | ---- | M] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 15:50:26 | 000,002,112 | ---- | M] () -- C:\Users\Ted\Documents\My Movie.wlmp
[2012/02/16 12:11:09 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 03:29:07 | 000,349,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:06:07 | 000,746,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:06:07 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:06:07 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 03:03:28 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 18:03:04 | 112,444,674 | ---- | M] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:42:33 | 033,720,263 | ---- | M] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/11 16:17:21 | 000,016,384 | ---- | M] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 18:26:12 | 171,671,552 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:15:43 | 084,099,072 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:11:13 | 130,314,163 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:12:59 | 092,242,723 | ---- | M] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:49 | 009,037,824 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:49 | 017,676,288 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:59:06 | 021,514,240 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:48 | 013,727,744 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:52:24 | 043,536,576 | ---- | M] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:44 | 002,684,928 | ---- | M] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 17:01:31 | 129,583,104 | ---- | M] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:30:45 | 029,382,656 | ---- | M] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:56 | 018,335,744 | ---- | M] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:10:33 | 061,759,488 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:09:15 | 084,449,280 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:54:18 | 083,034,112 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:52:30 | 075,280,384 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:50:23 | 094,457,856 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:46:02 | 091,342,848 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:56 | 081,702,912 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:39:12 | 056,938,496 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:37:23 | 075,126,784 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:33:58 | 075,816,960 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:58:44 | 1829,611,520 | ---- | M] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:53:55 | 064,983,040 | ---- | M] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:36 | 000,013,614 | ---- | M] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg

========== Files Created - No Company Name ==========

[2012/03/01 18:01:51 | 000,000,580 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 18:01:25 | 000,000,512 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 06:57:33 | 029,606,317 | ---- | C] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:17:36 | 097,086,188 | ---- | C] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 18:28:25 | 1312,231,438 | ---- | C] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:13:14 | 048,442,644 | ---- | C] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 17:36:25 | 566,845,967 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 16:24:04 | 555,600,430 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:30:43 | 105,293,618 | ---- | C] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 13:35:03 | 554,484,464 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:13 | 011,084,510 | ---- | C] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:11:26 | 024,020,530 | ---- | C] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:52:21 | 027,498,265 | ---- | C] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:41:19 | 073,211,844 | ---- | C] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 16:59:39 | 559,288,807 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:14:35 | 046,251,650 | ---- | C] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:05:49 | 020,793,801 | ---- | C] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:53:59 | 043,659,600 | ---- | C] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:16 | 009,274,180 | ---- | C] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:10:51 | 042,070,755 | ---- | C] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [© RT].mp4.mp4
[2012/02/26 17:24:01 | 078,429,815 | ---- | C] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:09:53 | 034,597,824 | ---- | C] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:54:29 | 029,021,942 | ---- | C] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:42:28 | 026,063,381 | ---- | C] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:37:45 | 125,967,297 | ---- | C] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 16:28:02 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/02/22 16:28:00 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/22 14:10:39 | 1106,774,016 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:26:44 | 751,482,880 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | C] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:09:55 | 046,965,148 | ---- | C] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:24:05 | 030,939,136 | ---- | C] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 03:03:28 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 17:55:11 | 112,444,674 | ---- | C] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:40:41 | 033,720,263 | ---- | C] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/10 18:17:17 | 171,671,552 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:12:55 | 084,099,072 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:03:21 | 130,314,163 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:07:13 | 092,242,723 | ---- | C] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:31 | 009,037,824 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:18 | 017,676,288 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:58:35 | 021,514,240 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:32 | 013,727,744 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:49:58 | 043,536,576 | ---- | C] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:40 | 002,684,928 | ---- | C] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 16:55:05 | 129,583,104 | ---- | C] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:29:54 | 029,382,656 | ---- | C] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:32 | 018,335,744 | ---- | C] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:09:53 | 061,759,488 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:08:13 | 084,449,280 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:53:22 | 083,034,112 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:51:18 | 075,280,384 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:49:24 | 094,457,856 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:45:03 | 091,342,848 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:02 | 081,702,912 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:38:11 | 056,938,496 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:36:03 | 075,126,784 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:32:51 | 075,816,960 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:23:25 | 1829,611,520 | ---- | C] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:52:25 | 064,983,040 | ---- | C] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:20 | 000,013,614 | ---- | C] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg
[2011/06/09 16:33:27 | 000,016,384 | ---- | C] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/07 18:53:26 | 000,000,183 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/01/21 22:39:55 | 000,001,854 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\GhostObjGAFix.xml
[2010/08/08 21:51:57 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2010/06/03 18:31:10 | 000,000,000 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\wklnhst.dat
[2010/05/08 20:09:49 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/03 03:33:31 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/03 03:33:31 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/28 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\DriverCure
[2010/08/14 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Gamelab
[2011/03/20 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Leadertech
[2010/12/30 08:50:59 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Local
[2011/04/04 14:35:43 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\SecondLife
[2011/02/28 21:55:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Stellarium
[2010/06/03 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Template
[2011/05/22 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Tific
[2010/12/27 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Visan
[2011/02/28 12:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Windows Live Writer
[2012/02/29 12:29:32 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\BearShareNAG.job
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/01/09 15:14:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/02/29 12:29:08 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 05:52:07 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2012/03/01 01:08:22 | 2312,802,304 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 02:33:02 | 000,000,184 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2010/07/12 22:16:35 | 000,567,816 | ---- | M] (Google Inc.) -- C:\Users\Ted\Desktop\googleupdatesetup.exe
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2011/10/14 13:01:31 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ted\Desktop\RealPlayer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s >


< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2010/04/03 04:26:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/04/03 04:27:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/03 04:26:21 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/03 04:25:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/04/03 04:27:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/03 04:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/04/03 04:27:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/03 04:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/04/03 04:27:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/03 04:26:21 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/03 04:25:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/03 04:26:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2011/11/05 00:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 15:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 03:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 00:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 00:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 14:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 00:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 01:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 00:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 01:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 01:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2010/12/18 00:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 00:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 03:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/04 23:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 00:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 00:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 01:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2011/12/16 03:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 04:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 00:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 15:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 01:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 01:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 14:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/19 23:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2012/03/01 18:15:50 | 000,196,674 | ---- | M] () MD5=9D57225C212B95563B0FA1A4F1BC7354 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/03 04:27:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/04/03 04:27:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< >

< >

< •Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. >

< >

< When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. >

< >

< Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. >

< >

< Please post back with >

< •aswMBR log >

< •mbr.zip (attached) >

< •both OTL logs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0A8E2C33

< End of report >

#97 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 06:32 PM

guess i'm not a pro. i can only find this one



OTL logfile created on: 3/1/2012 7:00:10 PM - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 35.20% Memory free
3.90 Gb Paging File | 0.90 Gb Available in Paging File | 23.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 148.81 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE:64bit: - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...{...hTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...{...hTerms}&f=4
IE - HKCU\..\SearchScopes\{2005ACD9-727B-38B0-19F6-BE95434160E8}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{7793487D-1681-4769-97EE-D9AED5FAB8E8}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{D6C1EDDB-D7C6-4FF0-A3FF-579F83D96E45}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/...amp;form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...22&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ted\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/25 04:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 14:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 05:57:58 | 000,000,000 | ---D | M]

[2010/05/08 20:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Extensions
[2012/02/29 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/03/26 09:23:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\engine@conduit.com
[2011/03/26 09:24:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\piclens@cooliris.com
[2011/03/26 09:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\dca\core\extensionManager
[2012/02/29 18:46:33 | 000,001,393 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\ajaxwhois-domain-search.xml
[2011/04/08 16:42:07 | 000,001,919 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\7m8x9sib.default\searchplugins\bing-zugo.xml
[2012/02/29 21:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/08 23:19:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/10 13:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/21 10:22:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/25 04:59:04 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/25 04:59:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...{...hTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Freemake Video Converter = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/22 15:55:15 | 000,000,855 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ted\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E99ED4-21AE-4C60-BF80-905DEF8BAF1D}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 01:52:08 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{4862bcd4-5b3c-11df-b565-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4862bcd4-5b3c-11df-b565-806e6f6e6963}\Shell\AutoRun\command - "" = F:\install.EXE id= ver=1.0.0.0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 18:02:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 17:48:47 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/02/22 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Facebook
[2012/02/16 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{780E1EAB-4F24-4977-B006-5F550A1077C4}
[2012/02/16 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{99712C03-8F46-4B4F-80B1-FC040550C60F}
[2012/02/16 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{020A6D07-6CD8-439F-9A84-BCC2F7E4C2D0}
[2012/02/16 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{BCBF0D45-80DE-4975-AA65-03A248DEA8C5}
[2012/02/16 01:00:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 01:00:37 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 01:00:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 01:00:29 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 01:00:16 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/16 01:00:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 01:00:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 01:00:14 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 01:00:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 01:00:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 01:00:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/03 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\{0AF6D657-A8D4-4EC1-87BF-8831D761178F}

