Inactive Threat found MBR sector of the 1. physical disk.

garfield · 2010/12/29

2010/12/29 21:03:15.0142 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 21:03:15.0142 ================================================================================
2010/12/29 21:03:15.0142 SystemInfo:
2010/12/29 21:03:15.0142
2010/12/29 21:03:15.0142 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/29 21:03:15.0142 Product type: Workstation
2010/12/29 21:03:15.0143 ComputerName: HAPPY
2010/12/29 21:03:15.0143 UserName: Gartoy
2010/12/29 21:03:15.0143 Windows directory: C:\WINDOWS
2010/12/29 21:03:15.0143 System windows directory: C:\WINDOWS
2010/12/29 21:03:15.0143 Processor architecture: Intel x86
2010/12/29 21:03:15.0143 Number of processors: 2
2010/12/29 21:03:15.0143 Page size: 0x1000
2010/12/29 21:03:15.0143 Boot type: Normal boot
2010/12/29 21:03:15.0143 ================================================================================
2010/12/29 21:03:16.0567 Initialize success
2010/12/29 21:03:24.0623 ================================================================================
2010/12/29 21:03:24.0623 Scan started
2010/12/29 21:03:24.0623 Mode: Manual;
2010/12/29 21:03:24.0624 ================================================================================
2010/12/29 21:03:27.0682 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\WINDOWS\system32\drivers\acpi.sys
2010/12/29 21:03:28.0547 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\WINDOWS\system32\drivers\adp94xx.sys
2010/12/29 21:03:28.0697 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\WINDOWS\system32\drivers\adpahci.sys
2010/12/29 21:03:28.0757 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\WINDOWS\system32\drivers\adpu160m.sys
2010/12/29 21:03:28.0808 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\WINDOWS\system32\drivers\adpu320.sys
2010/12/29 21:03:29.0805 AFD (a201207363aa900abf1a388468688570) C:\WINDOWS\system32\drivers\afd.sys
2010/12/29 21:03:30.0725 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\WINDOWS\system32\drivers\agp440.sys
2010/12/29 21:03:31.0713 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\WINDOWS\system32\drivers\djsvs.sys
2010/12/29 21:03:32.0566 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\WINDOWS\system32\drivers\aliide.sys
2010/12/29 21:03:32.0662 amdagp (c47344bc706e5f0b9dce369516661578) C:\WINDOWS\system32\drivers\amdagp.sys
2010/12/29 21:03:32.0715 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\WINDOWS\system32\drivers\amdide.sys
2010/12/29 21:03:33.0727 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\WINDOWS\system32\drivers\amdk7.sys
2010/12/29 21:03:34.0566 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\WINDOWS\system32\drivers\amdk8.sys
2010/12/29 21:03:35.0573 AR5416 (a5ad500129724b412464e9aa3a8caa73) C:\WINDOWS\system32\DRIVERS\ar5416.sys
2010/12/29 21:03:36.0444 arc (5d2888182fb46632511acee92fdad522) C:\WINDOWS\system32\drivers\arc.sys
2010/12/29 21:03:36.0592 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\WINDOWS\system32\drivers\arcsas.sys
2010/12/29 21:03:37.0511 AsyncMac (53b202abee6455406254444303e87be1) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/29 21:03:38.0349 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/29 21:03:38.0484 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\WINDOWS\system32\DRIVERS\athr.sys
2010/12/29 21:03:39.0474 ATSwpWDF (53ff3096d5d9ae2a75c16703a9819965) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
2010/12/29 21:03:40.0467 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\WINDOWS\system32\drivers\BCM42RLY.sys
2010/12/29 21:03:41.0362 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\WINDOWS\system32\DRIVERS\bcmwl6.sys
2010/12/29 21:03:41.0546 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/29 21:03:41.0626 blbdrive (d4df28447741fd3d953526e33a617397) C:\WINDOWS\system32\drivers\blbdrive.sys
2010/12/29 21:03:41.0737 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/12/29 21:03:42.0784 bowser (74b442b2be1260b7588c136177ceac66) C:\WINDOWS\system32\DRIVERS\bowser.sys
2010/12/29 21:03:43.0671 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\WINDOWS\system32\drivers\brfiltlo.sys
2010/12/29 21:03:44.0364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\WINDOWS\system32\drivers\brfiltup.sys
2010/12/29 21:03:45.0295 Brserid (b304e75cff293029eddf094246747113) C:\WINDOWS\system32\drivers\brserid.sys
2010/12/29 21:03:46.0211 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\WINDOWS\system32\drivers\brserwdm.sys
2010/12/29 21:03:46.0258 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\WINDOWS\system32\drivers\brusbmdm.sys
2010/12/29 21:03:46.0291 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\WINDOWS\system32\drivers\brusbser.sys
2010/12/29 21:03:47.0239 Btcsrusb (942c602296119d758547808221c85a2c) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/12/29 21:03:48.0166 BthEnum (6d39c954799b63ba866910234cf7d726) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/29 21:03:49.0088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\WINDOWS\system32\drivers\bthmodem.sys
2010/12/29 21:03:50.0074 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/29 21:03:51.0013 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/29 21:03:51.0876 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/29 21:03:51.0951 btwaudio (489727ea3dceba3bac3215f94bfbcaa1) C:\WINDOWS\system32\drivers\btwaudio.sys
2010/12/29 21:03:52.0961 btwavdt (dead0e02e2efdb03209c9237e93a619c) C:\WINDOWS\system32\drivers\btwavdt.sys
2010/12/29 21:03:53.0886 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
2010/12/29 21:03:54.0782 btwrchid (280e088046dcac249bb08505e296db86) C:\WINDOWS\system32\DRIVERS\btwrchid.sys
2010/12/29 21:03:55.0766 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\WINDOWS\system32\DRIVERS\cdfs.sys
2010/12/29 21:03:56.0603 cdrom (6b4bffb9becd728097024276430db314) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/29 21:03:57.0468 circlass (e5d4133f37219dbcfe102bc61072589d) C:\WINDOWS\system32\DRIVERS\circlass.sys
2010/12/29 21:03:57.0540 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\WINDOWS\system32\CLFS.sys
2010/12/29 21:03:58.0563 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/29 21:03:59.0404 cmdide (d36372a6ea6805efbe8884d10772313f) C:\WINDOWS\system32\drivers\cmdide.sys
2010/12/29 21:04:00.0313 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\WINDOWS\system32\drivers\CHDRT32.sys
2010/12/29 21:04:00.0418 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/29 21:04:01.0259 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\WINDOWS\system32\drivers\crcdisk.sys
2010/12/29 21:04:02.0130 Crusoe (1f07becdca750766a96cda811ba86410) C:\WINDOWS\system32\drivers\crusoe.sys
2010/12/29 21:04:03.0067 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\WINDOWS\system32\Drivers\dfsc.sys
2010/12/29 21:04:04.0092 disk (5d4aefc3386920236a548271f8f1af6a) C:\WINDOWS\system32\drivers\disk.sys
2010/12/29 21:04:05.0086 drmkaud (97fef831ab90bee128c9af390e243f80) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/29 21:04:05.0926 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\WINDOWS\System32\drivers\dxgkrnl.sys
2010/12/29 21:04:06.0893 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
2010/12/29 21:04:07.0846 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\WINDOWS\system32\DRIVERS\eamonm.sys
2010/12/29 21:04:08.0780 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\WINDOWS\system32\drivers\ecache.sys
2010/12/29 21:04:09.0661 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/29 21:04:10.0704 elxstor (23b62471681a124889978f6295b3f4c6) C:\WINDOWS\system32\drivers\elxstor.sys
2010/12/29 21:04:11.0661 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/29 21:04:12.0543 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/29 21:04:13.0482 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\WINDOWS\system32\DRIVERS\epfwwfp.sys
2010/12/29 21:04:14.0368 ErrDev (3db974f3935483555d7148663f726c61) C:\WINDOWS\system32\drivers\errdev.sys
2010/12/29 21:04:15.0386 exfat (22b408651f9123527bcee54b4f6c5cae) C:\WINDOWS\system32\drivers\exfat.sys
2010/12/29 21:04:16.0308 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\WINDOWS\system32\drivers\fastfat.sys
2010/12/29 21:04:17.0025 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/29 21:04:17.0956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\WINDOWS\system32\drivers\fileinfo.sys
2010/12/29 21:04:18.0778 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\WINDOWS\system32\drivers\filetrace.sys
2010/12/29 21:04:18.0847 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/29 21:04:19.0774 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/29 21:04:20.0711 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/29 21:04:21.0537 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\WINDOWS\system32\drivers\gagp30kx.sys
2010/12/29 21:04:22.0474 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/29 21:04:23.0411 GTPTSER (b7d480186f433a08ad31f19a4afea888) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2010/12/29 21:04:24.0346 GTUQBUS (ad4c38fe124cbd62ba9ccb1e4dfe7b3c) C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
2010/12/29 21:04:25.0293 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/12/29 21:04:25.0995 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/29 21:04:26.0909 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\WINDOWS\system32\drivers\hidbth.sys
2010/12/29 21:04:27.0754 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\WINDOWS\system32\DRIVERS\hidir.sys
2010/12/29 21:04:28.0692 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/29 21:04:29.0529 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\WINDOWS\system32\drivers\hpcisss.sys
2010/12/29 21:04:29.0592 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2010/12/29 21:04:30.0600 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/29 21:04:31.0479 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/29 21:04:32.0354 HTTP (f870aa3e254628ebeafe754108d664de) C:\WINDOWS\system32\drivers\HTTP.sys
2010/12/29 21:04:32.0424 i2omp (c6b032d69650985468160fc9937cf5b4) C:\WINDOWS\system32\drivers\i2omp.sys
2010/12/29 21:04:32.0518 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/29 21:04:32.0586 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\WINDOWS\system32\drivers\iastorv.sys
2010/12/29 21:04:32.0807 igfx (1396d38514c3c4b930f5d24e6c8521e6) C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
2010/12/29 21:04:33.0694 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\WINDOWS\system32\drivers\iirsp.sys
2010/12/29 21:04:34.0610 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010/12/29 21:04:35.0566 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\WINDOWS\system32\drivers\intelide.sys
2010/12/29 21:04:36.0367 intelppm (224191001e78c89dfa78924c3ea595ff) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/29 21:04:37.0352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/29 21:04:37.0565 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\WINDOWS\system32\drivers\ipmidrv.sys
2010/12/29 21:04:38.0385 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/29 21:04:38.0503 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\WINDOWS\system32\drivers\irenum.sys
2010/12/29 21:04:38.0550 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\WINDOWS\system32\drivers\isapnp.sys
2010/12/29 21:04:38.0599 iScsiPrt (232fa340531d940aac623b121a595034) C:\WINDOWS\system32\DRIVERS\msiscsi.sys
2010/12/29 21:04:39.0496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\WINDOWS\system32\drivers\iteatapi.sys
2010/12/29 21:04:40.0442 itecir (20425664e2e196d339ca877e0387c023) C:\WINDOWS\system32\DRIVERS\itecir.sys
2010/12/29 21:04:41.0293 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\WINDOWS\system32\drivers\iteraid.sys
2010/12/29 21:04:41.0430 k57nd60x (faafa13932361d0a5a7ba5690ca4e377) C:\WINDOWS\system32\DRIVERS\k57nd60x.sys
2010/12/29 21:04:42.0288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/29 21:04:43.0046 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/29 21:04:43.0195 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\WINDOWS\system32\Drivers\ksecdd.sys
2010/12/29 21:04:43.0340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\WINDOWS\system32\DRIVERS\lltdio.sys
2010/12/29 21:04:43.0419 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\WINDOWS\system32\drivers\lsi_fc.sys
2010/12/29 21:04:44.0286 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\WINDOWS\system32\drivers\lsi_sas.sys
2010/12/29 21:04:44.0400 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\WINDOWS\system32\drivers\lsi_scsi.sys
2010/12/29 21:04:45.0324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\WINDOWS\system32\drivers\luafv.sys
2010/12/29 21:04:46.0291 ManyCam (d568ecfc11c451dc75c1e3301c78945a) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2010/12/29 21:04:47.0133 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2010/12/29 21:04:48.0144 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/29 21:04:49.0066 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/29 21:04:49.0964 megasas (0001ce609d66632fa17b84705f658879) C:\WINDOWS\system32\drivers\megasas.sys
2010/12/29 21:04:50.0866 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\WINDOWS\system32\drivers\megasr.sys
2010/12/29 21:04:51.0678 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\WINDOWS\system32\drivers\modem.sys
2010/12/29 21:04:51.0762 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\WINDOWS\system32\DRIVERS\monitor.sys
2010/12/29 21:04:52.0625 mouclass (5bf6a1326a335c5298477754a506d263) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/29 21:04:53.0414 mouhid (93b8d4869e12cfbe663915502900876f) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/29 21:04:53.0476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\WINDOWS\system32\drivers\mountmgr.sys
2010/12/29 21:04:53.0562 mpio (511d011289755dd9f9a7579fb0b064e6) C:\WINDOWS\system32\drivers\mpio.sys
2010/12/29 21:04:53.0635 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\WINDOWS\system32\drivers\mpsdrv.sys
2010/12/29 21:04:53.0713 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\WINDOWS\system32\drivers\mraid35x.sys
2010/12/29 21:04:54.0438 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/29 21:04:56.0892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/29 21:04:57.0808 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\WINDOWS\system32\DRIVERS\WN111.sys
2010/12/29 21:04:58.0715 Mrvleap (f87d977649d2d067697a3c331794785d) C:\WINDOWS\system32\DRIVERS\mrveap32.sys
2010/12/29 21:04:59.0566 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\WINDOWS\system32\drivers\mrxdav.sys
2010/12/29 21:04:59.0636 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/29 21:04:59.0694 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