========== Files - Modified Within 30 Days ==========

[2012/03/01 19:00:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 18:09:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2012/03/01 18:01:51 | 000,000,580 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 18:01:25 | 000,000,512 | ---- | M] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2012/03/01 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 06:58:45 | 029,606,317 | ---- | M] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:23:07 | 097,086,188 | ---- | M] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 22:00:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/29 20:17:06 | 1312,231,438 | ---- | M] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 19:10:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 15:20:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 15:20:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 12:29:32 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\BearShareNAG.job
[2012/02/29 12:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 12:29:08 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 05:17:51 | 048,442,644 | ---- | M] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 18:21:29 | 566,845,967 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 17:03:22 | 555,600,430 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:45:21 | 105,293,618 | ---- | M] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 14:11:02 | 554,484,464 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:39 | 011,084,510 | ---- | M] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:12:41 | 024,020,530 | ---- | M] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:53:41 | 027,498,265 | ---- | M] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:45:48 | 073,211,844 | ---- | M] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 19:07:10 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTed.job
[2012/02/27 17:44:22 | 559,288,807 | ---- | M] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:17:05 | 046,251,650 | ---- | M] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:06:43 | 020,793,801 | ---- | M] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:56:57 | 043,659,600 | ---- | M] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:40 | 009,274,180 | ---- | M] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:13:09 | 042,070,755 | ---- | M] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [© RT].mp4.mp4
[2012/02/26 17:29:37 | 078,429,815 | ---- | M] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:12:03 | 034,597,824 | ---- | M] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:55:42 | 029,021,942 | ---- | M] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:43:52 | 026,063,381 | ---- | M] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:46:15 | 125,967,297 | ---- | M] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 15:55:15 | 000,000,855 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/22 14:41:48 | 1106,774,016 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:43:05 | 751,482,880 | ---- | M] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | M] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:12:08 | 046,965,148 | ---- | M] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:25:03 | 030,939,136 | ---- | M] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 15:50:26 | 000,002,112 | ---- | M] () -- C:\Users\Ted\Documents\My Movie.wlmp
[2012/02/16 12:11:09 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 03:29:07 | 000,349,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:06:07 | 000,746,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:06:07 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:06:07 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 03:03:28 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 18:03:04 | 112,444,674 | ---- | M] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:42:33 | 033,720,263 | ---- | M] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/11 16:17:21 | 000,016,384 | ---- | M] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/10 18:26:12 | 171,671,552 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:15:43 | 084,099,072 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:11:13 | 130,314,163 | ---- | M] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:12:59 | 092,242,723 | ---- | M] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:49 | 009,037,824 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:49 | 017,676,288 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:59:06 | 021,514,240 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:48 | 013,727,744 | ---- | M] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:52:24 | 043,536,576 | ---- | M] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:44 | 002,684,928 | ---- | M] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 17:01:31 | 129,583,104 | ---- | M] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:30:45 | 029,382,656 | ---- | M] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:56 | 018,335,744 | ---- | M] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:10:33 | 061,759,488 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:09:15 | 084,449,280 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:54:18 | 083,034,112 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:52:30 | 075,280,384 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:50:23 | 094,457,856 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:46:02 | 091,342,848 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:56 | 081,702,912 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:39:12 | 056,938,496 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:37:23 | 075,126,784 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:33:58 | 075,816,960 | ---- | M] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:58:44 | 1829,611,520 | ---- | M] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:53:55 | 064,983,040 | ---- | M] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:36 | 000,013,614 | ---- | M] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg

========== Files Created - No Company Name ==========

[2012/03/01 18:01:51 | 000,000,580 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.zip
[2012/03/01 18:01:25 | 000,000,512 | ---- | C] () -- C:\Users\Ted\Desktop\MBR.dat
[2012/03/01 06:57:33 | 029,606,317 | ---- | C] () -- C:\Users\Ted\Documents\The Illuminati's greatest human enemy. Who is working the machine..mp4
[2012/03/01 06:17:36 | 097,086,188 | ---- | C] () -- C:\Users\Ted\Documents\David Icke-Brilliant Speech.mp4
[2012/02/29 18:28:25 | 1312,231,438 | ---- | C] () -- C:\Users\Ted\Documents\Rammstein- Live aus Berlin-1 link full video-HQ.mp4
[2012/02/29 05:13:14 | 048,442,644 | ---- | C] () -- C:\Users\Ted\Documents\Gun Rights vs. Voting Rights in America.mp4
[2012/02/28 17:36:25 | 566,845,967 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 4).mp4
[2012/02/28 16:24:04 | 555,600,430 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 3).mp4
[2012/02/28 14:30:43 | 105,293,618 | ---- | C] () -- C:\Users\Ted\Documents\Movement I DON'T PAY is spreading across Europe (english subs).mp4
[2012/02/28 13:35:03 | 554,484,464 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 2).mp4
[2012/02/28 08:46:13 | 011,084,510 | ---- | C] () -- C:\Users\Ted\Documents\Ron Paul Speaks To John Stossel About Illegal Immigration and Amnesty.mp4
[2012/02/28 08:11:26 | 024,020,530 | ---- | C] () -- C:\Users\Ted\Documents\US Dollar - Sabotaged by Design.mp4
[2012/02/28 07:52:21 | 027,498,265 | ---- | C] () -- C:\Users\Ted\Documents\Robert Fisk reveals the U.S. dollar's demise!.mp4
[2012/02/28 07:41:19 | 073,211,844 | ---- | C] () -- C:\Users\Ted\Documents\Engdahl- Greek bailout terms remind of Hitler.mp4
[2012/02/27 16:59:39 | 559,288,807 | ---- | C] () -- C:\Users\Ted\Documents\The German Wehrmacht (part 1).mp4
[2012/02/27 14:14:35 | 046,251,650 | ---- | C] () -- C:\Users\Ted\Documents\NATO Bombs Peace Conference To Prevent Reconciliation In Libya.mp4
[2012/02/27 07:05:49 | 020,793,801 | ---- | C] () -- C:\Users\Ted\Documents\26.08.2011 Putin Slams NATO- West Has no Legal Right to Execute Gaddafi.mp4
[2012/02/27 06:53:59 | 043,659,600 | ---- | C] () -- C:\Users\Ted\Documents\Putin assassination plan foiled by joint special forces op [27-Feb-12 © RT].mp4
[2012/02/27 06:19:16 | 009,274,180 | ---- | C] () -- C:\Users\Ted\Documents\IRAN US Military Intelligence- Iran To RESPOND But Not Provoke Or Initiate Attack On West.mp4
[2012/02/27 06:10:51 | 042,070,755 | ---- | C] () -- C:\Users\Ted\Documents\Cyber War Threat US to fight enemy it created itself ! [© RT].mp4.mp4
[2012/02/26 17:24:01 | 078,429,815 | ---- | C] () -- C:\Users\Ted\Documents\Arming Al-Qaeda- US to pump weapons into Syria warzone..mp4
[2012/02/26 17:09:53 | 034,597,824 | ---- | C] () -- C:\Users\Ted\Documents\RT- Veterans For Ron Paul March On The White House Completely Ignored By MSM.mp4
[2012/02/26 16:54:29 | 029,021,942 | ---- | C] () -- C:\Users\Ted\Documents\Why US drone attacks kill so many civilians in Afghanistan.! - RT 100105.mp4
[2012/02/26 16:42:28 | 026,063,381 | ---- | C] () -- C:\Users\Ted\Documents\Italian military paying Taliban protection fee in Afghanistan - RT 100105.mp4
[2012/02/26 04:37:45 | 125,967,297 | ---- | C] () -- C:\Users\Ted\Documents\Obama's apology isn't enough for Afghans.mp4
[2012/02/22 16:28:02 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/02/22 16:28:00 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/02/22 14:10:39 | 1106,774,016 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - RAW (Full! 90 min) [STAND UP] {Legendado PT-BR}.mpg
[2012/02/22 07:26:44 | 751,482,880 | ---- | C] () -- C:\Users\Ted\Documents\Eddie Murphy - Delirious Full Movie Comedy Stand up.mpg
[2012/02/20 14:21:07 | 000,000,000 | ---- | C] () -- C:\Users\Ted\Desktop\TSHIRT.bmp
[2012/02/19 12:09:55 | 046,965,148 | ---- | C] () -- C:\Users\Ted\Documents\Joker's greatest joke ever - Joker's best moments from Justice League Wild Cards.mp4
[2012/02/16 23:24:05 | 030,939,136 | ---- | C] () -- C:\Users\Ted\Documents\From My Cold Dead Hands- FIGHT THE UN SMALL ARMS TREATY!.mpg
[2012/02/16 03:03:28 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 17:55:11 | 112,444,674 | ---- | C] () -- C:\Users\Ted\Documents\Iran declares Israel bombed its own embassy.mp4
[2012/02/13 18:40:41 | 033,720,263 | ---- | C] () -- C:\Users\Ted\Documents\Judge Napolitano- What if the President secretly wants to decrease the population. .mp4
[2012/02/10 18:17:17 | 171,671,552 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 3.mpg
[2012/02/10 18:12:55 | 084,099,072 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati -- PART 2.mpg
[2012/02/10 18:03:21 | 130,314,163 | ---- | C] () -- C:\Users\Ted\Documents\The Truth About Libya, Gaddafi, and the illuminati new world order PT 1.mp4
[2012/02/10 04:07:13 | 092,242,723 | ---- | C] () -- C:\Users\Ted\Documents\'Syria, prelude to full scale war on Iran'.mp4
[2012/02/09 18:06:31 | 009,037,824 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 4).mpg
[2012/02/09 18:02:18 | 017,676,288 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 3).mpg
[2012/02/09 17:58:35 | 021,514,240 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 2).mpg
[2012/02/09 02:24:32 | 013,727,744 | ---- | C] () -- C:\Users\Ted\Documents\NRA- Great UN Gun Debate (Part 1).mpg
[2012/02/09 01:49:58 | 043,536,576 | ---- | C] () -- C:\Users\Ted\Documents\Iran at War with Israel and America..mp4
[2012/02/09 01:42:40 | 002,684,928 | ---- | C] () -- C:\Users\Ted\Documents\Iran attack.mpg
[2012/02/08 16:55:05 | 129,583,104 | ---- | C] () -- C:\Users\Ted\Documents\ECONOMIC COLLAPSE- Million Dollar Homes Badly Vandalised.mpg
[2012/02/08 16:29:54 | 029,382,656 | ---- | C] () -- C:\Users\Ted\Documents\MAKE VIRAL - Potential USS Enterprise False Flag Operation....mpg
[2012/02/08 13:27:32 | 018,335,744 | ---- | C] () -- C:\Users\Ted\Documents\The decline of America.mpg
[2012/02/07 07:09:53 | 061,759,488 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 10.mpg
[2012/02/07 07:08:13 | 084,449,280 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 9.mpg
[2012/02/07 06:53:22 | 083,034,112 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 8.mpg
[2012/02/07 06:51:18 | 075,280,384 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 7.mpg
[2012/02/07 06:49:24 | 094,457,856 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 6.mpg
[2012/02/07 06:45:03 | 091,342,848 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 5.mpg
[2012/02/07 06:42:02 | 081,702,912 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 4.mpg
[2012/02/07 06:38:11 | 056,938,496 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 3.mpg
[2012/02/07 06:36:03 | 075,126,784 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 2.mpg
[2012/02/07 06:32:51 | 075,816,960 | ---- | C] () -- C:\Users\Ted\Documents\The Royal Red Dragon Bloodlines 2009 Part 1.mpg
[2012/02/07 04:23:25 | 1829,611,520 | ---- | C] () -- C:\Users\Ted\Documents\David Icke- The London-Rome Beltane Ritual 2011 (full version).mpg
[2012/02/06 12:52:25 | 064,983,040 | ---- | C] () -- C:\Users\Ted\Documents\Eternal Disgrace- US politicians display gross ignorance [5-Feb-12 © RT].mpg
[2012/02/04 18:17:20 | 000,013,614 | ---- | C] () -- C:\Users\Ted\Documents\y-u-no-guy.jpg
[2011/06/09 16:33:27 | 000,016,384 | ---- | C] () -- C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/07 18:53:26 | 000,000,183 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/01/21 22:39:55 | 000,001,854 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\GhostObjGAFix.xml
[2010/08/08 21:51:57 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2010/06/03 18:31:10 | 000,000,000 | ---- | C] () -- C:\Users\Ted\AppData\Roaming\wklnhst.dat
[2010/05/08 20:09:49 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/03 03:33:31 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/03 03:33:31 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/28 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\DriverCure
[2010/08/14 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Gamelab
[2011/03/20 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Leadertech
[2010/12/30 08:50:59 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Local
[2011/04/04 14:35:43 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\SecondLife
[2011/02/28 21:55:08 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Stellarium
[2010/06/03 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Template
[2011/05/22 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Tific
[2010/12/27 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Visan
[2011/02/28 12:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Windows Live Writer
[2012/02/29 12:29:32 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\BearShareNAG.job
[2012/03/01 16:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001Core.job
[2012/03/01 16:33:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715033351-2653626177-837647883-1001UA.job
[2012/01/09 15:14:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/02/29 12:29:08 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/19 05:52:07 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2012/03/01 01:08:22 | 2312,802,304 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 02:33:02 | 000,000,184 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/03/01 17:49:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Ted\Desktop\aswMBR.exe
[2010/07/12 22:16:35 | 000,567,816 | ---- | M] (Google Inc.) -- C:\Users\Ted\Desktop\googleupdatesetup.exe
[2012/03/01 18:02:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Desktop\OTL.exe
[2011/10/14 13:01:31 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ted\Desktop\RealPlayer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s >


< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2010/04/03 04:26:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/04/03 04:27:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/03 04:26:21 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/03 04:25:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/04/03 04:27:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/03 04:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/04/03 04:27:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/03 04:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/04/03 04:27:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/03 04:26:21 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/03 04:25:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/03 04:26:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2011/11/05 00:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 15:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 03:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 00:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 00:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 14:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 00:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 01:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 00:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 01:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 01:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2010/12/18 00:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 00:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 03:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/04 23:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 00:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 00:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 01:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2011/12/16 03:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 04:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 00:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 15:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 01:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 01:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 14:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/19 23:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2012/03/01 18:15:50 | 000,196,674 | ---- | M] () MD5=9D57225C212B95563B0FA1A4F1BC7354 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/03 04:27:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/04/03 04:27:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< >

< >

< •Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. >

< >

< When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. >

< >

< Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. >

< >

< Please post back with >

< •aswMBR log >

< •mbr.zip (attached) >

< •both OTL logs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0A8E2C33

< End of report >

#98 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 06:52 PM

tried to repete scan to get the second log but i still don't dee it. The first time I ran it I didn't set it to minimal and check the two boxes. I have an extras log from that but don't know if it will help since the settings were not as you asked.

#99 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 07:14 PM

Hi macdoo,

You can post the Extra log you have. It will be fine.


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#100 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 07:27 PM