2010/12/29 21:05:00.0554 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
2010/12/29 21:05:01.0493 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\WINDOWS\system32\drivers\msahci.sys
2010/12/29 21:05:02.0322 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\WINDOWS\system32\drivers\msdsm.sys
2010/12/29 21:05:03.0177 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/29 21:05:04.0068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\WINDOWS\system32\drivers\msisadrv.sys
2010/12/29 21:05:04.0194 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/29 21:05:04.0320 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/29 21:05:04.0376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/29 21:05:04.0458 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\WINDOWS\system32\drivers\MsRPC.sys
2010/12/29 21:05:04.0514 mssmbios (e384487cb84be41d09711c30ca79646c) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/29 21:05:04.0563 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/29 21:05:04.0621 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\WINDOWS\system32\Drivers\mup.sys
2010/12/29 21:05:04.0709 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\WINDOWS\system32\DRIVERS\nwifi.sys
2010/12/29 21:05:04.0802 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\WINDOWS\system32\drivers\ndis.sys
2010/12/29 21:05:04.0863 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/29 21:05:04.0912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/29 21:05:04.0994 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/29 21:05:05.0040 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/29 21:05:05.0125 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/29 21:05:05.0192 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/29 21:05:05.0326 netr28u (0da6b9a40eef9f3eede12bc634facab7) C:\WINDOWS\system32\DRIVERS\netr28u.sys
2010/12/29 21:05:05.0397 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\WINDOWS\system32\DRIVERS\WUSB54GCx86.sys
2010/12/29 21:05:06.0380 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\WINDOWS\system32\DRIVERS\NETw3v32.sys
2010/12/29 21:05:07.0228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\WINDOWS\system32\drivers\nfrd960.sys
2010/12/29 21:05:08.0077 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/29 21:05:08.0153 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\WINDOWS\system32\drivers\nsiproxy.sys
2010/12/29 21:05:08.0268 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/29 21:05:08.0395 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\WINDOWS\system32\drivers\ntrigdigi.sys
2010/12/29 21:05:09.0258 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/29 21:05:09.0300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\WINDOWS\system32\drivers\Null.sys
2010/12/29 21:05:09.0347 nvraid (2edf9e7751554b42cbb60116de727101) C:\WINDOWS\system32\drivers\nvraid.sys
2010/12/29 21:05:09.0380 nvstor (abed0c09758d1d97db0042dbb2688177) C:\WINDOWS\system32\drivers\nvstor.sys
2010/12/29 21:05:09.0442 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\WINDOWS\system32\drivers\nv_agp.sys
2010/12/29 21:05:09.0554 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
2010/12/29 21:05:09.0586 OA001Vid (4075063d25af9da64101769854b83787) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
2010/12/29 21:05:10.0565 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/29 21:05:11.0540 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\WINDOWS\system32\drivers\parport.sys
2010/12/29 21:05:12.0391 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\WINDOWS\system32\drivers\partmgr.sys
2010/12/29 21:05:12.0442 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\WINDOWS\system32\drivers\parvdm.sys
2010/12/29 21:05:12.0510 pci (941dc1d19e7e8620f40bbc206981efdb) C:\WINDOWS\system32\drivers\pci.sys
2010/12/29 21:05:12.0553 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\WINDOWS\system32\drivers\pciide.sys
2010/12/29 21:05:12.0609 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\WINDOWS\system32\drivers\pcmcia.sys
2010/12/29 21:05:13.0511 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/12/29 21:05:14.0346 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\WINDOWS\system32\drivers\peauth.sys
2010/12/29 21:05:15.0409 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/29 21:05:16.0271 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2010/12/29 21:05:16.0339 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\WINDOWS\system32\drivers\processr.sys
2010/12/29 21:05:16.0475 PSched (99514faa8df93d34b5589187db3aa0ba) C:\WINDOWS\system32\DRIVERS\pacer.sys
2010/12/29 21:05:17.0457 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/29 21:05:18.0334 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\WINDOWS\system32\drivers\ql2300.sys
2010/12/29 21:05:19.0040 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\WINDOWS\system32\drivers\ql40xx.sys
2010/12/29 21:05:19.0124 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\WINDOWS\system32\drivers\qwavedrv.sys
2010/12/29 21:05:20.0010 RasAcd (147d7f9c556d259924351feb0de606c3) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/29 21:05:20.0864 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/29 21:05:21.0773 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/29 21:05:22.0657 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\WINDOWS\system32\DRIVERS\rassstp.sys
2010/12/29 21:05:23.0496 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/29 21:05:23.0560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/29 21:05:23.0635 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\WINDOWS\system32\drivers\rdpdr.sys
2010/12/29 21:05:23.0693 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\WINDOWS\system32\drivers\rdpencdd.sys
2010/12/29 21:05:23.0768 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/29 21:05:23.0911 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/29 21:05:24.0846 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/29 21:05:25.0697 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/29 21:05:25.0789 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/29 21:05:25.0841 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/29 21:05:25.0893 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/29 21:05:25.0950 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/29 21:05:25.0983 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/29 21:05:26.0057 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/12/29 21:05:27.0009 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\WINDOWS\system32\DRIVERS\Rtlh86.sys
2010/12/29 21:05:27.0863 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2010/12/29 21:05:28.0733 sbp2port (3ce8f073a557e172b330109436984e30) C:\WINDOWS\system32\drivers\sbp2port.sys
2010/12/29 21:05:28.0850 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/29 21:05:28.0943 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\drivers\secdrv.sys
2010/12/29 21:05:29.0027 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\WINDOWS\system32\drivers\serenum.sys
2010/12/29 21:05:29.0076 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\WINDOWS\system32\drivers\serial.sys
2010/12/29 21:05:29.0151 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\WINDOWS\system32\drivers\sermouse.sys
2010/12/29 21:05:29.0241 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/29 21:05:29.0295 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010/12/29 21:05:30.0152 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/29 21:05:30.0960 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/29 21:05:31.0056 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\WINDOWS\system32\drivers\sisagp.sys
2010/12/29 21:05:31.0110 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\WINDOWS\system32\drivers\sisraid2.sys
2010/12/29 21:05:32.0002 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\WINDOWS\system32\drivers\sisraid4.sys
2010/12/29 21:05:32.0854 Smb (7b75299a4d201d6a6533603d6914ab04) C:\WINDOWS\system32\DRIVERS\smb.sys
2010/12/29 21:05:32.0984 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/29 21:05:33.0054 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\WINDOWS\system32\drivers\spldr.sys
2010/12/29 21:05:33.0106 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/29 21:05:33.0154 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\WINDOWS\system32\DRIVERS\srv2.sys
2010/12/29 21:05:33.0194 srvnet (faa0d553a49e85008c6bb3781987c574) C:\WINDOWS\system32\DRIVERS\srvnet.sys
2010/12/29 21:05:34.0142 STHDA (2449940565c8590961b4b1e9402ea43e) C:\WINDOWS\system32\DRIVERS\stwrt.sys
2010/12/29 21:05:35.0082 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/29 21:05:35.0927 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/29 21:05:36.0833 swmsflt (a184a1bab187809b144ba32509b9e731) C:\WINDOWS\System32\drivers\swmsflt.sys
2010/12/29 21:05:38.0208 Symc8xx (192aa3ac01df071b541094f251deed10) C:\WINDOWS\system32\drivers\symc8xx.sys
2010/12/29 21:05:39.0015 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\WINDOWS\system32\drivers\sym_hi.sys
2010/12/29 21:05:39.0050 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\WINDOWS\system32\drivers\sym_u3.sys
2010/12/29 21:05:39.0104 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/29 21:05:39.0200 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\drivers\tcpip.sys
2010/12/29 21:05:40.0125 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/29 21:05:41.0070 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/12/29 21:05:41.0144 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\WINDOWS\system32\drivers\tcpipreg.sys
2010/12/29 21:05:42.0026 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\WINDOWS\system32\drivers\tdpipe.sys
2010/12/29 21:05:42.0882 tdrpman (603d59923828c6c213b84b14cbf32083) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/29 21:05:42.0951 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\WINDOWS\system32\drivers\tdtcp.sys
2010/12/29 21:05:43.0016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\WINDOWS\system32\DRIVERS\tdx.sys
2010/12/29 21:05:43.0071 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/29 21:05:43.0157 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/29 21:05:43.0203 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/29 21:05:43.0303 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
2010/12/29 21:05:43.0390 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/29 21:05:44.0224 tunnel (300db877ac094feab0be7688c3454a9c) C:\WINDOWS\system32\DRIVERS\tunnel.sys
2010/12/29 21:05:44.0301 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\WINDOWS\system32\drivers\uagp35.sys
2010/12/29 21:05:44.0378 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\WINDOWS\system32\DRIVERS\udfs.sys
2010/12/29 21:05:44.0481 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\WINDOWS\system32\drivers\uliagpkx.sys
2010/12/29 21:05:44.0545 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\WINDOWS\system32\drivers\uliahci.sys
2010/12/29 21:05:44.0594 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\WINDOWS\system32\drivers\ulsata.sys
2010/12/29 21:05:45.0498 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\WINDOWS\system32\drivers\ulsata2.sys
2010/12/29 21:05:46.0391 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\WINDOWS\system32\DRIVERS\umbus.sys
2010/12/29 21:05:46.0628 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/29 21:05:47.0623 usbaudio (32db9517628ff0d070682aab61e688f0) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/29 21:05:48.0466 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/29 21:05:48.0539 usbcir (e9476e6c486e76bc4898074768fb7131) C:\WINDOWS\system32\drivers\usbcir.sys
2010/12/29 21:05:48.0634 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/29 21:05:48.0695 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/29 21:05:48.0789 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\WINDOWS\system32\drivers\usbohci.sys
2010/12/29 21:05:48.0846 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\WINDOWS\system32\drivers\usbprint.sys
2010/12/29 21:05:48.0926 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/29 21:05:48.0993 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/29 21:05:49.0109 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/29 21:05:50.0039 vga (87b06e1f30b749a114f74622d013f8d4) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2010/12/29 21:05:50.0844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\WINDOWS\System32\drivers\vga.sys
2010/12/29 21:05:50.0914 viaagp (5d7159def58a800d5781ba3a879627bc) C:\WINDOWS\system32\drivers\viaagp.sys
2010/12/29 21:05:50.0972 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\WINDOWS\system32\drivers\viac7.sys
2010/12/29 21:05:51.0018 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\WINDOWS\system32\drivers\viaide.sys
2010/12/29 21:05:51.0423 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\WINDOWS\system32\drivers\volmgr.sys
2010/12/29 21:05:51.0560 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\WINDOWS\system32\drivers\volmgrx.sys
2010/12/29 21:05:51.0615 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\WINDOWS\system32\drivers\volsnap.sys
2010/12/29 21:05:51.0672 vsmraid (587253e09325e6bf226b299774b728a9) C:\WINDOWS\system32\drivers\vsmraid.sys
2010/12/29 21:05:51.0759 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\WINDOWS\system32\drivers\wacompen.sys
2010/12/29 21:05:51.0827 Wanarp (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/29 21:05:51.0879 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/29 21:05:51.0964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\WINDOWS\system32\drivers\wd.sys
2010/12/29 21:05:52.0029 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\WINDOWS\system32\drivers\Wdf01000.sys
2010/12/29 21:05:52.0177 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/29 21:05:52.0294 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/29 21:05:52.0437 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/29 21:05:53.0334 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\WINDOWS\system32\drivers\ws2ifsl.sys
2010/12/29 21:05:54.0280 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
2010/12/29 21:05:55.0308 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\WINDOWS\system32\DRIVERS\yk60x86.sys
2010/12/29 21:05:55.0521 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/29 21:05:55.0546 ================================================================================
2010/12/29 21:05:55.0546 Scan finished
2010/12/29 21:05:55.0546 ================================================================================
2010/12/29 21:05:55.0567 Detected object count: 1
2010/12/29 21:06:13.0372 \HardDisk0 - will be cured after reboot
2010/12/29 21:06:13.0373 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