20:17:14.0539 3268 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 20:17:14.0977 3268 ============================================================ 20:17:14.0977 3268 Current date / time: 2012/03/01 20:17:14.0977 20:17:14.0977 3268 SystemInfo: 20:17:14.0977 3268 20:17:14.0977 3268 OS Version: 6.1.7601 ServicePack: 1.0 20:17:14.0977 3268 Product type: Workstation 20:17:14.0977 3268 ComputerName: TED-PC 20:17:14.0977 3268 UserName: Ted 20:17:14.0977 3268 Windows directory: C:\Windows 20:17:14.0977 3268 System windows directory: C:\Windows 20:17:14.0977 3268 Running under WOW64 20:17:14.0977 3268 Processor architecture: Intel x64 20:17:14.0977 3268 Number of processors: 1 20:17:14.0977 3268 Page size: 0x1000 20:17:14.0977 3268 Boot type: Normal boot 20:17:14.0977 3268 ============================================================ 20:17:17.0335 3268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:17:17.0340 3268 \Device\Harddisk0\DR0: 20:17:17.0367 3268 MBR used 20:17:17.0367 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 20:17:17.0367 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B4BD800 20:17:17.0367 3268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B521800, BlocksNum 0x1C70000 20:17:17.0367 3268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970 20:17:17.0538 3268 Initialize success 20:17:17.0538 3268 ============================================================ 20:17:29.0032 6992 ============================================================ 20:17:29.0032 6992 Scan started 20:17:29.0032 6992 Mode: Manual; SigCheck; TDLFS; 20:17:29.0032 6992 ============================================================ 20:17:29.0598 6992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:17:29.0788 6992 1394ohci - ok 20:17:29.0892 6992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:17:29.0909 6992 ACPI - ok 20:17:29.0936 6992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:17:30.0016 6992 AcpiPmi - ok 20:17:30.0065 6992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:17:30.0084 6992 adp94xx - ok 20:17:30.0180 6992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:17:30.0202 6992 adpahci - ok 20:17:30.0242 6992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:17:30.0254 6992 adpu320 - ok 20:17:30.0333 6992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:17:30.0435 6992 AFD - ok 20:17:30.0590 6992 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys 20:17:30.0719 6992 AgereSoftModem - ok 20:17:30.0768 6992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:17:30.0778 6992 agp440 - ok 20:17:30.0859 6992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:17:30.0881 6992 aliide - ok 20:17:30.0929 6992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:17:30.0938 6992 amdide - ok 20:17:30.0976 6992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:17:31.0032 6992 AmdK8 - ok 20:17:31.0070 6992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:17:31.0107 6992 AmdPPM - ok 20:17:31.0198 6992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:17:31.0217 6992 amdsata - ok 20:17:31.0260 6992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:17:31.0273 6992 amdsbs - ok 20:17:31.0297 6992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:17:31.0307 6992 amdxata - ok 20:17:31.0359 6992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:17:31.0526 6992 AppID - ok 20:17:31.0641 6992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:17:31.0664 6992 arc - ok 20:17:31.0699 6992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:17:31.0710 6992 arcsas - ok 20:17:31.0767 6992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:17:31.0896 6992 AsyncMac - ok 20:17:31.0977 6992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:17:31.0995 6992 atapi - ok 20:17:32.0059 6992 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 20:17:32.0132 6992 athr - ok 20:17:32.0377 6992 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys 20:17:32.0546 6992 atikmdag - ok 20:17:32.0654 6992 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 20:17:32.0768 6992 AtiPcie - ok 20:17:32.0829 6992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:17:32.0874 6992 b06bdrv - ok 20:17:32.0980 6992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:17:33.0035 6992 b57nd60a - ok 20:17:33.0083 6992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:17:33.0144 6992 Beep - ok 20:17:33.0202 6992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:17:33.0229 6992 blbdrive - ok 20:17:33.0349 6992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:17:33.0417 6992 bowser - ok 20:17:33.0458 6992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:17:33.0554 6992 BrFiltLo - ok 20:17:33.0641 6992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:17:33.0675 6992 BrFiltUp - ok 20:17:33.0711 6992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:17:33.0776 6992 Brserid - ok 20:17:33.0821 6992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:17:33.0851 6992 BrSerWdm - ok 20:17:33.0878 6992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:17:33.0902 6992 BrUsbMdm - ok 20:17:34.0003 6992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:17:34.0043 6992 BrUsbSer - ok 20:17:34.0082 6992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:17:34.0114 6992 BTHMODEM - ok 20:17:34.0150 6992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:17:34.0199 6992 cdfs - ok 20:17:34.0248 6992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 20:17:34.0280 6992 cdrom - ok 20:17:34.0389 6992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:17:34.0430 6992 circlass - ok 20:17:34.0469 6992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:17:34.0493 6992 CLFS - ok 20:17:34.0568 6992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:17:34.0596 6992 CmBatt - ok 20:17:34.0690 6992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:17:34.0712 6992 cmdide - ok 20:17:34.0763 6992 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:17:34.0793 6992 CNG - ok 20:17:34.0892 6992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:17:34.0908 6992 Compbatt - ok 20:17:34.0947 6992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:17:34.0986 6992 CompositeBus - ok 20:17:35.0033 6992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:17:35.0043 6992 crcdisk - ok 20:17:35.0167 6992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:17:35.0251 6992 DfsC - ok 20:17:35.0297 6992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:17:35.0347 6992 discache - ok 20:17:35.0384 6992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:17:35.0394 6992 Disk - ok 20:17:35.0466 6992 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 20:17:35.0520 6992 Dot4 - ok 20:17:35.0596 6992 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:17:35.0628 6992 Dot4Print - ok 20:17:35.0654 6992 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 20:17:35.0684 6992 dot4usb - ok 20:17:35.0725 6992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:17:35.0752 6992 drmkaud - ok 20:17:35.0824 6992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:17:35.0853 6992 DXGKrnl - ok 20:17:36.0009 6992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:17:36.0088 6992 ebdrv - ok 20:17:36.0221 6992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:17:36.0242 6992 elxstor - ok 20:17:36.0273 6992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:17:36.0307 6992 ErrDev - ok 20:17:36.0421 6992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:17:36.0493 6992 exfat - ok 20:17:36.0518 6992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:17:36.0578 6992 fastfat - ok 20:17:36.0625 6992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:17:36.0649 6992 fdc - ok 20:17:36.0758 6992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:17:36.0782 6992 FileInfo - ok 20:17:36.0817 6992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:17:36.0876 6992 Filetrace - ok 20:17:36.0917 6992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:17:36.0930 6992 flpydisk - ok 20:17:37.0014 6992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:17:37.0040 6992 FltMgr - ok 20:17:37.0077 6992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:17:37.0086 6992 FsDepends - ok 20:17:37.0169 6992 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 20:17:37.0178 6992 Fs_Rec - ok 20:17:37.0237 6992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:17:37.0274 6992 fvevol - ok 20:17:37.0300 6992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:17:37.0316 6992 gagp30kx - ok 20:17:37.0441 6992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:17:37.0500 6992 hcw85cir - ok 20:17:37.0573 6992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:17:37.0594 6992 HdAudAddService - ok 20:17:37.0618 6992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 20:17:37.0652 6992 HDAudBus - ok 20:17:37.0692 6992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:17:37.0716 6992 HidBatt - ok 20:17:37.0802 6992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:17:37.0841 6992 HidBth - ok 20:17:37.0879 6992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:17:37.0907 6992 HidIr - ok 20:17:37.0969 6992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:17:37.0993 6992 HidUsb - ok 20:17:38.0131 6992 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20:17:38.0192 6992 HpqKbFiltr - ok 20:17:38.0259 6992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:17:38.0271 6992 HpSAMD - ok 20:17:38.0398 6992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:17:38.0468 6992 HTTP - ok 20:17:38.0574 6992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:17:38.0595 6992 hwpolicy - ok 20:17:38.0645 6992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:17:38.0659 6992 i8042prt - ok 20:17:38.0688 6992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:17:38.0706 6992 iaStorV - ok 20:17:38.0885 6992 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:17:39.0015 6992 igfx - ok 20:17:39.0107 6992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:17:39.0130 6992 iirsp - ok 20:17:39.0167 6992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:17:39.0176 6992 intelide - ok 20:17:39.0226 6992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:17:39.0254 6992 intelppm - ok 20:17:39.0300 6992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:17:39.0347 6992 IpFilterDriver - ok 20:17:39.0447 6992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:17:39.0496 6992 IPMIDRV - ok 20:17:39.0553 6992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:17:39.0634 6992 IPNAT - ok 20:17:39.0672 6992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:17:39.0736 6992 IRENUM - ok 20:17:39.0824 6992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:17:39.0846 6992 isapnp - ok 20:17:39.0877 6992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:17:39.0891 6992 iScsiPrt - ok 20:17:39.0929 6992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 20:17:39.0939 6992 kbdclass - ok 20:17:39.0971 6992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 20:17:39.0995 6992 kbdhid - ok 20:17:40.0036 6992 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:17:40.0046 6992 KSecDD - ok 20:17:40.0066 6992 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:17:40.0079 6992 KSecPkg - ok 20:17:40.0169 6992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:17:40.0228 6992 ksthunk - ok 20:17:40.0382 6992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:17:40.0467 6992 lltdio - ok 20:17:40.0589 6992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:17:40.0616 6992 LSI_FC - ok 20:17:40.0657 6992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:17:40.0669 6992 LSI_SAS - ok 20:17:40.0688 6992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:17:40.0698 6992 LSI_SAS2 - ok 20:17:40.0731 6992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:17:40.0742 6992 LSI_SCSI - ok 20:17:40.0784 6992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:17:40.0838 6992 luafv - ok 20:17:41.0036 6992 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 20:17:41.0047 6992 LVPr2M64 - ok 20:17:41.0090 6992 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 20:17:41.0107 6992 LVPr2Mon - ok 20:17:41.0164 6992 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys 20:17:41.0178 6992 LVRS64 - ok 20:17:41.0303 6992 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys 20:17:41.0398 6992 LVUVC64 - ok 20:17:41.0492 6992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:17:41.0508 6992 megasas - ok 20:17:41.0562 6992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:17:41.0576 6992 MegaSR - ok 20:17:41.0622 6992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:17:41.0676 6992 Modem - ok 20:17:41.0710 6992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:17:41.0742 6992 monitor - ok 20:17:41.0848 6992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:17:41.0867 6992 mouclass - ok 20:17:41.0913 6992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:17:41.0939 6992 mouhid - ok 20:17:41.0978 6992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:17:41.0989 6992 mountmgr - ok 20:17:42.0011 6992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:17:42.0025 6992 mpio - ok 20:17:42.0059 6992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:17:42.0118 6992 mpsdrv - ok 20:17:42.0231 6992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:17:42.0585 6992 MRxDAV - ok 20:17:42.0722 6992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:17:42.0824 6992 mrxsmb - ok 20:17:42.0871 6992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:17:42.0901 6992 mrxsmb10 - ok 20:17:42.0931 6992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:17:42.0975 6992 mrxsmb20 - ok 20:17:43.0010 6992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:17:43.0020 6992 msahci - ok 20:17:43.0136 6992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:17:43.0149 6992 msdsm - ok 20:17:43.0198 6992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:17:43.0234 6992 Msfs - ok 20:17:43.0264 6992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:17:43.0324 6992 mshidkmdf - ok 20:17:43.0361 6992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:17:43.0371 6992 msisadrv - ok 20:17:43.0487 6992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:17:43.0564 6992 MSKSSRV - ok 20:17:43.0591 6992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:17:43.0648 6992 MSPCLOCK - ok 20:17:43.0663 6992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:17:43.0724 6992 MSPQM - ok 20:17:43.0779 6992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:17:43.0795 6992 MsRPC - ok 20:17:43.0840 6992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:17:43.0850 6992 mssmbios - ok 20:17:43.0935 6992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:17:43.0992 6992 MSTEE - ok 20:17:44.0026 6992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:17:44.0062 6992 MTConfig - ok 20:17:44.0095 6992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:17:44.0106 6992 Mup - ok 20:17:44.0157 6992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:17:44.0199 