broni · 2010/12/29

Please, redo MBR reset as listed in my reply #12.
Post fresh MBRCheck log.

garfield · 2010/12/29

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 223):
0x8284A000 \SystemRoot\system32\ntkrnlpa.exe
0x82817000 \SystemRoot\system32\hal.dll
0x8060C000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80683000 \SystemRoot\system32\PSHED.dll
0x80694000 \SystemRoot\system32\BOOTVID.dll
0x8069C000 \SystemRoot\system32\CLFS.SYS
0x806DD000 \SystemRoot\system32\CI.dll
0x82E0C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E88000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E95000 \SystemRoot\system32\drivers\acpi.sys
0x82EDB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EE4000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EEC000 \SystemRoot\system32\drivers\pci.sys
0x82F13000 \SystemRoot\system32\drivers\isapnp.sys
0x82F22000 \SystemRoot\system32\drivers\mpio.sys
0x82F3E000 \SystemRoot\System32\drivers\partmgr.sys
0x82F4D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F50000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F5A000 \SystemRoot\system32\drivers\volmgr.sys
0x82F69000 \SystemRoot\System32\drivers\volmgrx.sys
0x82FB3000 \SystemRoot\system32\drivers\intelide.sys
0x82FBA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FC8000 \SystemRoot\system32\drivers\aliide.sys
0x82FCF000 \SystemRoot\system32\drivers\amdide.sys
0x82FD6000 \SystemRoot\system32\drivers\cmdide.sys
0x82FDE000 \SystemRoot\System32\drivers\mountmgr.sys
0x807BD000 \SystemRoot\system32\drivers\msdsm.sys
0x807D7000 \SystemRoot\system32\drivers\nvraid.sys
0x83C0C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83C2D000 \SystemRoot\system32\drivers\pciide.sys
0x83C34000 \SystemRoot\system32\drivers\viaide.sys
0x83C3C000 \SystemRoot\system32\drivers\iastorv.sys
0x83CDD000 \SystemRoot\system32\drivers\atapi.sys
0x83CE5000 \SystemRoot\system32\drivers\ataport.SYS
0x83D03000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83D1D000 \SystemRoot\system32\drivers\storport.sys
0x83D5E000 \SystemRoot\system32\drivers\msahci.sys
0x83D68000 \SystemRoot\system32\drivers\hpcisss.sys
0x83D73000 \SystemRoot\system32\drivers\adp94xx.sys
0x83E0F000 \SystemRoot\system32\drivers\adpahci.sys
0x83E5B000 \SystemRoot\system32\drivers\adpu160m.sys
0x83E76000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83E9C000 \SystemRoot\system32\drivers\adpu320.sys
0x83EC2000 \SystemRoot\system32\drivers\djsvs.sys
0x83ED6000 \SystemRoot\system32\drivers\arc.sys
0x83EEC000 \SystemRoot\system32\drivers\arcsas.sys
0x83F02000 \SystemRoot\system32\drivers\elxstor.sys
0x83F96000 \SystemRoot\system32\drivers\i2omp.sys
0x83FA0000 \SystemRoot\system32\drivers\iirsp.sys
0x83FB0000 \SystemRoot\system32\drivers\iteatapi.sys
0x83FBC000 \SystemRoot\system32\drivers\iteraid.sys
0x83FC8000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83FE2000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83E00000 \SystemRoot\system32\drivers\megasas.sys
0x8B407000 \SystemRoot\system32\drivers\megasr.sys
0x8B4BE000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B4C9000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B4D7000 \SystemRoot\system32\drivers\nvstor.sys
0x8B604000 \SystemRoot\system32\drivers\ql2300.sys
0x8B73C000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B791000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B79E000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7B3000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7BF000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7CA000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B4E4000 \SystemRoot\system32\drivers\uliahci.sys
0x8B7D5000 \SystemRoot\system32\drivers\ulsata.sys
0x8B520000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B54C000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B56D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B59F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B7F6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B80E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B87F000 \SystemRoot\system32\drivers\ndis.sys
0x8B98A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B9B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA07000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB0C000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BC03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD13000 \SystemRoot\system32\drivers\wd.sys
0x8BD1B000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD54000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x8BDAD000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDB5000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8BDD3000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BDE8000 \SystemRoot\System32\Drivers\mup.sys
0x8BB77000 \SystemRoot\System32\drivers\ecache.sys
0x8BB9E000 \SystemRoot\system32\drivers\disk.sys
0x8BDF7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BC00000 \SystemRoot\system32\drivers\BMLoad.sys
0x8BBD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBDC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x9040B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90A83000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90B24000 \SystemRoot\System32\drivers\watchdog.sys
0x90B30000 \SystemRoot\System32\drivers\swmsflt.sys
0x90B35000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90B40000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90B7E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FE04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE91000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FFBB000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x90B8D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90B9D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90BAB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90BC5000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90BD6000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90004000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x90056000 \SystemRoot\system32\DRIVERS\itecir.sys
0x900AF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x900C2000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x900C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x900D2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90102000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90104000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9010F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90127000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9012D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9013C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90145000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90149000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x90154000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9015C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9018B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90196000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x9019C000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x901A9000 \SystemRoot\system32\DRIVERS\ks.sys
0x901D3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x901DB000 \SystemRoot\system32\drivers\modem.sys
0x901E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90BEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B5AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BBE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B5D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B5E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BF5000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8B9F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90400000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x90000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B800000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8BBF4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x83DDD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9100E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91043000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91054000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x910B5000 \SystemRoot\system32\DRIVERS\portcls.sys
0x910E2000 \SystemRoot\system32\DRIVERS\drmk.sys
0x91107000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9112A000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91135000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91145000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9114C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91155000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9115D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91166000 \SystemRoot\System32\Drivers\Null.SYS
0x9116D000 \SystemRoot\System32\Drivers\Beep.SYS
0x91174000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x91808000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x918A8000 \SystemRoot\System32\drivers\vga.sys
0x918B4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x918D5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x918DD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x918E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x918F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x918FE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91907000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9191D000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0x91922000 \SystemRoot\system32\DRIVERS\smb.sys
0x91936000 \SystemRoot\system32\drivers\afd.sys
0x9197E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x919B0000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x919B9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x919CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x919DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91193000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x919F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x911CF000 \SystemRoot\System32\Drivers\dfsc.sys
0x911E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91C0A000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x91C4F000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x91C70000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91C79000 \SystemRoot\system32\DRIVERS\udfs.sys
0x91CB4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91CC1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91CCC000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9B000000 \SystemRoot\System32\win32k.sys
0x91CD6000 \SystemRoot\System32\drivers\Dxapi.sys
0x91CE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B220000 \SystemRoot\System32\TSDDD.dll
0x9B240000 \SystemRoot\System32\cdd.dll
0x9B250000 \SystemRoot\System32\ATMFD.DLL
0x91CEF000 \SystemRoot\system32\drivers\luafv.sys
0x91D0A000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x91DB0000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x91DBA000 \SystemRoot\system32\DRIVERS\epfw.sys
0x91DDC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB0005000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xB002F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0039000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB004C000 \SystemRoot\system32\drivers\HTTP.sys
0xB00B9000 \SystemRoot\system32\drivers\spsys.sys
0xB0169000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB0186000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB019F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB01B4000 \SystemRoot\system32\drivers\mrxdav.sys
0xB01D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB2401000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB243A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB2452000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB247A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB24E0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB24E9000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0xB24F7000 \SystemRoot\System32\Drivers\btcusb.sys
0xB24FF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2503000 \SystemRoot\system32\drivers\peauth.sys
0xB25E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB25EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB3E09000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB3E31000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB3E39000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x77910000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
740 C:\Windows\System32\smss.exe
872 csrss.exe
916 csrss.exe
924 C:\Windows\System32\wininit.exe
964 C:\Windows\System32\services.exe
988 C:\Windows\System32\winlogon.exe
1012 C:\Windows\System32\lsass.exe
1020 C:\Windows\System32\lsm.exe
1168 C:\Windows\System32\svchost.exe
1212 C:\Program Files\Fingerprint Sensor\AtService.exe
1248 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
1588 C:\Windows\System32\audiodg.exe
1676 C:\Windows\System32\svchost.exe
1696 C:\Windows\System32\SLsvc.exe
1752 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\WLTRYSVC.EXE
504 C:\Windows\System32\wlanext.exe
560 C:\Windows\System32\BCMWLTRY.EXE
748 C:\Windows\System32\spoolsv.exe
832 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1908 C:\Windows\System32\svchost.exe
2156 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2196 C:\Windows\System32\taskeng.exe
2204 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
2216 C:\Windows\System32\alg.exe
2256 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2284 C:\Program Files\Bonjour\mDNSResponder.exe
2312 C:\Windows\System32\svchost.exe
2332 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2440 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
2500 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2520 C:\Program Files\Common Files\Motive\McciCMService.exe
2596 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2644 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
2716 C:\Windows\System32\svchost.exe
2744 C:\Windows\System32\svchost.exe
2808 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2912 C:\Windows\System32\svchost.exe
2932 C:\Windows\System32\SearchIndexer.exe
2968 C:\Windows\System32\drivers\XAudio.exe
3000 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3140 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3960 C:\Windows\System32\taskeng.exe
4040 C:\Windows\System32\dwm.exe
4052 C:\Windows\explorer.exe
1860 C:\Windows\System32\taskeng.exe
2876 C:\Program Files\Google\Update\GoogleUpdate.exe
2804 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3884 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3448 C:\Program Files\ESET\ESET Smart Security\egui.exe
3244 C:\Windows\System32\igfxsrvc.exe
3924 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1584 C:\Windows\System32\wbem\unsecapp.exe
1580 WmiPrvSE.exe
3464 C:\Windows\System32\SearchProtocolHost.exe
4004 C:\Windows\System32\SearchFilterHost.exe
3516 C:\Users\Gartoy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

broni · 2010/12/29

I'm not sure, why this is not working...

Please download Rootkit Unhooker . Save it to your desktop.

Alternative download: http://www.softpedia.com/progDownload/Rootkit-Unhooker-Download-61519.html

Now double-click on RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan.

Checkmark Drivers, Stealth. Uncheck the rest. Click OK.

Wait till the scanner has finished and then click File, Save Report.

Save the report to some known location. Click Close.

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay? "

garfield · 2010/12/29

Try to run RKUnhookle.exe I ran it as admin. rights and get this error
Error loading driver,NTSTATUS code C0000001
with OK so I clicked OK and program closed out.

broni · 2010/12/29

Try to run it from Safe Mode.

One more question...
What is drive E/F?
Internal drive with two partitions?
What do you have there?

garfield · 2010/12/30

Same error in safe mode. E: /F: are a second hard drive the first Hard drive is C: / D:
E: is Main drive for windows 7 and F: is Recovery drive for windows 7
C: is Main drive for Vista D: is recovery drive for vista the are dual boot OS system windows 7 works not a problem but Vista give me error MBR sector of 1 physical disk
Threat Win32/Olmarik.AJL trojan.

broni · 2010/12/30

I see. That explains some of my questions.

Please download [color= "#CC0000"]The Avenger[/color] by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.

garfield · 2010/12/30

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

I know I am not supposed to anything unless instructed from you but I try this I removed the windows 7 hard drive and vista will the boot than I took out vista and put windows 7 hard drive back in and it did boot fine. Not sure if any if that information might be helpful. Again thanks for your help.

broni · 2010/12/30

Yeah, I'm afraid, we'll have to deal with one drive at a time.

I removed the windows 7 hard drive and vista will the boot
Click to expand...

I know, it's a typo, so what exactly happened? Will, or will not boot?

garfield · 2010/12/30

sorry when I took out windows 7, vista WILL NOT boot typo.

broni · 2010/12/30

Yeah, here is the reason:

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)

465 GB \\.\PhysicalDrive1 Unknown MBR code
Click to expand...

It looks like with dual boot, our MBR fix gets confused and it fixes wrong MBR.

Remove Windows 7 drive and leave it off until we're ready to put it back in.

Now...
(you made a CD listed below already, so skip the beginning)...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted (see, if it'll boot), run MBRCheck again and post its log.

garfield · 2010/12/30

I removed windows 7 hard drive and ran cd for MBRWORK as your details above and when the computer reboots I get this ERROR NTLDR is missing
press Ctrl+ALt+Del to restart same error on reboot. should I plug windows 7 back in and try?

When I put back windows 7 hard drive vista did boot and i also ran MBRCheck and guess what heres the log from both drives installed.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 224):
0x82816000 \SystemRoot\system32\ntkrnlpa.exe
0x82BCF000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x82E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E89000 \SystemRoot\system32\drivers\acpi.sys
0x82ECF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82ED8000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE0000 \SystemRoot\system32\drivers\pci.sys
0x82F07000 \SystemRoot\system32\drivers\isapnp.sys
0x82F16000 \SystemRoot\system32\drivers\mpio.sys
0x82F32000 \SystemRoot\System32\drivers\partmgr.sys
0x82F41000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F44000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F4E000 \SystemRoot\system32\drivers\volmgr.sys
0x82F5D000 \SystemRoot\System32\drivers\volmgrx.sys
0x82FA7000 \SystemRoot\system32\drivers\intelide.sys
0x82FAE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FBC000 \SystemRoot\system32\drivers\aliide.sys
0x82FC3000 \SystemRoot\system32\drivers\amdide.sys
0x82FCA000 \SystemRoot\system32\drivers\cmdide.sys
0x82FD2000 \SystemRoot\System32\drivers\mountmgr.sys
0x82FE2000 \SystemRoot\system32\drivers\msdsm.sys
0x807B1000 \SystemRoot\system32\drivers\nvraid.sys
0x807CC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807ED000 \SystemRoot\system32\drivers\pciide.sys
0x807F4000 \SystemRoot\system32\drivers\viaide.sys
0x83C00000 \SystemRoot\system32\drivers\iastorv.sys
0x83CA1000 \SystemRoot\system32\drivers\atapi.sys
0x83CA9000 \SystemRoot\system32\drivers\ataport.SYS
0x83CC7000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83CE1000 \SystemRoot\system32\drivers\storport.sys
0x83D22000 \SystemRoot\system32\drivers\msahci.sys
0x83D2C000 \SystemRoot\system32\drivers\hpcisss.sys
0x83D37000 \SystemRoot\system32\drivers\adp94xx.sys
0x83DA1000 \SystemRoot\system32\drivers\adpahci.sys
0x83E03000 \SystemRoot\system32\drivers\adpu160m.sys
0x83E1E000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83E44000 \SystemRoot\system32\drivers\adpu320.sys
0x83E6A000 \SystemRoot\system32\drivers\djsvs.sys
0x83E7E000 \SystemRoot\system32\drivers\arc.sys
0x83E94000 \SystemRoot\system32\drivers\arcsas.sys
0x83EAA000 \SystemRoot\system32\drivers\elxstor.sys
0x83F3E000 \SystemRoot\system32\drivers\i2omp.sys
0x83F48000 \SystemRoot\system32\drivers\iirsp.sys
0x83F58000 \SystemRoot\system32\drivers\iteatapi.sys
0x83F64000 \SystemRoot\system32\drivers\iteraid.sys
0x83F70000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83F8A000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83FA2000 \SystemRoot\system32\drivers\megasas.sys
0x8B401000 \SystemRoot\system32\drivers\megasr.sys
0x8B4B8000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B4C3000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B4D1000 \SystemRoot\system32\drivers\nvstor.sys
0x8B60F000 \SystemRoot\system32\drivers\ql2300.sys
0x8B747000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B79C000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B7A9000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7BE000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7CA000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7D5000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B4DE000 \SystemRoot\system32\drivers\uliahci.sys
0x8B51A000 \SystemRoot\system32\drivers\ulsata.sys
0x8B53B000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B567000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B588000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B7E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B7F0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B871000 \SystemRoot\system32\drivers\ndis.sys
0x8B97C000 \SystemRoot\system32\drivers\msrpc.sys
0x8B9A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA0E000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB13000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BC00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD10000 \SystemRoot\system32\drivers\wd.sys
0x8BD18000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD51000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x8BDAA000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDB2000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8BDD0000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BDE5000 \SystemRoot\System32\Drivers\mup.sys
0x8BB7E000 \SystemRoot\System32\drivers\ecache.sys
0x8BBA5000 \SystemRoot\system32\drivers\disk.sys
0x8BDF4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDFD000 \SystemRoot\system32\drivers\BMLoad.sys
0x8BBD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBE3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90609000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90C81000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90D22000 \SystemRoot\System32\drivers\watchdog.sys
0x90D2E000 \SystemRoot\System32\drivers\swmsflt.sys
0x90D33000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90D3E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90D7C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90E02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90E8F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x90FB9000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x90D8B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90D9B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90DA9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90DC3000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90DD4000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x83FAC000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x91003000 \SystemRoot\system32\DRIVERS\itecir.sys
0x9105C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9106F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x91074000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9107F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x910AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x910B1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x910BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x910D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x910DA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x910E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x910F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x910F6000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x91101000 \SystemRoot\system32\DRIVERS\serscan.sys
0x91109000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x91138000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91143000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x91149000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x91156000 \SystemRoot\system32\DRIVERS\ks.sys
0x91180000 \SystemRoot\System32\Drivers\RootMdm.sys
0x91188000 \SystemRoot\system32\drivers\modem.sys
0x91195000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x911AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x911B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x911DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x911E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90DE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90600000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8BBEC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x911FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B9E2000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8B9F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B600000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B5BA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B5EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91605000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x91666000 \SystemRoot\system32\DRIVERS\portcls.sys
0x91693000 \SystemRoot\system32\DRIVERS\drmk.sys
0x916B8000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x916DB000 \SystemRoot\system32\DRIVERS\hidir.sys
0x916E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x916F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x916FD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91706000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9170E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91717000 \SystemRoot\System32\Drivers\Null.SYS
0x9171E000 \SystemRoot\System32\Drivers\Beep.SYS
0x91725000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x91744000 \SystemRoot\System32\drivers\vga.sys
0x91750000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91771000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91779000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E03000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x91EA3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91EAE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91EBC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91EC5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91EDB000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0x91EE0000 \SystemRoot\system32\DRIVERS\smb.sys
0x91EF4000 \SystemRoot\system32\drivers\afd.sys
0x91F3C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91F6E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x91F77000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91F8D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91F9B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91FAE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91FEA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91781000 \SystemRoot\System32\Drivers\dfsc.sys
0x91798000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x917AF000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x92005000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x92026000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9202F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x92045000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92052000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9205D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9B250000 \SystemRoot\System32\win32k.sys
0x92067000 \SystemRoot\System32\drivers\Dxapi.sys
0x92071000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B470000 \SystemRoot\System32\TSDDD.dll
0x9B490000 \SystemRoot\System32\cdd.dll
0x9B4A0000 \SystemRoot\System32\ATMFD.DLL
0x92080000 \SystemRoot\system32\drivers\luafv.sys
0x9209B000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x92141000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x9214B000 \SystemRoot\system32\DRIVERS\epfw.sys
0x9216D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9217D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x921A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x921B1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB0E0A000 \SystemRoot\system32\drivers\HTTP.sys
0xB0E77000 \SystemRoot\system32\drivers\spsys.sys
0xB0F27000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB0F44000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB0F5D000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB0F72000 \SystemRoot\system32\drivers\mrxdav.sys
0xB0F93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0FB2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x921C4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB2402000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB242A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB2478000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB2499000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0xB24A7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB24AB000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB24D3000 \SystemRoot\system32\drivers\peauth.sys
0xB25B1000 \SystemRoot\System32\Drivers\btcusb.sys
0xB25B9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB25C3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB25CF000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB25D7000 \SystemRoot\system32\drivers\BCM42RLY.sys
0xB25DF000 \??\C:\Users\Gartoy\AppData\Local\Temp\mbr.sys
0x77020000 \Windows\System32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
736 C:\Windows\System32\smss.exe
860 csrss.exe
904 csrss.exe
912 C:\Windows\System32\wininit.exe
952 C:\Windows\System32\services.exe
976 C:\Windows\System32\winlogon.exe
1000 C:\Windows\System32\lsass.exe
1008 C:\Windows\System32\lsm.exe
1160 C:\Windows\System32\svchost.exe
1204 C:\Program Files\Fingerprint Sensor\AtService.exe
1236 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
1588 C:\Windows\System32\audiodg.exe
1656 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\SLsvc.exe
1748 C:\Windows\System32\svchost.exe
1896 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\WLTRYSVC.EXE
124 C:\Windows\System32\wlanext.exe
196 C:\Windows\System32\BCMWLTRY.EXE
636 C:\Windows\System32\spoolsv.exe
680 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1740 C:\Windows\System32\svchost.exe
2088 C:\Windows\System32\taskeng.exe
2096 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2144 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
2156 C:\Windows\System32\alg.exe
2188 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2216 C:\Program Files\Bonjour\mDNSResponder.exe
2244 C:\Windows\System32\svchost.exe
2260 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2304 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
2428 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2488 C:\Program Files\Common Files\Motive\McciCMService.exe
2540 C:\Windows\System32\svchost.exe
2612 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2652 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
2672 C:\Windows\System32\svchost.exe
2720 C:\Windows\System32\svchost.exe
2800 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2868 C:\Windows\System32\svchost.exe
2888 C:\Windows\System32\SearchIndexer.exe
3052 C:\Windows\System32\drivers\XAudio.exe
3072 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3200 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3864 C:\Windows\System32\taskeng.exe
3988 C:\Windows\System32\dwm.exe
4012 C:\Windows\System32\taskeng.exe
4092 C:\Windows\explorer.exe
1124 C:\Program Files\Google\Update\GoogleUpdate.exe
4160 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
4168 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4176 C:\Program Files\ESET\ESET Smart Security\egui.exe
4184 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4396 C:\Windows\System32\igfxsrvc.exe
4744 C:\Windows\System32\wbem\unsecapp.exe
4776 WmiPrvSE.exe
5696 C:\Users\Gartoy\Desktop\MBRCheck.exe
5808 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5876 C:\Windows\System32\svchost.exe
5916 C:\Windows\System32\SearchProtocolHost.exe
5964 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

broni · 2010/12/30

OK, now Vista MBR looks fine.
Let's see, if we can continue with both drive installed.

Re-run TDSSKiller and Combofix. Post both logs.