6992 NativeWifiP - ok 20:17:44.0332 6992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:17:44.0370 6992 NDIS - ok 20:17:44.0404 6992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:17:44.0442 6992 NdisCap - ok 20:17:44.0469 6992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:17:44.0519 6992 NdisTapi - ok 20:17:44.0640 6992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:17:44.0698 6992 Ndisuio - ok 20:17:44.0738 6992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:17:44.0787 6992 NdisWan - ok 20:17:44.0827 6992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:17:44.0881 6992 NDProxy - ok 20:17:44.0945 6992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:17:45.0004 6992 NetBIOS - ok 20:17:45.0093 6992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:17:45.0174 6992 NetBT - ok 20:17:45.0356 6992 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 20:17:45.0477 6992 netw5v64 - ok 20:17:45.0569 6992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:17:45.0593 6992 nfrd960 - ok 20:17:45.0649 6992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:17:45.0701 6992 Npfs - ok 20:17:45.0740 6992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:17:45.0790 6992 nsiproxy - ok 20:17:45.0878 6992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:17:45.0922 6992 Ntfs - ok 20:17:46.0001 6992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:17:46.0056 6992 Null - ok 20:17:46.0094 6992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:17:46.0106 6992 nvraid - ok 20:17:46.0122 6992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:17:46.0135 6992 nvstor - ok 20:17:46.0164 6992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:17:46.0176 6992 nv_agp - ok 20:17:46.0198 6992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:17:46.0223 6992 ohci1394 - ok 20:17:46.0285 6992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:17:46.0298 6992 Parport - ok 20:17:46.0345 6992 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 20:17:46.0356 6992 partmgr - ok 20:17:46.0429 6992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:17:46.0455 6992 pci - ok 20:17:46.0480 6992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:17:46.0489 6992 pciide - ok 20:17:46.0528 6992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:17:46.0541 6992 pcmcia - ok 20:17:46.0574 6992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:17:46.0584 6992 pcw - ok 20:17:46.0624 6992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:17:46.0688 6992 PEAUTH - ok 20:17:46.0846 6992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:17:46.0898 6992 PptpMiniport - ok 20:17:46.0940 6992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:17:46.0965 6992 Processor - ok 20:17:47.0044 6992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:17:47.0081 6992 Psched - ok 20:17:47.0141 6992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:17:47.0183 6992 ql2300 - ok 20:17:47.0254 6992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:17:47.0271 6992 ql40xx - ok 20:17:47.0314 6992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:17:47.0345 6992 QWAVEdrv - ok 20:17:47.0376 6992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:17:47.0429 6992 RasAcd - ok 20:17:47.0480 6992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:17:47.0518 6992 RasAgileVpn - ok 20:17:47.0570 6992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:17:47.0621 6992 Rasl2tp - ok 20:17:47.0702 6992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:17:47.0763 6992 RasPppoe - ok 20:17:47.0792 6992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:17:47.0842 6992 RasSstp - ok 20:17:47.0876 6992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:17:47.0917 6992 rdbss - ok 20:17:47.0955 6992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:17:47.0986 6992 rdpbus - ok 20:17:48.0018 6992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:17:48.0055 6992 RDPCDD - ok 20:17:48.0141 6992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:17:48.0218 6992 RDPENCDD - ok 20:17:48.0237 6992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:17:48.0275 6992 RDPREFMP - ok 20:17:48.0316 6992 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 20:17:48.0359 6992 RDPWD - ok 20:17:48.0406 6992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:17:48.0420 6992 rdyboost - ok 20:17:48.0526 6992 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 20:17:48.0566 6992 RimUsb - ok 20:17:48.0622 6992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:17:48.0685 6992 rspndr - ok 20:17:48.0784 6992 RSUSBSTOR - ok 20:17:48.0841 6992 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:17:48.0906 6992 RTL8167 - ok 20:17:48.0939 6992 RtsUIR - ok 20:17:48.0973 6992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:17:48.0984 6992 sbp2port - ok 20:17:49.0036 6992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:17:49.0115 6992 scfilter - ok 20:17:49.0225 6992 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 20:17:49.0256 6992 sdbus - ok 20:17:49.0301 6992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:17:49.0354 6992 secdrv - ok 20:17:49.0413 6992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:17:49.0436 6992 Serenum - ok 20:17:49.0470 6992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:17:49.0483 6992 Serial - ok 20:17:49.0515 6992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:17:49.0528 6992 sermouse - ok 20:17:49.0626 6992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:17:49.0653 6992 sffdisk - ok 20:17:49.0683 6992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:17:49.0715 6992 sffp_mmc - ok 20:17:49.0746 6992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:17:49.0774 6992 sffp_sd - ok 20:17:49.0814 6992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:17:49.0840 6992 sfloppy - ok 20:17:49.0893 6992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:17:49.0903 6992 SiSRaid2 - ok 20:17:49.0975 6992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:17:49.0996 6992 SiSRaid4 - ok 20:17:50.0039 6992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:17:50.0078 6992 Smb - ok 20:17:50.0133 6992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:17:50.0143 6992 spldr - ok 20:17:50.0200 6992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:17:50.0257 6992 srv - ok 20:17:50.0349 6992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:17:50.0376 6992 srv2 - ok 20:17:50.0422 6992 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 20:17:50.0439 6992 SrvHsfHDA - ok 20:17:50.0488 6992 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 20:17:50.0535 6992 SrvHsfV92 - ok 20:17:50.0637 6992 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 20:17:50.0671 6992 SrvHsfWinac - ok 20:17:50.0703 6992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:17:50.0732 6992 srvnet - ok 20:17:50.0845 6992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:17:50.0866 6992 stexstor - ok 20:17:50.0919 6992 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys 20:17:50.0948 6992 STHDA - ok 20:17:50.0993 6992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:17:51.0002 6992 swenum - ok 20:17:51.0092 6992 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys 20:17:51.0111 6992 SynTP - ok 20:17:51.0191 6992 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 20:17:51.0241 6992 Tcpip - ok 20:17:51.0367 6992 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 20:17:51.0411 6992 TCPIP6 - ok 20:17:51.0467 6992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:17:51.0544 6992 tcpipreg - ok 20:17:51.0589 6992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:17:51.0640 6992 TDPIPE - ok 20:17:51.0670 6992 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 20:17:51.0734 6992 TDTCP - ok 20:17:51.0801 6992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:17:51.0850 6992 tdx - ok 20:17:51.0932 6992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:17:51.0958 6992 TermDD - ok 20:17:52.0042 6992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:17:52.0114 6992 tssecsrv - ok 20:17:52.0167 6992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:17:52.0244 6992 TsUsbFlt - ok 20:17:52.0367 6992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:17:52.0419 6992 tunnel - ok 20:17:52.0465 6992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:17:52.0476 6992 uagp35 - ok 20:17:52.0523 6992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:17:52.0579 6992 udfs - ok 20:17:52.0639 6992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:17:52.0649 6992 uliagpkx - ok 20:17:52.0747 6992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 20:17:52.0787 6992 umbus - ok 20:17:52.0830 6992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:17:52.0862 6992 UmPass - ok 20:17:52.0919 6992 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 20:17:52.0949 6992 usbaudio - ok 20:17:52.0983 6992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:17:53.0008 6992 usbccgp - ok 20:17:53.0068 6992 USBCCID - ok 20:17:53.0106 6992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:17:53.0137 6992 usbcir - ok 20:17:53.0171 6992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:17:53.0184 6992 usbehci - ok 20:17:53.0224 6992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:17:53.0253 6992 usbhub - ok 20:17:53.0283 6992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 20:17:53.0294 6992 usbohci - ok 20:17:53.0390 6992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:17:53.0442 6992 usbprint - ok 20:17:53.0488 6992 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 20:17:53.0520 6992 usbscan - ok 20:17:53.0556 6992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:17:53.0593 6992 USBSTOR - ok 20:17:53.0622 6992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 20:17:53.0651 6992 usbuhci - ok 20:17:53.0777 6992 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 20:17:53.0809 6992 usbvideo - ok 20:17:53.0844 6992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:17:53.0854 6992 vdrvroot - ok 20:17:53.0888 6992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:17:53.0903 6992 vga - ok 20:17:53.0931 6992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:17:53.0980 6992 VgaSave - ok 20:17:54.0020 6992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:17:54.0033 6992 vhdmp - ok 20:17:54.0060 6992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:17:54.0069 6992 viaide - ok 20:17:54.0139 6992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:17:54.0164 6992 volmgr - ok 20:17:54.0218 6992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:17:54.0235 6992 volmgrx - ok 20:17:54.0265 6992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:17:54.0282 6992 volsnap - ok 20:17:54.0312 6992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:17:54.0324 6992 vsmraid - ok 20:17:54.0366 6992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:17:54.0399 6992 vwifibus - ok 20:17:54.0511 6992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:17:54.0557 6992 vwififlt - ok 20:17:54.0612 6992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:17:54.0626 6992 WacomPen - ok 20:17:54.0718 6992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:17:54.0811 6992 WANARP - ok 20:17:54.0835 6992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:17:54.0871 6992 Wanarpv6 - ok 20:17:54.0992 6992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:17:55.0011 6992 Wd - ok 20:17:55.0055 6992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:17:55.0078 6992 Wdf01000 - ok 20:17:55.0201 6992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:17:55.0246 6992 WfpLwf - ok 20:17:55.0268 6992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:17:55.0278 6992 WIMMount - ok 20:17:55.0358 6992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 20:17:55.0388 6992 WinUsb - ok 20:17:55.0452 6992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:17:55.0466 6992 WmiAcpi - ok 20:17:55.0571 6992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:17:55.0611 6992 ws2ifsl - ok 20:17:55.0675 6992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:17:55.0724 6992 WudfPf - ok 20:17:55.0773 6992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:17:55.0827 6992 WUDFRd - ok 20:17:55.0893 6992 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 20:17:55.0938 6992 xusb21 - ok 20:17:56.0039 6992 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 20:17:56.0067 6992 yukonw7 - ok 20:17:56.0103 6992 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0 20:17:56.0137 6992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 20:17:56.0137 6992 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 20:17:56.0213 6992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:17:56.0213 6992 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:17:56.0261 6992 Boot (0x1200) (fd46c2ba8193759a9b8e9dad1bb28b28) \Device\Harddisk0\DR0\Partition0 20:17:56.0262 6992 \Device\Harddisk0\DR0\Partition0 - ok 20:17:56.0280 6992 Boot (0x1200) (3bbb5d3fb787d4ad6609b9421824c914) \Device\Harddisk0\DR0\Partition1 20:17:56.0283 6992 \Device\Harddisk0\DR0\Partition1 - ok 20:17:56.0327 6992 Boot (0x1200) (cfb44e3953c064f49d8a4a6e2bebbef0) \Device\Harddisk0\DR0\Partition2 20:17:56.0330 6992 \Device\Harddisk0\DR0\Partition2 - ok 20:17:56.0361 6992 Boot (0x1200) (b726ae3dc3bd1123068080ecf3fc1bfe) \Device\Harddisk0\DR0\Partition3 20:17:56.0361 6992 \Device\Harddisk0\DR0\Partition3 - ok 20:17:56.0365 6992 ============================================================ 20:17:56.0365 6992 Scan finished 20:17:56.0365 6992 ============================================================ 20:17:56.0382 5456 Detected object count: 2 20:17:56.0382 5456 Actual detected object count: 2 20:18:33.0585 5456 \Device\Harddisk0\DR0\# - copied to quarantine 20:18:33.0586 5456 \Device\Harddisk0\DR0 - copied to quarantine 20:18:33.0615 5456 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 20:18:33.0616 5456 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 20:18:33.0649 5456 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 20:18:33.0655 5456 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 20:18:33.0658 5456 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 20:18:33.0668 5456 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 20:18:33.0675 5456 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 20:18:33.0684 5456 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 20:18:33.0701 5456 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 20:18:33.0703 5456 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 20:18:33.0707 5456 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine 20:18:33.0764 5456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 20:18:33.0764 5456 \Device\Harddisk0\DR0 - ok 20:18:34.0715 5456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 20:18:34.0720 5456 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:18:34.0721 5456 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 20:18:43.0063 2688 Deinitialize success