garfield · 2010/12/30

2010/12/30 19:01:14.0989 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/30 19:01:14.0989
2/30 19:01:14.0989 SystemInfo:
2010/12/30 19:01:14.0989
2010/12/30 19:01:14.0989 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/30 19:01:14.0990 Product type: Workstation
2010/12/30 19:01:14.0990 ComputerName: HAPPY
2010/12/30 19:01:14.0990 UserName: Gartoy
2010/12/30 19:01:14.0990 Windows directory: C:\WINDOWS
2010/12/30 19:01:14.0990 System windows directory: C:\WINDOWS
2010/12/30 19:01:14.0990 Processor architecture: Intel x86
2010/12/30 19:01:14.0990 Number of processors: 2
2010/12/30 19:01:14.0990 Page size: 0x1000
2010/12/30 19:01:14.0990 Boot type: Normal boot
2010/12/30 19:01:16.0477 Initialize success
2010/12/30 19:01:22.0263
2010/12/30 19:01:22.0263 Scan started
2010/12/30 19:01:22.0263 Mode: Manual;
2010/12/30 19:01:22.0263
2010/12/30 19:01:23.0968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\WINDOWS\system32\drivers\acpi.sys
2010/12/30 19:01:25.0371 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\WINDOWS\system32\drivers\adp94xx.sys
2010/12/30 19:01:26.0230 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\WINDOWS\system32\drivers\adpahci.sys
2010/12/30 19:01:27.0716 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\WINDOWS\system32\drivers\adpu160m.sys
2010/12/30 19:01:28.0727 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\WINDOWS\system32\drivers\adpu320.sys
2010/12/30 19:01:29.0693 AFD (a201207363aa900abf1a388468688570) C:\WINDOWS\system32\drivers\afd.sys
2010/12/30 19:01:29.0758 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\WINDOWS\system32\drivers\agp440.sys
2010/12/30 19:01:29.0825 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\WINDOWS\system32\drivers\djsvs.sys
2010/12/30 19:01:29.0897 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\WINDOWS\system32\drivers\aliide.sys
2010/12/30 19:01:30.0807 amdagp (c47344bc706e5f0b9dce369516661578) C:\WINDOWS\system32\drivers\amdagp.sys
2010/12/30 19:01:31.0619 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\WINDOWS\system32\drivers\amdide.sys
2010/12/30 19:01:31.0689 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\WINDOWS\system32\drivers\amdk7.sys
2010/12/30 19:01:31.0758 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\WINDOWS\system32\drivers\amdk8.sys
2010/12/30 19:01:32.0736 AR5416 (a5ad500129724b412464e9aa3a8caa73) C:\WINDOWS\system32\DRIVERS\ar5416.sys
2010/12/30 19:01:33.0643 arc (5d2888182fb46632511acee92fdad522) C:\WINDOWS\system32\drivers\arc.sys
2010/12/30 19:01:34.0484 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\WINDOWS\system32\drivers\arcsas.sys
2010/12/30 19:01:35.0352 AsyncMac (53b202abee6455406254444303e87be1) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/30 19:01:36.0208 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/30 19:01:37.0090 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\WINDOWS\system32\DRIVERS\athr.sys
2010/12/30 19:01:38.0089 ATSwpWDF (53ff3096d5d9ae2a75c16703a9819965) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
2010/12/30 19:01:39.0087 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\WINDOWS\system32\drivers\BCM42RLY.sys
2010/12/30 19:01:40.0006 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\WINDOWS\system32\DRIVERS\bcmwl6.sys
2010/12/30 19:01:40.0941 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/30 19:01:41.0875 blbdrive (d4df28447741fd3d953526e33a617397) C:\WINDOWS\system32\drivers\blbdrive.sys
2010/12/30 19:01:43.0122 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/12/30 19:01:44.0208 bowser (74b442b2be1260b7588c136177ceac66) C:\WINDOWS\system32\DRIVERS\bowser.sys
2010/12/30 19:01:45.0344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\WINDOWS\system32\drivers\brfiltlo.sys
2010/12/30 19:01:46.0223 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\WINDOWS\system32\drivers\brfiltup.sys
2010/12/30 19:01:47.0072 Brserid (b304e75cff293029eddf094246747113) C:\WINDOWS\system32\drivers\brserid.sys
2010/12/30 19:01:47.0999 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\WINDOWS\system32\drivers\brserwdm.sys
2010/12/30 19:01:48.0899 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\WINDOWS\system32\drivers\brusbmdm.sys
2010/12/30 19:01:49.0775 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\WINDOWS\system32\drivers\brusbser.sys
2010/12/30 19:01:50.0666 Btcsrusb (942c602296119d758547808221c85a2c) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/12/30 19:01:51.0484 BthEnum (6d39c954799b63ba866910234cf7d726) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/30 19:01:51.0554 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\WINDOWS\system32\drivers\bthmodem.sys
2010/12/30 19:01:52.0452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/30 19:01:53.0323 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/30 19:01:54.0146 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/30 19:01:54.0206 btwaudio (489727ea3dceba3bac3215f94bfbcaa1) C:\WINDOWS\system32\drivers\btwaudio.sys
2010/12/30 19:01:55.0107 btwavdt (dead0e02e2efdb03209c9237e93a619c) C:\WINDOWS\system32\drivers\btwavdt.sys
2010/12/30 19:01:56.0000 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
2010/12/30 19:01:56.0870 btwrchid (280e088046dcac249bb08505e296db86) C:\WINDOWS\system32\DRIVERS\btwrchid.sys
2010/12/30 19:01:57.0840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\WINDOWS\system32\DRIVERS\cdfs.sys
2010/12/30 19:01:58.0715 cdrom (6b4bffb9becd728097024276430db314) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/30 19:01:59.0523 circlass (e5d4133f37219dbcfe102bc61072589d) C:\WINDOWS\system32\DRIVERS\circlass.sys
2010/12/30 19:01:59.0605 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\WINDOWS\system32\CLFS.sys
2010/12/30 19:02:00.0528 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/30 19:02:01.0335 cmdide (d36372a6ea6805efbe8884d10772313f) C:\WINDOWS\system32\drivers\cmdide.sys
2010/12/30 19:02:02.0192 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\WINDOWS\system32\drivers\CHDRT32.sys
2010/12/30 19:02:03.0086 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/30 19:02:03.0915 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\WINDOWS\system32\drivers\crcdisk.sys
2010/12/30 19:02:04.0721 Crusoe (1f07becdca750766a96cda811ba86410) C:\WINDOWS\system32\drivers\crusoe.sys
2010/12/30 19:02:05.0866 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\WINDOWS\system32\Drivers\dfsc.sys
2010/12/30 19:02:06.0935 disk (5d4aefc3386920236a548271f8f1af6a) C:\WINDOWS\system32\drivers\disk.sys
2010/12/30 19:02:07.0874 drmkaud (97fef831ab90bee128c9af390e243f80) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/30 19:02:08.0747 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\WINDOWS\System32\drivers\dxgkrnl.sys
2010/12/30 19:02:09.0664 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
2010/12/30 19:02:10.0620 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\WINDOWS\system32\DRIVERS\eamonm.sys
2010/12/30 19:02:11.0591 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\WINDOWS\system32\drivers\ecache.sys
2010/12/30 19:02:12.0474 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/30 19:02:13.0500 elxstor (23b62471681a124889978f6295b3f4c6) C:\WINDOWS\system32\drivers\elxstor.sys
2010/12/30 19:02:14.0387 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/30 19:02:15.0286 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/30 19:02:16.0157 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\WINDOWS\system32\DRIVERS\epfwwfp.sys
2010/12/30 19:02:17.0268 ErrDev (3db974f3935483555d7148663f726c61) C:\WINDOWS\system32\drivers\errdev.sys
2010/12/30 19:02:18.0233 exfat (22b408651f9123527bcee54b4f6c5cae) C:\WINDOWS\system32\drivers\exfat.sys
2010/12/30 19:02:19.0074 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\WINDOWS\system32\drivers\fastfat.sys
2010/12/30 19:02:19.0926 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/30 19:02:20.0844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\WINDOWS\system32\drivers\fileinfo.sys
2010/12/30 19:02:21.0504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\WINDOWS\system32\drivers\filetrace.sys
2010/12/30 19:02:22.0486 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/30 19:02:23.0344 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/30 19:02:24.0282 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/30 19:02:25.0125 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\WINDOWS\system32\drivers\gagp30kx.sys
2010/12/30 19:02:26.0056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/30 19:02:26.0967 GTPTSER (b7d480186f433a08ad31f19a4afea888) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2010/12/30 19:02:27.0906 GTUQBUS (ad4c38fe124cbd62ba9ccb1e4dfe7b3c) C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
2010/12/30 19:02:28.0740 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/12/30 19:02:28.0792 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/30 19:02:28.0829 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\WINDOWS\system32\drivers\hidbth.sys
2010/12/30 19:02:28.0876 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\WINDOWS\system32\DRIVERS\hidir.sys
2010/12/30 19:02:28.0931 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/30 19:02:29.0005 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\WINDOWS\system32\drivers\hpcisss.sys
2010/12/30 19:02:29.0043 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2010/12/30 19:02:29.0143 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/30 19:02:30.0058 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/30 19:02:30.0962 HTTP (f870aa3e254628ebeafe754108d664de) C:\WINDOWS\system32\drivers\HTTP.sys
2010/12/30 19:02:31.0790 i2omp (c6b032d69650985468160fc9937cf5b4) C:\WINDOWS\system32\drivers\i2omp.sys
2010/12/30 19:02:32.0685 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/30 19:02:33.0339 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\WINDOWS\system32\drivers\iastorv.sys
2010/12/30 19:02:33.0567 igfx (1396d38514c3c4b930f5d24e6c8521e6) C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
2010/12/30 19:02:34.0601 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\WINDOWS\system32\drivers\iirsp.sys
2010/12/30 19:02:35.0484 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010/12/30 19:02:35.0527 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\WINDOWS\system32\drivers\intelide.sys
2010/12/30 19:02:35.0557 intelppm (224191001e78c89dfa78924c3ea595ff) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/30 19:02:36.0463 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/30 19:02:37.0316 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\WINDOWS\system32\drivers\ipmidrv.sys
2010/12/30 19:02:37.0354 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/30 19:02:37.0437 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\WINDOWS\system32\drivers\irenum.sys
2010/12/30 19:02:37.0488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\WINDOWS\system32\drivers\isapnp.sys
2010/12/30 19:02:38.0386 iScsiPrt (232fa340531d940aac623b121a595034) C:\WINDOWS\system32\DRIVERS\msiscsi.sys
2010/12/30 19:02:39.0204 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\WINDOWS\system32\drivers\iteatapi.sys
2010/12/30 19:02:39.0265 itecir (20425664e2e196d339ca877e0387c023) C:\WINDOWS\system32\DRIVERS\itecir.sys
2010/12/30 19:02:40.0142 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\WINDOWS\system32\drivers\iteraid.sys
2010/12/30 19:02:41.0003 k57nd60x (faafa13932361d0a5a7ba5690ca4e377) C:\WINDOWS\system32\DRIVERS\k57nd60x.sys
2010/12/30 19:02:41.0849 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/30 19:02:42.0765 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/30 19:02:43.0685 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\WINDOWS\system32\Drivers\ksecdd.sys
2010/12/30 19:02:43.0835 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\WINDOWS\system32\DRIVERS\lltdio.sys
2010/12/30 19:02:44.0689 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\WINDOWS\system32\drivers\lsi_fc.sys
2010/12/30 19:02:44.0720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\WINDOWS\system32\drivers\lsi_sas.sys
2010/12/30 19:02:45.0590 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\WINDOWS\system32\drivers\lsi_scsi.sys
2010/12/30 19:02:45.0639 luafv (8f5c7426567798e62a3b3614965d62cc) C:\WINDOWS\system32\drivers\luafv.sys
2010/12/30 19:02:45.0700 ManyCam (d568ecfc11c451dc75c1e3301c78945a) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2010/12/30 19:02:46.0598 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2010/12/30 19:02:47.0611 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/30 19:02:48.0582 megasas (0001ce609d66632fa17b84705f658879) C:\WINDOWS\system32\drivers\megasas.sys
2010/12/30 19:02:49.0574 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\WINDOWS\system32\drivers\megasr.sys
2010/12/30 19:02:50.0708 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\WINDOWS\system32\drivers\modem.sys
2010/12/30 19:02:51.0624 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\WINDOWS\system32\DRIVERS\monitor.sys
2010/12/30 19:02:52.0536 mouclass (5bf6a1326a335c5298477754a506d263) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/30 19:02:53.0530 mouhid (93b8d4869e12cfbe663915502900876f) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/30 19:02:54.0438 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\WINDOWS\system32\drivers\mountmgr.sys
2010/12/30 19:02:55.0305 mpio (511d011289755dd9f9a7579fb0b064e6) C:\WINDOWS\system32\drivers\mpio.sys
2010/12/30 19:02:56.0168 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\WINDOWS\system32\drivers\mpsdrv.sys
2010/12/30 19:02:57.0095 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\WINDOWS\system32\drivers\mraid35x.sys
2010/12/30 19:02:57.0778 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/30 19:03:00.0023 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/30 19:03:00.0938 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\WINDOWS\system32\DRIVERS\WN111.sys
2010/12/30 19:03:01.0877 Mrvleap (f87d977649d2d067697a3c331794785d) C:\WINDOWS\system32\DRIVERS\mrveap32.sys
2010/12/30 19:03:02.0707 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\WINDOWS\system32\drivers\mrxdav.sys
2010/12/30 19:03:03.0371 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/30 19:03:03.0428 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
2010/12/30 19:03:03.0468 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
2010/12/30 19:03:04.0402 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\WINDOWS\system32\drivers\msahci.sys
2010/12/30 19:03:05.0264 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\WINDOWS\system32\drivers\msdsm.sys
2010/12/30 19:03:06.0318 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/30 19:03:07.0176 msisadrv (0f400e306f385c56317357d6dea56f62) C:\WINDOWS\system32\drivers\msisadrv.sys
2010/12/30 19:03:08.0127 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/30 19:03:08.0963 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/30 19:03:09.0002 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/30 19:03:09.0053 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\WINDOWS\system32\drivers\MsRPC.sys
2010/12/30 19:03:09.0099 mssmbios (e384487cb84be41d09711c30ca79646c) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/30 19:03:09.0134 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/30 19:03:09.0984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\WINDOWS\system32\Drivers\mup.sys
2010/12/30 19:03:10.0819 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\WINDOWS\system32\DRIVERS\nwifi.sys
2010/12/30 19:03:10.0891 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\WINDOWS\system32\drivers\ndis.sys
2010/12/30 19:03:11.0808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/30 19:03:12.0662 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/30 19:03:13.0444 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/30 19:03:13.0492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/30 19:03:14.0384 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/30 19:03:15.0238 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/30 19:03:16.0174 netr28u (0da6b9a40eef9f3eede12bc634facab7) C:\WINDOWS\system32\DRIVERS\netr28u.sys
2010/12/30 19:03:17.0077 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\WINDOWS\system32\DRIVERS\WUSB54GCx86.sys
2010/12/30 19:03:18.0012 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\WINDOWS\system32\DRIVERS\NETw3v32.sys
2010/12/30 19:03:18.0919 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\WINDOWS\system32\drivers\nfrd960.sys
2010/12/30 19:03:18.0987 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/30 19:03:19.0038 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\WINDOWS\system32\drivers\nsiproxy.sys
2010/12/30 19:03:19.0119 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/30 19:03:19.0192 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\WINDOWS\system32\drivers\ntrigdigi.sys
2010/12/30 19:03:20.0085 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/30 19:03:20.0903 Null (c5dbbcda07d780bda9b685df333bb41e) C:\WINDOWS\system32\drivers\Null.sys
2010/12/30 19:03:20.0952 nvraid (2edf9e7751554b42cbb60116de727101) C:\WINDOWS\system32\drivers\nvraid.sys
2010/12/30 19:03:20.0987 nvstor (abed0c09758d1d97db0042dbb2688177) C:\WINDOWS\system32\drivers\nvstor.sys
2010/12/30 19:03:21.0027 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\WINDOWS\system32\drivers\nv_agp.sys
2010/12/30 19:03:21.0890 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
2010/12/30 19:03:22.0750 OA001Vid (4075063d25af9da64101769854b83787) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
2010/12/30 19:03:23.0668 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/30 19:03:24.0600 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\WINDOWS\system32\drivers\parport.sys
2010/12/30 19:03:25.0491 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\WINDOWS\system32\drivers\partmgr.sys
2010/12/30 19:03:26.0302 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\WINDOWS\system32\drivers\parvdm.sys
2010/12/30 19:03:26.0402 pci (941dc1d19e7e8620f40bbc206981efdb) C:\WINDOWS\system32\drivers\pci.sys
2010/12/30 19:03:26.0456 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\WINDOWS\system32\drivers\pciide.sys
2010/12/30 19:03:26.0497 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\WINDOWS\system32\drivers\pcmcia.sys
2010/12/30 19:03:27.0421 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/12/30 19:03:28.0325 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\WINDOWS\system32\drivers\peauth.sys
2010/12/30 19:03:29.0321 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/30 19:03:30.0163 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2010/12/30 19:03:30.0218 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\WINDOWS\system32\drivers\processr.sys
2010/12/30 19:03:30.0313 PSched (99514faa8df93d34b5589187db3aa0ba) C:\WINDOWS\system32\DRIVERS\pacer.sys
2010/12/30 19:03:31.0203 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/30 19:03:32.0094 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\WINDOWS\system32\drivers\ql2300.sys
2010/12/30 19:03:33.0010 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\WINDOWS\system32\drivers\ql40xx.sys
2010/12/30 19:03:33.0832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\WINDOWS\system32\drivers\qwavedrv.sys
2010/12/30 19:03:33.0885 RasAcd (147d7f9c556d259924351feb0de606c3) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/30 19:03:34.0763 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/30 19:03:34.0848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/30 19:03:34.0892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\WINDOWS\system32\DRIVERS\rassstp.sys
2010/12/30 19:03:34.0942 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/30 19:03:34.0980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/30 19:03:35.0028 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\WINDOWS\system32\drivers\rdpdr.sys
2010/12/30 19:03:35.0053 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\WINDOWS\system32\drivers\rdpencdd.sys
2010/12/30 19:03:35.0117 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/30 19:03:36.0053 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/30 19:03:36.0991 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/30 19:03:37.0791 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/30 19:03:38.0652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/30 19:03:39.0347 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/30 19:03:40.0295 rkhdrv40 (237395357799c103c6ab63fe08432169) C:\WINDOWS\system32\drivers\rkhdrv40.sys
2010/12/30 19:03:41.0155 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/30 19:03:42.0011 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/30 19:03:42.0039 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/30 19:03:42.0085 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/12/30 19:03:42.0994 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\WINDOWS\system32\DRIVERS\Rtlh86.sys
2010/12/30 19:03:43.0843 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2010/12/30 19:03:44.0671 sbp2port (3ce8f073a557e172b330109436984e30) C:\WINDOWS\system32\drivers\sbp2port.sys
2010/12/30 19:03:45.0560 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/30 19:03:45.0618 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\drivers\secdrv.sys
2010/12/30 19:03:45.0681 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\WINDOWS\system32\drivers\serenum.sys
2010/12/30 19:03:45.0724 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\WINDOWS\system32\drivers\serial.sys
2010/12/30 19:03:45.0772 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\WINDOWS\system32\drivers\sermouse.sys
2010/12/30 19:03:45.0835 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/30 19:03:45.0874 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010/12/30 19:03:45.0942 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/30 19:03:46.0007 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/30 19:03:46.0060 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\WINDOWS\system32\drivers\sisagp.sys
2010/12/30 19:03:46.0091 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\WINDOWS\system32\drivers\sisraid2.sys
2010/12/30 19:03:46.0125 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\WINDOWS\system32\drivers\sisraid4.sys
2010/12/30 19:03:46.0191 Smb (7b75299a4d201d6a6533603d6914ab04) C:\WINDOWS\system32\DRIVERS\smb.sys
2010/12/30 19:03:46.0277 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/30 19:03:46.0342 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\WINDOWS\system32\drivers\spldr.sys
2010/12/30 19:03:46.0411 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/30 19:03:46.0455 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\WINDOWS\system32\DRIVERS\srv2.sys
2010/12/30 19:03:46.0489 srvnet (faa0d553a49e85008c6bb3781987c574) C:\WINDOWS\system32\DRIVERS\srvnet.sys
2010/12/30 19:03:47.0420 STHDA (2449940565c8590961b4b1e9402ea43e) C:\WINDOWS\system32\DRIVERS\stwrt.sys
2010/12/30 19:03:48.0281 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/30 19:03:49.0148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/30 19:03:50.0014 swmsflt (a184a1bab187809b144ba32509b9e731) C:\WINDOWS\System32\drivers\swmsflt.sys
2010/12/30 19:03:50.0959 Symc8xx (192aa3ac01df071b541094f251deed10) C:\WINDOWS\system32\drivers\symc8xx.sys
2010/12/30 19:03:51.0048 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\WINDOWS\system32\drivers\sym_hi.sys
2010/12/30 19:03:51.0073 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\WINDOWS\system32\drivers\sym_u3.sys
2010/12/30 19:03:51.0129 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/30 19:03:52.0502 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\drivers\tcpip.sys
2010/12/30 19:03:53.0460 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/30 19:03:54.0408 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/12/30 19:03:55.0293 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\WINDOWS\system32\drivers\tcpipreg.sys
2010/12/30 19:03:55.0331 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\WINDOWS\system32\drivers\tdpipe.sys
2010/12/30 19:03:55.0382 tdrpman (603d59923828c6c213b84b14cbf32083) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/30 19:03:55.0415 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\WINDOWS\system32\drivers\tdtcp.sys
2010/12/30 19:03:56.0282 tdx (76b06eb8a01fc8624d699e7045303e54) C:\WINDOWS\system32\DRIVERS\tdx.sys
2010/12/30 19:03:57.0104 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/30 19:03:57.0178 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/30 19:03:58.0120 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/30 19:03:59.0006 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
2010/12/30 19:03:59.0857 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/30 19:03:59.0910 tunnel (300db877ac094feab0be7688c3454a9c) C:\WINDOWS\system32\DRIVERS\tunnel.sys
2010/12/30 19:03:59.0967 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\WINDOWS\system32\drivers\uagp35.sys
2010/12/30 19:04:00.0030 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\WINDOWS\system32\DRIVERS\udfs.sys
2010/12/30 19:04:00.0103 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\WINDOWS\system32\drivers\uliagpkx.sys
2010/12/30 19:04:00.0153 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\WINDOWS\system32\drivers\uliahci.sys
2010/12/30 19:04:00.0180 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\WINDOWS\system32\drivers\ulsata.sys
2010/12/30 19:04:00.0202 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\WINDOWS\system32\drivers\ulsata2.sys
2010/12/30 19:04:00.0241 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\WINDOWS\system32\DRIVERS\umbus.sys
2010/12/30 19:04:01.0114 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/30 19:04:02.0020 usbaudio (32db9517628ff0d070682aab61e688f0) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/30 19:04:02.0863 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/30 19:04:02.0906 usbcir (e9476e6c486e76bc4898074768fb7131) C:\WINDOWS\system32\drivers\usbcir.sys
2010/12/30 19:04:02.0957 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/30 19:04:02.0998 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/30 19:04:03.0046 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\WINDOWS\system32\drivers\usbohci.sys
2010/12/30 19:04:03.0084 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\WINDOWS\system32\drivers\usbprint.sys
2010/12/30 19:04:03.0142 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/30 19:04:03.0188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/30 19:04:03.0265 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/30 19:04:04.0217 vga (87b06e1f30b749a114f74622d013f8d4) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2010/12/30 19:04:05.0026 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\WINDOWS\System32\drivers\vga.sys
2010/12/30 19:04:05.0063 viaagp (5d7159def58a800d5781ba3a879627bc) C:\WINDOWS\system32\drivers\viaagp.sys
2010/12/30 19:04:05.0120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\WINDOWS\system32\drivers\viac7.sys
2010/12/30 19:04:05.0152 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\WINDOWS\system32\drivers\viaide.sys
2010/12/30 19:04:05.0181 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\WINDOWS\system32\drivers\volmgr.sys
2010/12/30 19:04:05.0321 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\WINDOWS\system32\drivers\volmgrx.sys
2010/12/30 19:04:06.0245 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\WINDOWS\system32\drivers\volsnap.sys
2010/12/30 19:04:07.0171 vsmraid (587253e09325e6bf226b299774b728a9) C:\WINDOWS\system32\drivers\vsmraid.sys
2010/12/30 19:04:08.0050 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\WINDOWS\system32\drivers\wacompen.sys
2010/12/30 19:04:08.0899 Wanarp (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/30 19:04:08.0927 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/30 19:04:09.0805 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\WINDOWS\system32\drivers\wd.sys
2010/12/30 19:04:10.0588 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\WINDOWS\system32\drivers\Wdf01000.sys
2010/12/30 19:04:11.0492 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/30 19:04:12.0850 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/30 19:04:13.0811 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/30 19:04:14.0746 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\WINDOWS\system32\drivers\ws2ifsl.sys
2010/12/30 19:04:15.0694 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
2010/12/30 19:04:16.0682 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\WINDOWS\system32\DRIVERS\yk60x86.sys
2010/12/30 19:04:16.0945 ================================================================================
2010/12/30 19:04:16.0945 Scan finished ===========================================================

garfield · 2010/12/30

ComboFix 10-12-30.01 - Gartoy 12/30/2010 22:50:38.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3004.1776 [GMT -5:00]
Running from: c:\users\Gartoy\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-29 03:11 . 2010-12-29 03:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 00:53 . 2010-12-28 15:01 -------- d-----w- c:\users\Gartoy\DoctorWeb
2010-12-28 00:20 . 2010-12-28 00:43 -------- d-----w- c:\users\Gartoy\AppData\Local\NPE
2010-12-27 21:43 . 2010-12-27 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41 . 2010-12-29 03:09 -------- d-----w- c:\programdata\PC Tools
2010-12-27 18:51 . 2010-12-27 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-27 18:51 . 2010-12-27 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:32 . 2010-12-27 18:32 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06 . 2010-12-27 00:06 -------- d-----w- c:\users\Gartoy\AppData\Local\Adobe
2010-12-24 23:35 . 2010-12-24 23:35 -------- d-----w- c:\users\Gartoy\AppData\Local\Apple
2010-12-24 03:21 . 2010-12-24 03:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20 . 2010-12-24 03:33 -------- d-----w- c:\programdata\Hitman Pro
2010-12-22 17:55 . 2010-12-22 17:55 388096 ----a-r- c:\users\Gartoy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-22 01:27 . 2010-12-22 01:34 -------- d-----w- c:\users\Gartoy\AppData\Roaming\vlc
2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- c:\program files\VideoLAN
2010-12-16 01:07 . 2010-12-16 01:07 -------- d-----w- c:\users\Gartoy\AppData\Roaming\dvdcss
2010-12-16 00:48 . 2010-12-16 00:48 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27 . 2010-12-16 00:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:20 . 2010-12-16 00:20 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02 . 2010-12-15 16:02 -------- d-----w- c:\users\Gartoy\AppData\Roaming\webex
2010-12-15 16:00 . 2010-12-15 18:03 -------- d-----w- c:\programdata\WebEx
2010-12-15 03:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:28 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-08 20:03 . 2010-12-08 20:03 -------- d-----w- c:\programdata\gogii
2010-12-08 20:01 . 2010-12-08 20:02 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36 . 2008-02-28 07:51 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36 . 2007-03-05 05:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36 . 2008-02-28 07:51 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36 . 2008-04-17 00:50 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36 . 2008-02-28 07:51 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36 . 2008-04-17 00:49 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36 . 2008-04-17 00:49 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21 . 2010-12-06 16:21 -------- d-----w- c:\users\Gartoy\AppData\Local\HCSShell
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Avanquest North America
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Creative Home
2010-12-05 17:00 . 2010-12-05 17:00 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58 . 2010-12-05 16:53 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55 . 2010-12-01 15:55 -------- d-----w- c:\users\Gartoy\AppData\Roaming\GameMill Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-01-15 22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-15 22:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-19 15:41 . 2009-10-04 06:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN121T Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\NETGEAR WN121T Smart Wizard\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Birthday reminder check.lnk]
backup=c:\windows\pss\Birthday reminder check.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 22:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-13 18:17 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-10-13 06:37 41864 ----a-w- c:\program files\Camfrog\Camfrog Video Chat1\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-08-15 13:39 50592 ----a-w- c:\users\Gartoy\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 00:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-04-14 16:58 524944 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-30 15:32 175128 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-30 15:32 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 17:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 17:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 19:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-04-15 05:01 32768 ----a-w- c:\windows\OA001Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-30 15:32 166936 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RNmail]
2004-10-23 00:26 540734 ----a-w- c:\program files\RNmail\rn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-19 04:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-10 121416]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-10 125512]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [2007-10-29 310016]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-09-11 15360]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RGService;RGService;c:\program files\RadioGet\RGService.exe [2009-10-30 335872]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe [2008-02-28 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-17 1807608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-17 659328]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-29 c:\windows\Tasks\HPCeeScheduleForGartoy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-12-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-03 16:21]

2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 23:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-30 23:07:40
ComboFix-quarantined-files.txt 2010-12-31 04:07
ComboFix2.txt 2010-12-30 01:36
ComboFix3.txt 2010-12-30 00:22
ComboFix4.txt 2010-12-29 22:47
ComboFix5.txt 2010-12-31 03:47

Pre-Run: 243,666,628,608 bytes free
Post-Run: 242,569,912,320 bytes free

- - End Of File - - B3609E6E2D127616ADFE08CE153F2CF4

broni · 2010/12/30

It looks, like we did it
Both logs look clean.

Did Eset stop complaining?

How is computer doing overall?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

garfield · 2010/12/31

OTL logfile created on: 12/31/2010 6:38:58 AM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Gartoy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 399.93 Gb Total Space | 221.39 Gb Free Space | 55.36% Space Free | Partition Type: NTFS
Drive D: | 17.00 Gb Total Space | 7.84 Gb Free Space | 46.14% Space Free | Partition Type: NTFS
Drive E: | 288.01 Gb Total Space | 263.97 Gb Free Space | 91.65% Space Free | Partition Type: NTFS
Drive F: | 10.00 Gb Total Space | 3.44 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
Drive G: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 243.88 Mb Total Space | 207.34 Mb Free Space | 85.02% Space Free | Partition Type: FAT

Computer Name: HAPPY | User Name: Gartoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/31 06:35:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/11/04 17:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/16 22:53:32 | 001,807,608 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/05/12 17:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/05/12 17:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/04/16 19:55:00 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
PRC - [2008/02/28 02:51:00 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
PRC - [2007/09/14 03:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 01:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