    Advertisements

Register to Remove

#101 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 07:46 PM

Hi macdoo,

Seems to have gone pretty well.

Please rerun aswMBR and post the log.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#102 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 07:58 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-03-01 20:47:53 ----------------------------- 20:47:53.845 OS Version: Windows x64 6.1.7601 Service Pack 1 20:47:53.845 Number of processors: 1 586 0x602 20:47:53.846 ComputerName: TED-PC UserName: Ted 20:47:54.594 Initialize success 20:48:02.982 AVAST engine defs: 12030101 20:48:13.902 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:48:13.915 Disk 0 Vendor: Hitachi_HTS725025A9A364 PC2OC72E Size: 238475MB BusType: 11 20:48:13.936 Disk 0 MBR read successfully 20:48:13.943 Disk 0 MBR scan 20:48:13.949 Disk 0 unknown MBR code 20:48:13.993 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 20:48:14.037 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223611 MB offset 409600 20:48:14.068 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14560 MB offset 458364928 20:48:14.092 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808 20:48:14.144 Disk 0 scanning C:\Windows\system32\drivers 20:48:23.880 Service scanning 20:48:50.461 Modules scanning 20:48:50.481 Disk 0 trace - called modules: 20:48:50.845 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 20:48:50.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024bd060] 20:48:50.870 3 CLASSPNP.SYS[fffff880010ff43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80024751a0] 20:48:51.495 AVAST engine scan C:\Windows 20:48:53.334 AVAST engine scan C:\Windows\system32 20:51:38.136 AVAST engine scan C:\Windows\system32\drivers 20:51:50.838 AVAST engine scan C:\Users\Ted 20:55:29.469 AVAST engine scan C:\ProgramData 20:56:48.906 Scan finished successfully 20:57:00.114 Disk 0 MBR has been saved successfully to "C:\Users\Ted\Desktop\MBR.dat" 20:57:00.120 The log file has been saved successfully to "C:\Users\Ted\Desktop\aswMBR.txt"

Attached Files


#103 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 March 2012 - 08:05 PM

Hi macdoo,

Well done.

If you get a chance please post the Extra.txt you have from when you ran OTL.

Next

Rerun TDSSKiller. This time when you reach this point

20:17:56.0213 6992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:17:56.0213 6992 \Device\Harddisk0\DR0 - detected TDSS File System (1)

Please use the dropdown menu and select delete.



Next

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Right click on ComboFix.exe, click Run as Administrator & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log and the TDSSKiller log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#104 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 08:07 PM

OTL Extras logfile created on: 3/1/2012 6:03:19 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ted\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 32.08% Memory free
3.90 Gb Paging File | 0.94 Gb Available in Paging File | 24.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.37 Gb Total Space | 148.95 Gb Free Space | 68.21% Space Free | Partition Type: NTFS
Drive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.71 Mb Free Space | 96.50% Space Free | Partition Type: FAT32
Drive F: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TED-PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Google Chrome" = Google Chrome
"Logitech Vid" = Logitech Vid HD
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2011 6:53:54 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 6:53:55 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 9:55:04 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

Error - 5/2/2011 10:25:40 AM | Computer Name = Ted-PC | Source = Bonjour Service | ID = 100
Description =

[ Hewlett-Packard Events ]
Error - 6/11/2010 3:28:07 AM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 12/18/2010 7:09:00 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 1/21/2011 11:39:53 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 2/18/2011 10:22:37 PM | Computer Name = Ted-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021118092219.xml
File not created by asset agent

[ System Events ]
Error - 2/27/2012 2:23:45 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/27/2012 2:26:43 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/27/2012 2:26:43 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/27/2012 2:29:07 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 2/27/2012 9:36:28 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).

Error - 2/29/2012 1:29:17 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/29/2012 1:29:17 PM | Computer Name = Ted-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/29/2012 1:31:42 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 2/29/2012 5:01:31 PM | Computer Name = Ted-PC | Source = DCOM | ID = 10010
Description =

Error - 2/29/2012 6:02:56 PM | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).