========== Modules (SafeList) ==========

MOD - [2010/12/31 06:35:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/10 17:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/03/10 17:10:46 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2010/02/11 18:56:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/30 10:09:14 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\RadioGet\RGService.exe -- (RGService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/16 22:53:32 | 001,807,608 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 17:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/27 06:49:06 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
SRV - [2008/04/16 19:55:00 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe -- (STacSV)
SRV - [2008/02/28 02:51:00 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/14 03:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 01:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Gartoy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/30 10:08:36 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/08/04 10:45:23 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/04 10:45:23 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/08/04 10:42:04 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/04 10:42:01 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/07/29 12:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/07/29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 12:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/07/29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/05/25 16:16:33 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/05/25 16:16:33 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/03/10 17:02:30 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/03/10 17:00:10 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/03/08 09:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/10/30 10:14:54 | 006,226,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/08/17 14:34:16 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/10 04:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/07 00:36:40 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/10 11:26:22 | 001,072,256 | ---- | M] (WildPackets, Inc. and Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ar5416.sys -- (AR5416)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/03 07:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/11/12 20:23:42 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/11/12 20:23:40 | 000,109,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/11/12 20:23:36 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/10/23 05:05:13 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 05:05:13 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 05:05:13 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/10/13 13:17:34 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/13 13:17:20 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/09/19 20:43:50 | 000,061,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/25 14:41:10 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/16 19:58:00 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/12/14 05:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/28 19:21:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/11 02:23:46 | 000,015,360 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrveap32.sys -- (Mrvleap)
DRV - [2007/09/04 13:20:28 | 000,025,736 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/08/23 07:29:42 | 000,037,120 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2007/08/23 07:29:42 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 07:17:16 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/12 09:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2004/01/07 16:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB20XP.sys -- (PRISM_A02)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/12/13 15:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/12/13 15:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/04/01 10:02:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/26 18:50:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/29 20:26:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&RN_Object) - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra 'Tools' menuitem : Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://wildpackets.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Gartoy\Pictures\3711744955_d38a81b491.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gartoy\Pictures\3711744955_d38a81b491.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/31 06:35:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTL.exe
[2010/12/30 23:08:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/30 22:45:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/30 17:21:45 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/12/30 10:21:50 | 000,019,248 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspsc32.sys
[2010/12/30 10:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\RootKit Hook Analyzer
[2010/12/29 23:02:07 | 000,000,000 | ---D | C] -- C:\RkUnhooker
[2010/12/29 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\Desktop\logs file
[2010/12/29 21:25:24 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\Desktop\mydesktop
[2010/12/29 20:22:29 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\temp
[2010/12/28 22:47:15 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\Desktop\NTBR_CD
[2010/12/28 17:22:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\TFC.exe
[2010/12/28 11:01:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/28 11:01:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/28 11:01:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/27 22:34:44 | 004,815,320 | ---- | C] (Curio Lab) -- C:\Users\Gartoy\Desktop\ExterminateItSetup.exe
[2010/12/27 22:20:08 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\Gartoy\Desktop\bootwizard.exe
[2010/12/27 19:53:07 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\DoctorWeb
[2010/12/27 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\NPE
[2010/12/27 19:20:19 | 006,080,440 | ---- | C] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\NPE.exe
[2010/12/27 17:21:08 | 000,669,080 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Gartoy\Desktop\SpyHunter-Installer.exe
[2010/12/27 17:01:31 | 036,317,320 | ---- | C] (PC Tools ) -- C:\Users\Gartoy\Desktop\sdsetup.exe
[2010/12/27 16:43:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/12/27 16:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/12/27 13:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/27 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/27 13:35:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gartoy\Desktop\spybotsd162.exe
[2010/12/27 13:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/26 19:06:27 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\Adobe
[2010/12/26 18:52:30 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Roaming\ESET
[2010/12/24 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\Apple
[2010/12/24 08:53:48 | 001,931,184 | ---- | C] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\FixTDSS.exe
[2010/12/23 22:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/23 22:01:21 | 006,347,584 | ---- | C] (SurfRight B.V.) -- C:\Users\Gartoy\Desktop\HitmanPro35.exe
[2010/12/23 21:16:34 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTC.exe
[2010/12/23 20:01:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/23 20:00:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/21 20:27:57 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Roaming\vlc
[2010/12/21 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gartoy\Desktop\TDSSKiller.exe
[2010/12/15 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Roaming\dvdcss
[2010/12/15 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\Documents\Freemake
[2010/12/15 19:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2010/12/15 19:27:24 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/12/15 19:27:24 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/12/15 19:27:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/12/15 19:27:23 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/12/15 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/12/15 19:22:34 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/12/15 19:22:34 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/12/15 19:22:34 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/12/15 19:22:33 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/12/15 19:22:33 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/12/15 19:22:32 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/12/15 19:22:32 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/12/15 19:22:30 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/12/15 19:22:29 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/12/15 19:22:28 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/12/15 19:22:28 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/12/15 19:22:27 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/12/15 19:22:27 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/12/15 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/12/15 19:19:14 | 029,776,682 | ---- | C] (eRightSoft ) -- C:\Users\Gartoy\Desktop\SUPERsetup.exe
[2010/12/15 11:02:47 | 000,000,000 | -HSD | C] -- C:\Users\Gartoy\Documents\cache
[2010/12/15 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Roaming\webex
[2010/12/15 11:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2010/12/14 21:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDx
[2010/12/08 15:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\gogii
[2010/12/08 15:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Twisted - A Haunted Carol
[2010/12/07 10:36:15 | 002,469,888 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/12/07 10:36:14 | 000,512,000 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtmini1.exe
[2010/12/07 10:36:11 | 005,550,145 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtcpl.cpl
[2010/12/06 11:21:14 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\HCSShell
[2010/12/05 20:26:55 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\Avanquest North America
[2010/12/05 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Local\Creative Home
[2010/12/05 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2010/12/05 11:58:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis1.exe
[2010/12/01 10:55:16 | 000,000,000 | ---D | C] -- C:\Users\Gartoy\AppData\Roaming\GameMill Entertainment
[2009/10/30 09:13:36 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

garfield · 2010/12/31

========== Files - Modified Within 30 Days ==========

[2010/12/31 06:42:42 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
[2010/12/31 06:35:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTL.exe
[2010/12/31 06:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 05:20:22 | 000,004,912 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/31 05:20:21 | 000,004,912 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 23:26:17 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/12/30 23:26:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 23:25:41 | 000,604,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/30 23:25:41 | 000,104,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/30 23:20:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/30 23:19:52 | 3150,856,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 23:14:44 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/12/30 22:45:37 | 004,011,777 | R--- | M] () -- C:\Users\Gartoy\Desktop\ComboFix.exe
[2010/12/30 18:16:28 | 002,565,432 | ---- | M] () -- C:\Users\Gartoy\Desktop\NTBR_CD.exe
[2010/12/30 10:08:36 | 000,024,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\rkhdrv40.sys
[2010/12/29 23:17:16 | 000,158,300 | ---- | M] () -- C:\Users\Gartoy\Desktop\RkU37300505.zip
[2010/12/29 20:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/28 22:11:22 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/12/28 21:52:00 | 000,039,605 | ---- | M] () -- C:\Users\Gartoy\Desktop\bootkit_remover.rar
[2010/12/28 21:07:39 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForGartoy.job
[2010/12/28 17:22:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\TFC.exe
[2010/12/28 16:43:46 | 000,624,640 | ---- | M] () -- C:\Users\Gartoy\Desktop\dds.pif
[2010/12/28 16:41:15 | 000,296,448 | ---- | M] () -- C:\Users\Gartoy\Desktop\lr0zynwv.exe
[2010/12/28 14:21:52 | 301,943,494 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/12/28 14:17:49 | 000,080,384 | ---- | M] () -- C:\Users\Gartoy\Desktop\MBRCheck.exe
[2010/12/27 22:39:51 | 000,089,088 | ---- | M] () -- C:\Users\Gartoy\Desktop\mbr.exe
[2010/12/27 22:34:53 | 004,815,320 | ---- | M] (Curio Lab) -- C:\Users\Gartoy\Desktop\ExterminateItSetup.exe
[2010/12/27 22:20:29 | 003,313,664 | ---- | M] (Avira GmbH) -- C:\Users\Gartoy\Desktop\bootwizard.exe
[2010/12/27 19:44:19 | 000,427,606 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/12/27 19:44:19 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.smr
[2010/12/27 19:26:23 | 053,865,144 | ---- | M] () -- C:\Users\Gartoy\Desktop\launch.exe
[2010/12/27 19:20:34 | 006,080,440 | ---- | M] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\NPE.exe
[2010/12/27 17:21:12 | 000,669,080 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Gartoy\Desktop\SpyHunter-Installer.exe
[2010/12/27 17:01:32 | 036,317,320 | ---- | M] (PC Tools ) -- C:\Users\Gartoy\Desktop\sdsetup.exe
[2010/12/27 16:58:45 | 002,158,690 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/27 13:51:16 | 000,001,112 | ---- | M] () -- C:\Users\Gartoy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/27 13:51:16 | 000,001,088 | ---- | M] () -- C:\Users\Gartoy\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:35:33 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gartoy\Desktop\spybotsd162.exe
[2010/12/27 13:32:03 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 20:47:07 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/12/24 08:54:05 | 001,931,184 | ---- | M] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\FixTDSS.exe
[2010/12/23 22:37:01 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/23 22:33:36 | 000,000,704 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/12/23 22:20:31 | 006,347,584 | ---- | M] (SurfRight B.V.) -- C:\Users\Gartoy\Desktop\HitmanPro35.exe
[2010/12/23 21:16:38 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTC.exe
[2010/12/23 20:45:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101227-143201.backup
[2010/12/22 12:55:21 | 000,001,964 | ---- | M] () -- C:\Users\Gartoy\Desktop\HiJackThis.lnk
[2010/12/22 12:53:34 | 001,402,880 | ---- | M] () -- C:\Users\Gartoy\Desktop\HiJackThis.msi
[2010/12/21 20:16:32 | 000,009,216 | ---- | M] () -- C:\Users\Gartoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 08:25:26 | 000,526,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 16:31:09 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gartoy\Desktop\TDSSKiller.exe
[2010/12/15 21:23:48 | 000,000,304 | ---- | M] () -- C:\WINDOWS\pagebreeze.ini
[2010/12/15 21:18:08 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2010/12/15 19:22:40 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010/12/15 19:19:18 | 029,776,682 | ---- | M] (eRightSoft ) -- C:\Users\Gartoy\Desktop\SUPERsetup.exe
[2010/12/05 11:53:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis1.exe
[2010/12/05 10:34:43 | 000,002,616 | ---- | M] () -- C:\Users\Gartoy\AppData\Roaming\BB88.FCD