< End of report >

#105 macdoo

macdoo

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 01 March 2012 - 08:14 PM

21:08:39.0017 3768 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 21:08:39.0408 3768 ============================================================ 21:08:39.0408 3768 Current date / time: 2012/03/01 21:08:39.0408 21:08:39.0408 3768 SystemInfo: 21:08:39.0408 3768 21:08:39.0408 3768 OS Version: 6.1.7601 ServicePack: 1.0 21:08:39.0408 3768 Product type: Workstation 21:08:39.0408 3768 ComputerName: TED-PC 21:08:39.0409 3768 UserName: Ted 21:08:39.0409 3768 Windows directory: C:\Windows 21:08:39.0409 3768 System windows directory: C:\Windows 21:08:39.0409 3768 Running under WOW64 21:08:39.0409 3768 Processor architecture: Intel x64 21:08:39.0409 3768 Number of processors: 1 21:08:39.0409 3768 Page size: 0x1000 21:08:39.0409 3768 Boot type: Normal boot 21:08:39.0409 3768 ============================================================ 21:08:40.0530 3768 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:08:40.0557 3768 \Device\Harddisk0\DR0: 21:08:40.0570 3768 MBR used 21:08:40.0570 3768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 21:08:40.0570 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B4BD800 21:08:40.0570 3768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B521800, BlocksNum 0x1C70000 21:08:40.0570 3768 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970 21:08:40.0815 3768 Initialize success 21:08:40.0815 3768 ============================================================ 21:09:02.0464 3400 ============================================================ 21:09:02.0464 3400 Scan started 21:09:02.0464 3400 Mode: Manual; SigCheck; TDLFS; 21:09:02.0464 3400 ============================================================ 21:09:03.0279 3400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:09:03.0414 3400 1394ohci - ok 21:09:03.0461 3400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:09:03.0493 3400 ACPI - ok 21:09:03.0583 3400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:09:03.0636 3400 AcpiPmi - ok 21:09:03.0686 3400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:09:03.0718 3400 adp94xx - ok 21:09:03.0828 3400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:09:03.0864 3400 adpahci - ok 21:09:03.0890 3400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:09:03.0902 3400 adpu320 - ok 21:09:03.0980 3400 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 21:09:04.0018 3400 AFD - ok 21:09:04.0138 3400 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys 21:09:04.0188 3400 AgereSoftModem - ok 21:09:04.0253 3400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:09:04.0265 3400 agp440 - ok 21:09:04.0346 3400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:09:04.0369 3400 aliide - ok 21:09:04.0418 3400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:09:04.0428 3400 amdide - ok 21:09:04.0473 3400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:09:04.0510 3400 AmdK8 - ok 21:09:04.0559 3400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:09:04.0595 3400 AmdPPM - ok 21:09:04.0686 3400 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:09:04.0715 3400 amdsata - ok 21:09:04.0765 3400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:09:04.0779 3400 amdsbs - ok 21:09:04.0802 3400 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:09:04.0819 3400 amdxata - ok 21:09:04.0864 3400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:09:04.0938 3400 AppID - ok 21:09:05.0072 3400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:09:05.0095 3400 arc - ok 21:09:05.0137 3400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:09:05.0149 3400 arcsas - ok 21:09:05.0189 3400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:09:05.0265 3400 AsyncMac - ok 21:09:05.0299 3400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:09:05.0309 3400 atapi - ok 21:09:05.0423 3400 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 21:09:05.0476 3400 athr - ok 21:09:05.0684 3400 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys 21:09:05.0822 3400 atikmdag - ok 21:09:05.0925 3400 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 21:09:06.0037 3400 AtiPcie - ok 21:09:06.0188 3400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:09:06.0244 3400 b06bdrv - ok 21:09:06.0352 3400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:09:06.0386 3400 b57nd60a - ok 21:09:06.0429 3400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:09:06.0490 3400 Beep - ok 21:09:06.0557 3400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:09:06.0584 3400 blbdrive - ok 21:09:06.0663 3400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:09:06.0705 3400 bowser - ok 21:09:06.0747 3400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:09:06.0778 3400 BrFiltLo - ok 21:09:06.0812 3400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:09:06.0828 3400 BrFiltUp - ok 21:09:06.0856 3400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:09:06.0917 3400 Brserid - ok 21:09:06.0992 3400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:09:07.0050 3400 BrSerWdm - ok 21:09:07.0082 3400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:09:07.0106 3400 BrUsbMdm - ok 21:09:07.0148 3400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:09:07.0169 3400 BrUsbSer - ok 21:09:07.0203 3400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:09:07.0227 3400 BTHMODEM - ok 21:09:07.0296 3400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:09:07.0370 3400 cdfs - ok 21:09:07.0428 3400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 21:09:07.0463 3400 cdrom - ok 21:09:07.0526 3400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:09:07.0556 3400 circlass - ok 21:09:07.0632 3400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:09:07.0655 3400 CLFS - ok 21:09:07.0747 3400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:09:07.0775 3400 CmBatt - ok 21:09:07.0811 3400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:09:07.0820 3400 cmdide - ok 21:09:07.0896 3400 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 21:09:07.0953 3400 CNG - ok 21:09:08.0022 3400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:09:08.0038 3400 Compbatt - ok 21:09:08.0102 3400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:09:08.0147 3400 CompositeBus - ok 21:09:08.0195 3400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:09:08.0204 3400 crcdisk - ok 21:09:08.0278 3400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:09:08.0326 3400 DfsC - ok 21:09:08.0393 3400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:09:08.0453 3400 discache - ok 21:09:08.0522 3400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:09:08.0545 3400 Disk - ok 21:09:08.0595 3400 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 21:09:08.0620 3400 Dot4 - ok 21:09:08.0659 3400 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 21:09:08.0674 3400 Dot4Print - ok 21:09:08.0726 3400 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 21:09:08.0785 3400 dot4usb - ok 21:09:08.0846 3400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:09:08.0873 3400 drmkaud - ok 21:09:08.0919 3400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:09:08.0953 3400 DXGKrnl - ok 21:09:09.0117 3400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:09:09.0205 3400 ebdrv - ok 21:09:09.0333 3400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:09:09.0364 3400 elxstor - ok 21:09:09.0391 3400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:09:09.0419 3400 ErrDev - ok 21:09:09.0543 3400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:09:09.0616 3400 exfat - ok 21:09:09.0639 3400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:09:09.0690 3400 fastfat - ok 21:09:09.0730 3400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:09:09.0753 3400 fdc - ok 21:09:09.0786 3400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:09:09.0797 3400 FileInfo - ok 21:09:09.0821 3400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:09:09.0889 3400 Filetrace - ok 21:09:09.0981 3400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:09:09.0995 3400 flpydisk - ok 21:09:10.0050 3400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:09:10.0065 3400 FltMgr - ok 21:09:10.0106 3400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:09:10.0117 3400 FsDepends - ok 21:09:10.0140 3400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:09:10.0149 3400 Fs_Rec - ok 21:09:10.0215 3400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:09:10.0254 3400 fvevol - ok 21:09:10.0330 3400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:09:10.0354 3400 gagp30kx - ok 21:09:10.0438 3400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:09:10.0469 3400 hcw85cir - ok 21:09:10.0518 3400 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:09:10.0540 3400 HdAudAddService - ok 21:09:10.0599 3400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:09:10.0645 3400 HDAudBus - ok 21:09:10.0688 3400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:09:10.0723 3400 HidBatt - ok 21:09:10.0764 3400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:09:10.0803 3400 HidBth - ok 21:09:10.0841 3400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:09:10.0869 3400 HidIr - ok 21:09:10.0957 3400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:09:11.0000 3400 HidUsb - ok 21:09:11.0077 3400 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 21:09:11.0122 3400 HpqKbFiltr - ok 21:09:11.0223 3400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:09:11.0245 3400 HpSAMD - ok 21:09:11.0297 3400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:09:11.0355 3400 HTTP - ok 21:09:11.0461 3400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:09:11.0482 3400 hwpolicy - ok 21:09:11.0541 3400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:09:11.0554 3400 i8042prt - ok 21:09:11.0583 3400 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:09:11.0601 3400 iaStorV - ok 21:09:11.0838 3400 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:09:11.0969 3400 igfx - ok 21:09:12.0069 3400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:09:12.0091 3400 iirsp - ok 21:09:12.0137 3400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:09:12.0147 3400 intelide - ok 21:09:12.0197 3400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:09:12.0217 3400 intelppm - ok 21:09:12.0262 3400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:09:12.0315 3400 IpFilterDriver - ok 21:09:12.0409 3400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:09:12.0446 3400 IPMIDRV - ok 21:09:12.0481 3400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:09:12.0535 3400 IPNAT - ok 21:09:12.0576 3400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:09:12.0594 3400 IRENUM - ok 21:09:12.0620 3400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:09:12.0629 3400 isapnp - ok 21:09:12.0656 3400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:09:12.0671 3400 iScsiPrt - ok 21:09:12.0767 3400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 21:09:12.0791 3400 kbdclass - ok 21:09:12.0833 3400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 21:09:12.0857 3400 kbdhid - ok 21:09:12.0890 3400 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 21:09:12.0901 3400 KSecDD - ok 21:09:12.0920 3400 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 21:09:12.0933 3400 KSecPkg - ok 21:09:12.0964 3400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:09:13.0015 3400 ksthunk - ok 21:09:13.0128 3400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:09:13.0209 3400 lltdio - ok 21:09:13.0268 3400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:09:13.0279 3400 LSI_FC - ok 21:09:13.0312 3400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:09:13.0323 3400 LSI_SAS - ok 21:09:13.0350 3400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:09:13.0361 3400 LSI_SAS2 - ok 21:09:13.0394 3400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:09:13.0406 3400 LSI_SCSI - ok 21:09:13.0506 3400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:09:13.0592 3400 luafv - ok 21:09:13.0656 3400 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 21:09:13.0665 3400 LVPr2M64 - ok 21:09:13.0685 3400 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 21:09:13.0692 3400 LVPr2Mon - ok 21:09:13.0744 3400 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys 21:09:13.0758 3400 LVRS64 - ok 21:09:13.0922 3400 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys 21:09:14.0018 3400 LVUVC64 - ok 21:09:14.0054 3400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:09:14.0064 3400 megasas - ok 21:09:14.0168 3400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:09:14.0194 3400 MegaSR - ok 21:09:14.0243 3400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:09:14.0289 3400 Modem - ok 21:09:14.0323 3400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:09:14.0354 3400 monitor - ok 21:09:14.0410 3400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:09:14.0427 3400 mouclass - ok 21:09:14.0509 3400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:09:14.0544 3400 mouhid - ok 21:09:14.0582 3400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:09:14.0594 3400 mountmgr - ok 21:09:14.0618 3400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:09:14.0630 3400 mpio - ok 21:09:14.0663 3400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:09:14.0714 3400 mpsdrv - ok 21:09:14.0785 3400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:09:14.0874 3400 MRxDAV - ok 21:09:14.0942 3400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:09:14.0971 3400 mrxsmb - ok 21:09:15.0017 3400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:09:15.0047 3400 mrxsmb10 - ok 21:09:15.0077 3400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:09:15.0090 3400 mrxsmb20 - ok 21:09:15.0127 3400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:09:15.0136 3400 msahci - ok 21:09:15.0157 3400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:09:15.0169 3400 msdsm - ok 21:09:15.0252 3400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:09:15.0305 3400 Msfs - ok 21:09:15.0352 3400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:09:15.0413 3400 mshidkmdf - ok 21:09:15.0440 3400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:09:15.0450 3400 msisadrv - ok 21:09:15.0491 3400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:09:15.0540 3400 MSKSSRV - ok 21:09:15.0570 3400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:09:15.0617 3400 MSPCLOCK - ok 21:09:15.0686 3400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:09:15.0762 3400 MSPQM - ok 21:09:15.0816 3400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:09:15.0834 3400 MsRPC - ok 21:09:15.0874 3400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:09:15.0884 3400 mssmbios - ok 21:09:15.0914 3400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:09:15.0966 3400 MSTEE - ok 21:09:16.0039 3400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:09:16.0085 3400 MTConfig - ok 21:09:16.0124 3400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:09:16.0134 3400 Mup - ok 21:09:16.0179 3400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:09:16.0211 3400 NativeWifiP - ok 21:09:16.0294 3400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:09:16.0331 3400 NDIS - ok 21:09:16.0410 3400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:09:16.0460 3400 NdisCap - ok 21:09:16.0499 3400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:09:16.0548 3400 NdisTapi - ok 21:09:16.0594 3400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:09:16.0643 3400 Ndisuio - ok 21:09:16.0684 3400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:09:16.0733 3400 NdisWan - ok 21:09:16.0815 3400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:09:16.0888 3400 NDProxy - ok 21:09:16.0940 3400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:09:16.0977 3400 NetBIOS - ok 21:09:17.0020 3400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:09:17.0073 3400 NetBT - ok 21:09:17.0288 3400 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 21:09:17.0405 3400 netw5v64 - ok 21:09:17.0490 3400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:09:17.0501 3400 nfrd960 - ok 21:09:17.0545 3400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:09:17.0597 3400 Npfs - ok 21:09:17.0627 3400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:09:17.0678 3400 nsiproxy - ok 21:09:17.0744 3400 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:09:17.0788 3400 Ntfs - ok 21:09:17.0880 3400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:09:17.0956 3400 Null - ok 21:09:17.0990 3400 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:09:18.0002 3400 nvraid - ok 21:09:18.0019 3400 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:09:18.0032 3400 nvstor - ok 21:09:18.0060 3400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:09:18.0072 3400 nv_agp - ok 21:09:18.0103 3400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:09:18.0127 3400 ohci1394 - ok 21:09:18.0181 3400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:09:18.0195 3400 Parport - ok 21:09:18.0284 3400 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 21:09:18.0304 3400 partmgr - ok 21:09:18.0338 3400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:09:18.0351 3400 pci - ok 21:09:18.0377 3400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:09:18.0386 3400 pciide - ok 21:09:18.0416 3400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:09:18.0431 3400 pcmcia - ok 21:09:18.0471 3400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:09:18.0481 3400 pcw - ok 21:09:18.0514 3400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:09:18.0576 3400 PEAUTH - ok 21:09:18.0742 3400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:09:18.0789 3400 PptpMiniport - ok 21:09:18.0820 3400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:09:18.0845 3400 Processor - ok 21:09:18.0907 3400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:09:18.0944 3400 Psched - ok 21:09:19.0004 3400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:09:19.0047 3400 ql2300 - ok 21:09:19.0104 3400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:09:19.0116 3400 ql40xx - ok 21:09:19.0152 3400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:09:19.0183 3400 QWAVEdrv - ok 21:09:19.0206 3400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:09:19.0263 3400 RasAcd - ok 21:09:19.0310 3400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:09:19.0347 3400 RasAgileVpn - ok 21:09:19.0391 3400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:09:19.0443 3400 Rasl2tp - ok 21:09:19.0533 3400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:09:19.0628 3400 RasPppoe - ok 21:09:19.0655 3400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:09:19.0706 3400 RasSstp - ok 21:09:19.0740 3400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:09:19.0780 3400 rdbss - ok 21:09:19.0819 3400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:09:19.0849 3400 rdpbus - ok 21:09:19.0881 3400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:09:19.0919 3400 RDPCDD - ok 21:09:20.0004 3400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:09:20.0056 3400 RDPENCDD - ok 21:09:20.0075 3400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:09:20.0112 3400 RDPREFMP - ok 21:09:20.0154 3400 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 21:09:20.0192 3400 RDPWD - ok 21:09:20.0248 3400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:09:20.0262 3400 rdyboost - ok 21:09:20.0315 3400 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 21:09:20.0338 3400 RimUsb - ok 21:09:20.0444 3400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:09:20.0502 3400 rspndr - ok 21:09:20.0559 3400 RSUSBSTOR - ok 21:09:20.0603 3400 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:09:20.0633 3400 RTL8167 - ok 21:09:20.0722 3400 RtsUIR - ok 21:09:20.0770 3400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:09:20.0781 3400 sbp2port - ok 21:09:20.0824 3400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:09:20.0873 3400 scfilter - ok 21:09:20.0921 3400 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 21:09:20.0938 3400 sdbus - ok 21:09:20.0982 3400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:09:21.0033 3400 secdrv - ok 21:09:21.0135 3400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:09:21.0178 3400 Serenum - ok 21:09:21.0217 3400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:09:21.0230 3400 Serial - ok 21:09:21.0262 3400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:09:21.0275 3400 sermouse - ok 21:09:21.0317 3400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:09:21.0342 3400 sffdisk - ok 21:09:21.0364 3400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:09:21.0395 3400 sffp_mmc - ok 21:09:21.0476 3400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:09:21.0514 3400 sffp_sd - ok 21:09:21.0553 3400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:09:21.0579 3400 sfloppy - ok 21:09:21.0623 3400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:09:21.0633 3400 SiSRaid2 - ok 21:09:21.0654 3400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:09:21.0666 3400 SiSRaid4 - ok 21:09:21.0711 3400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:09:21.0748 3400 Smb - ok 21:09:21.0853 3400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:09:21.0862 3400 spldr - ok 21:09:21.0930 3400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:09:21.0960 3400 srv - ok 21:09:22.0026 3400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:09:22.0045 3400 srv2 - ok 21:09:22.0094 3400 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 21:09:22.0110 3400 SrvHsfHDA - ok 21:09:22.0221 3400 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 21:09:22.0265 3400 SrvHsfV92 - ok 21:09:22.0375 3400 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 21:09:22.0414 3400 SrvHsfWinac - ok 21:09:22.0450 3400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:09:22.0478 3400 srvnet - ok 21:09:22.0592 3400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:09:22.0614 3400 stexstor - ok 21:09:22.0664 3400 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys 21:09:22.0684 3400 STHDA - ok 21:09:22.0723 3400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:09:22.0732 3400 swenum - ok 21:09:22.0830 3400 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys 21:09:22.0859 3400 SynTP - ok 21:09:22.0945 3400 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 21:09:22.0996 3400 Tcpip - ok 21:09:23.0105 3400 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 21:09:23.0147 3400 TCPIP6 - ok 21:09:23.0196 3400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:09:23.0240 3400 tcpipreg - ok 21:09:23.0284 3400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:09:23.0336 3400 TDPIPE - ok 21:09:23.0358 3400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:09:23.0404 3400 TDTCP - ok 21:09:23.0462 3400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:09:23.0499 3400 tdx - ok 21:09:23.0586 3400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:09:23.0607 3400 TermDD - ok 21:09:23.0679 3400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:09:23.0729 3400 tssecsrv - ok 21:09:23.0779 3400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:09:23.0802 3400 TsUsbFlt - ok 21:09:23.0871 3400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:09:23.0929 3400 tunnel - ok 21:09:24.0003 3400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:09:24.0025 3400 uagp35 - ok 21:09:24.0070 3400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:09:24.0124 3400 udfs - ok 21:09:24.0176 3400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:09:24.0187 3400 uliagpkx - ok 21:09:24.0218 3400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 21:09:24.0240 3400 umbus - ok 21:09:24.0275 3400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:09:24.0296 3400 UmPass - ok 21:09:24.0390 3400 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 21:09:24.0436 3400 usbaudio - ok 21:09:24.0470 3400 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:09:24.0483 3400 usbccgp - ok 21:09:24.0497 3400 USBCCID - ok 21:09:24.0536 3400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:09:24.0567 3400 usbcir - ok 21:09:24.0601 3400 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 21:09:24.0613 3400 usbehci - ok 21:09:24.0703 3400 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:09:24.0741 3400 usbhub - ok 21:09:24.0770 3400 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 21:09:24.0782 3400 usbohci - ok 21:09:24.0819 3400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:09:24.0835 3400 usbprint - ok 21:09:24.0867 3400 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 21:09:24.0899 3400 usbscan - ok 21:09:24.0986 3400 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:09:25.0040 3400 USBSTOR - ok 21:09:25.0076 3400 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:09:25.0105 3400 usbuhci - ok 21:09:25.0145 3400 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 21:09:25.0167 3400 usbvideo - ok 21:09:25.0215 3400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:09:25.0225 3400 vdrvroot - ok 21:09:25.0301 3400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:09:25.0323 3400 vga - ok 21:09:25.0343 3400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:09:25.0393 3400 VgaSave - ok 21:09:25.0432 3400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:09:25.0448 3400 vhdmp - ok 21:09:25.0481 3400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:09:25.0490 3400 viaide - ok 21:09:25.0510 3400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:09:25.0520 3400 volmgr - ok 21:09:25.0565 3400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:09:25.0582 3400 volmgrx - ok 21:09:25.0620 3400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:09:25.0636 3400 volsnap - ok 21:09:25.0699 3400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:09:25.0713 3400 vsmraid - ok 21:09:25.0754 3400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:09:25.0779 3400 vwifibus - ok 21:09:25.0806 3400 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:09:25.0836 3400 vwififlt - ok 21:09:25.0883 3400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:09:25.0895 3400 WacomPen - ok 21:09:26.0006 3400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:09:26.0074 3400 WANARP - ok 21:09:26.0084 3400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:09:26.0120 3400 Wanarpv6 - ok 21:09:26.0188 3400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:09:26.0197 3400 Wd - ok 21:09:26.0243 3400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:09:26.0266 3400 Wdf01000 - ok 21:09:26.0397 3400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:09:26.0449 3400 WfpLwf - ok 21:09:26.0481 3400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:09:26.0490 3400 WIMMount - ok 21:09:26.0571 3400 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 21:09:26.0600 3400 WinUsb - ok 21:09:26.0648 3400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:09:26.0661 3400 WmiAcpi - ok 21:09:26.0716 3400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:09:26.0753 3400 ws2ifsl - ok 21:09:26.0872 3400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:09:26.0950 3400 WudfPf - ok 21:09:26.0986 3400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:09:27.0035 3400 WUDFRd - ok 21:09:27.0097 3400 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 21:09:27.0131 3400 xusb21 - ok 21:09:27.0229 3400 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 21:09:27.0249 3400 yukonw7 - ok 21:09:27.0282 3400 MBR (0x1B8) (46d426885bf12a24f50f7ef55d60a171) \Device\Harddisk0\DR0 21:09:27.0359 3400 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 21:09:27.0360 3400 \Device\Harddisk0\DR0 - detected TDSS File System (1) 21:09:27.0399 3400 Boot (0x1200) (fd46c2ba8193759a9b8e9dad1bb28b28) \Device\Harddisk0\DR0\Partition0 21:09:27.0400 3400 \Device\Harddisk0\DR0\Partition0 - ok 21:09:27.0417 3400 Boot (0x1200) (3bbb5d3fb787d4ad6609b9421824c914) \Device\Harddisk0\DR0\Partition1 21:09:27.0419 3400 \Device\Harddisk0\DR0\Partition1 - ok 21:09:27.0457 3400 Boot (0x1200) (cfb44e3953c064f49d8a4a6e2bebbef0) \Device\Harddisk0\DR0\Partition2 21:09:27.0458 3400 \Device\Harddisk0\DR0\Partition2 - ok 21:09:27.0481 3400 Boot (0x1200) (b726ae3dc3bd1123068080ecf3fc1bfe) \Device\Harddisk0\DR0\Partition3 21:09:27.0482 3400 \Device\Harddisk0\DR0\Partition3 - ok 21:09:27.0487 3400 ============================================================ 21:09:27.0487 3400 Scan finished 21:09:27.0487 3400 ============================================================ 21:09:27.0509 2572 Detected object count: 1 21:09:27.0509 2572 Actual detected object count: 1 21:09:40.0577 2572 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 21:09:40.0578 2572 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 21:09:40.0580 2572 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 21:09:40.0583 2572 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 21:09:40.0585 2572 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 21:09:40.0593 2572 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 21:09:40.0599 2572 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 21:09:40.0606 2572 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 21:09:40.0607 2572 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 21:09:40.0609 2572 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 21:09:40.0619 2572 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine 21:09:40.0620 2572 \Device\Harddisk0\DR0\TDLFS - deleted 21:09:40.0620 2572 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 21:09:57.0826 2740 Deinitialize success

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·