========== Files Created - No Company Name ==========

[2010/12/30 10:24:13 | 3150,856,192 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/29 23:03:34 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\rkhdrv40.sys
[2010/12/29 23:00:45 | 000,158,300 | ---- | C] () -- C:\Users\Gartoy\Desktop\RkU37300505.zip
[2010/12/28 22:44:19 | 002,565,432 | ---- | C] () -- C:\Users\Gartoy\Desktop\NTBR_CD.exe
[2010/12/28 22:11:19 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/12/28 21:51:49 | 000,039,605 | ---- | C] () -- C:\Users\Gartoy\Desktop\bootkit_remover.rar
[2010/12/28 16:43:31 | 000,624,640 | ---- | C] () -- C:\Users\Gartoy\Desktop\dds.pif
[2010/12/28 16:41:02 | 000,296,448 | ---- | C] () -- C:\Users\Gartoy\Desktop\lr0zynwv.exe
[2010/12/28 14:17:48 | 000,080,384 | ---- | C] () -- C:\Users\Gartoy\Desktop\MBRCheck.exe
[2010/12/28 11:01:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/28 11:01:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/28 11:01:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/28 11:01:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/28 11:01:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/27 22:39:36 | 000,089,088 | ---- | C] () -- C:\Users\Gartoy\Desktop\mbr.exe
[2010/12/27 19:26:23 | 053,865,144 | ---- | C] () -- C:\Users\Gartoy\Desktop\launch.exe
[2010/12/27 16:57:38 | 002,158,690 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/27 13:51:16 | 000,001,112 | ---- | C] () -- C:\Users\Gartoy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/27 13:51:16 | 000,001,088 | ---- | C] () -- C:\Users\Gartoy\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:32:03 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 20:47:07 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/12/24 08:26:37 | 004,011,777 | R--- | C] () -- C:\Users\Gartoy\Desktop\ComboFix.exe
[2010/12/23 22:33:36 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/12/23 22:21:23 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/22 12:55:21 | 000,001,964 | ---- | C] () -- C:\Users\Gartoy\Desktop\HiJackThis.lnk
[2010/12/22 12:53:19 | 001,402,880 | ---- | C] () -- C:\Users\Gartoy\Desktop\HiJackThis.msi
[2010/12/17 16:31:09 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2010/12/15 19:22:40 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010/12/15 19:22:33 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/12/15 19:22:33 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/12/15 19:22:32 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/12/15 19:22:29 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/12/15 19:22:28 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/12/15 19:22:27 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/12/15 19:22:26 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/12/15 19:22:26 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/12/05 10:05:23 | 000,002,616 | ---- | C] () -- C:\Users\Gartoy\AppData\Roaming\BB88.FCD
[2010/12/04 23:45:50 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
[2010/07/02 00:52:57 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AA932C3B9B.sys
[2010/07/02 00:52:54 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/23 17:56:31 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll
[2010/03/02 13:55:36 | 000,000,049 | -H-- | C] () -- C:\Users\Gartoy\AppData\Roaming\MaxBulk registration.ini
[2010/02/11 15:02:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2010/01/14 14:26:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer
[2010/01/14 14:26:32 | 000,000,268 | RH-- | C] () -- C:\Users\Gartoy\AppData\Roaming\Image Capture
[2010/01/14 14:26:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/01/01 15:03:19 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/24 22:54:55 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/20 11:30:41 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\EhStorAuthn.dll
[2009/11/19 15:01:11 | 000,002,434 | ---- | C] () -- C:\Users\Gartoy\AppData\Roaming\SAS7_000.DAT
[2009/11/13 01:23:57 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/10/30 09:06:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2009/10/30 09:06:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2009/10/13 14:37:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1576.dll
[2009/10/13 14:33:52 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\bcmwlrmt.dll
[2009/09/09 15:52:22 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/09/06 01:36:19 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/09/02 12:06:01 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/02 09:29:39 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/06/30 11:44:29 | 000,002,488 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/05/27 22:38:19 | 000,007,324 | ---- | C] () -- C:\Users\Gartoy\AppData\Local\d3d9caps.dat
[2009/05/26 23:56:21 | 000,000,080 | ---- | C] () -- C:\WINDOWS\mapforms.ini
[2009/05/26 22:57:22 | 000,000,108 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009/05/26 22:30:06 | 000,000,020 | -H-- | C] () -- C:\Users\Gartoy\AppData\Roaming\mpdt294
[2009/05/26 22:29:56 | 000,000,213 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2009/05/26 18:57:01 | 000,000,304 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2009/05/26 18:57:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2009/04/10 09:51:49 | 001,228,854 | ---- | C] () -- C:\ProgramData\OrbError.bmp
[2009/04/07 05:32:10 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009/03/10 15:08:37 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/03/10 02:36:37 | 000,009,216 | ---- | C] () -- C:\Users\Gartoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 16:36:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/03 17:04:10 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/03 17:04:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/03 17:03:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/03 17:02:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/03 17:01:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/03 17:00:52 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/03 15:21:15 | 000,000,000 | ---- | C] () -- C:\Users\Gartoy\AppData\Local\QSwitch.txt
[2009/03/03 15:21:15 | 000,000,000 | ---- | C] () -- C:\Users\Gartoy\AppData\Local\DSwitch.txt
[2009/03/03 15:21:15 | 000,000,000 | ---- | C] () -- C:\Users\Gartoy\AppData\Local\AtStart.txt
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/23 05:50:32 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:46:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:44:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:43:42 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1518.dll
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\HdmiCoin.dll
[2007/10/26 15:05:04 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007/09/04 13:20:28 | 000,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/04/25 07:33:53 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2007/03/22 07:17:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\ManyCam.sys
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\WINDOWS\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\WINDOWS\System32\WdfCoInstaller01000.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/09/06 01:39:44 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\acccore
[2010/10/13 13:47:15 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Artifex Mundi
[2010/04/21 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\AT&T
[2010/09/06 09:02:58 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Bicyclestudios
[2010/01/29 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Big Fish Games
[2010/12/29 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\BitComet
[2010/02/23 19:43:40 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Boomzap
[2009/05/26 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\BoutellDotCom
[2010/04/21 09:39:00 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Bytemobile
[2010/07/01 23:06:23 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Camfrog
[2010/07/13 08:26:43 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Cerberus
[2010/03/08 16:22:04 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\ChaYoWo Games
[2010/07/15 00:34:06 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\C__Users_Gartoy_AppData_Local_Temp_wz66f9_SuperMp3Download-4.5.8.2_Crack_SuperMP3Download.exe
[2009/11/16 14:52:36 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\DigitalPersona
[2010/09/29 12:15:06 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Dragon Altar Games
[2010/11/21 20:10:58 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\EleFun Games
[2010/10/19 19:51:24 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Elephant Games
[2010/01/02 14:01:19 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\eMusic
[2010/01/29 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\ERS G-Studio
[2010/11/01 20:13:08 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\ERS Game Studios
[2010/12/26 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\ESET
[2009/12/18 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Fabulous Finds
[2009/12/12 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Flood Light Games
[2010/10/02 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Floodlight Games
[2009/05/26 22:58:35 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\FrmHTMLImageMapper
[2009/12/18 13:32:05 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\funkitron
[2009/12/29 21:38:40 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Gaijin Ent
[2010/12/01 10:55:16 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\GameMill Entertainment
[2010/01/09 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\GARMIN
[2010/02/15 14:15:22 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Gestalt Games
[2009/05/26 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\GetRightToGo
[2010/12/08 15:03:40 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Gogii
[2010/01/29 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Green Clover Games
[2009/07/01 10:51:17 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Image Zone Express
[2009/11/13 01:23:49 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\iolo
[2010/08/04 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Leadertech
[2009/12/17 13:35:33 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Ludia
[2010/11/11 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\MA2
[2010/03/02 13:54:57 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Maxprog
[2010/09/16 21:31:00 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\mjusbsp
[2010/10/17 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\MP3Rocket
[2010/01/14 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Nikon
[2009/11/19 14:53:18 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Nuance
[2010/02/10 17:35:00 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Orneon
[2010/07/16 23:41:37 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Paltalk
[2010/01/29 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\PlayFirst
[2010/11/28 12:57:08 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\PlayPond
[2009/12/27 22:38:29 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Playrix Entertainment
[2009/06/30 12:10:20 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Printer Info Cache
[2009/09/06 01:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\QQ Games Plugin
[2010/02/27 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\RobinsonCrusoe
[2009/12/12 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\SanDisk
[2010/04/12 20:05:56 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Sierra Wireless
[2010/08/03 11:01:13 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\SmartDraw
[2009/05/27 00:07:02 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Softplicity
[2010/08/03 08:36:17 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Software Informer
[2010/09/28 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Specialbit
[2010/03/01 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\SpinTop
[2009/12/30 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\SpinTop Games
[2010/07/15 00:37:54 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\SuperMP3Download
[2010/02/09 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\TheFixerUpper
[2010/11/02 20:48:47 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Thinstall
[2010/03/01 20:42:03 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\TitanicMystery
[2010/01/22 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Ubisoft
[2010/07/02 00:50:07 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Ulead Systems
[2010/06/23 12:40:53 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Uniblue
[2010/01/27 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Valusoft
[2010/02/19 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Virtual Prophecy
[2010/12/15 11:02:51 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\webex
[2009/12/12 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\WildTangent
[2009/09/10 14:23:14 | 000,000,000 | ---D | M] -- C:\Users\Gartoy\AppData\Roaming\Zhorn Birthday Reminder
[2010/12/30 23:14:44 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/30 23:26:17 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
[2010/12/31 06:42:42 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/03/05 16:10:55 | 000,004,096 | ---- | M] () -- C:\._.Trashes
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/12/30 17:21:45 | 000,000,892 | ---- | M] () -- C:\avenger.txt
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/12/30 23:07:40 | 000,024,416 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/08 15:52:09 | 001,683,456 | ---- | M] () -- C:\DX6340110.exe
[2010/12/30 23:19:52 | 3150,856,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 13:19:56 | 000,014,799 | ---- | M] () -- C:\hijackthis.log
[2010/12/05 11:53:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis1.exe
[2010/12/17 16:31:09 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2009/05/26 17:25:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/06 01:39:20 | 000,000,790 | -H-- | M] () -- C:\IPH.PH
[2009/05/26 17:25:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/30 23:19:49 | 3464,470,528 | -HS- | M] () -- C:\pagefile.sys
[2010/12/24 09:14:10 | 000,074,120 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_24.12.2010_09.08.42_log.txt
[2010/12/27 16:55:49 | 000,151,210 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_27.12.2010_16.37.43_log.txt
[2010/12/27 17:46:01 | 000,004,704 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_27.12.2010_17.45.26_log.txt
[2010/12/27 19:50:07 | 000,003,220 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_27.12.2010_19.49.58_log.txt
[2010/12/28 12:09:36 | 000,003,626 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_28.12.2010_12.09.14_log.txt
[2010/12/28 14:14:36 | 000,003,626 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_28.12.2010_14.14.10_log.txt
[2010/12/28 21:33:01 | 000,074,816 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_28.12.2010_21.16.51_log.txt
[2010/12/29 21:10:34 | 000,070,020 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_29.12.2010_21.03.15_log.txt
[2010/12/29 21:21:11 | 000,003,626 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_29.12.2010_21.20.18_log.txt
[2010/12/30 22:42:31 | 000,069,444 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_30.12.2010_19.01.14_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2009/11/21 17:49:35 | 000,037,665 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/07 05:32:08 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.DLL
[2008/07/24 11:09:54 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp58a.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/16 14:46:28 | 000,000,574 | -HS- | M] () -- C:\Users\Gartoy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/23 21:15:58 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Gartoy\Desktop\ATF-Cleaner.exe
[2008/05/30 23:09:46 | 000,731,136 | ---- | M] () -- C:\Users\Gartoy\Desktop\avenger.exe
[2010/12/27 22:20:29 | 003,313,664 | ---- | M] (Avira GmbH) -- C:\Users\Gartoy\Desktop\bootwizard.exe
[2010/12/30 22:45:37 | 004,011,777 | R--- | M] () -- C:\Users\Gartoy\Desktop\ComboFix.exe
[2010/12/27 22:34:53 | 004,815,320 | ---- | M] (Curio Lab) -- C:\Users\Gartoy\Desktop\ExterminateItSetup.exe
[2010/12/24 08:54:05 | 001,931,184 | ---- | M] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\FixTDSS.exe
[2010/12/23 22:20:31 | 006,347,584 | ---- | M] (SurfRight B.V.) -- C:\Users\Gartoy\Desktop\HitmanPro35.exe
[2010/12/27 19:26:23 | 053,865,144 | ---- | M] () -- C:\Users\Gartoy\Desktop\launch.exe
[2010/12/28 16:41:15 | 000,296,448 | ---- | M] () -- C:\Users\Gartoy\Desktop\lr0zynwv.exe
[2010/12/27 22:39:51 | 000,089,088 | ---- | M] () -- C:\Users\Gartoy\Desktop\mbr.exe
[2010/12/28 14:17:49 | 000,080,384 | ---- | M] () -- C:\Users\Gartoy\Desktop\MBRCheck.exe
[2010/12/27 19:20:34 | 006,080,440 | ---- | M] (Symantec Corporation) -- C:\Users\Gartoy\Desktop\NPE.exe
[2010/12/30 18:16:28 | 002,565,432 | ---- | M] () -- C:\Users\Gartoy\Desktop\NTBR_CD.exe
[2010/12/23 21:16:38 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTC.exe
[2010/12/31 06:35:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\OTL.exe
[2010/09/01 15:33:48 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Gartoy\Desktop\remover.exe
[2010/12/27 17:01:32 | 036,317,320 | ---- | M] (PC Tools ) -- C:\Users\Gartoy\Desktop\sdsetup.exe
[2010/12/27 13:35:33 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gartoy\Desktop\spybotsd162.exe
[2010/12/27 17:21:12 | 000,669,080 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Gartoy\Desktop\SpyHunter-Installer.exe
[2010/12/15 19:19:18 | 029,776,682 | ---- | M] (eRightSoft ) -- C:\Users\Gartoy\Desktop\SUPERsetup.exe
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gartoy\Desktop\TDSSKiller.exe
[2010/12/28 17:22:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gartoy\Desktop\TFC.exe
[2010/12/27 22:53:59 | 012,468,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Gartoy\Desktop\windows-kb890830-v3.14.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/01 10:03:11 | 000,000,402 | -HS- | M] () -- C:\Users\Gartoy\Favorites\desktop.ini
[2010/12/30 18:14:18 | 000,000,903 | ---- | M] () -- C:\Users\Gartoy\Favorites\Shortcut to TileGem_001.exe.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2007/10/26 15:05:04 | 000,000,022 | ---- | M] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2010/07/02 01:30:44 | 000,000,088 | RHS- | M] () -- C:\ProgramData\AA932C3B9B.sys
[2009/08/18 20:33:33 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/12/15 13:03:52 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2010/03/17 12:00:15 | 000,002,488 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/01/14 14:26:32 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Importer
[2010/07/02 09:36:31 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/04/16 19:14:23 | 001,228,854 | ---- | M] () -- C:\ProgramData\OrbError.bmp
[2009/03/03 17:04:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/10/23 05:50:48 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/03 17:02:42 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/10/23 05:46:04 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/03 17:01:28 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/03 17:03:40 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/10/23 05:44:36 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/23 05:50:23 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/03 17:04:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
PC Image Editor Uninstaller.exe
Pos HTML Image Mapper Uninstaller.exe
TopMail Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:5D351BC6
@Alternate Data Stream - 64 bytes -> C:\Users\Gartoy\Documents\Hallmark Ecard.avi:TOC.WMV
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TempE875C30
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:5AE33054
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B30D9A49
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:26A148EB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:F35A93AD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:C213B3C4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:4D71580D

< End of report >

garfield · 2010/12/31

OTL Extras logfile created on: 12/31/2010 6:38:58 AM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Gartoy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 399.93 Gb Total Space | 221.39 Gb Free Space | 55.36% Space Free | Partition Type: NTFS
Drive D: | 17.00 Gb Total Space | 7.84 Gb Free Space | 46.14% Space Free | Partition Type: NTFS
Drive E: | 288.01 Gb Total Space | 263.97 Gb Free Space | 91.65% Space Free | Partition Type: NTFS
Drive F: | 10.00 Gb Total Space | 3.44 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
Drive G: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 243.88 Mb Total Space | 207.34 Mb Free Space | 85.02% Space Free | Partition Type: FAT

Computer Name: HAPPY | User Name: Gartoy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020ADA59-1AAE-489F-A3DC-91BA7C6B6C67}" = lport=19439 | protocol=6 | dir=in | name=bitcomet 19439 tcp |
"{0779DA59-8A84-43A5-A938-13C88ABE9004}" = lport=15579 | protocol=6 | dir=in | name=bitcomet 15579 tcp |
"{09B73630-867D-4176-957E-77140D667B50}" = lport=25317 | protocol=17 | dir=in | name=bitcomet 25317 udp |
"{0DEC20EE-5538-4938-A83F-34F00947A2EB}" = lport=7494 | protocol=17 | dir=in | name=bitcomet 7494 udp |
"{123EE731-5080-4EB1-9923-9BC2F7469D34}" = lport=22160 | protocol=17 | dir=in | name=bitcomet 22160 udp |
"{12A6D916-BBCA-4336-A3BD-03BFFF295F07}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{13874990-30C9-4761-8FD8-365A8460FAF8}" = lport=10216 | protocol=6 | dir=in | name=bitcomet 10216 tcp |
"{15BA2EA0-E43A-41DA-A93F-9E7154DED395}" = lport=17670 | protocol=17 | dir=in | name=bitcomet 17670 udp |
"{2107BEA5-C4E4-4F62-B741-4CEDD3CE9B53}" = lport=13005 | protocol=17 | dir=in | name=bitcomet 13005 udp |
"{221D2368-8A40-4A73-9170-AAAEB7B24670}" = lport=17670 | protocol=6 | dir=in | name=bitcomet 17670 tcp |
"{24028991-33E3-4020-B8AC-D17F99F73EE5}" = lport=9971 | protocol=17 | dir=in | name=bitcomet 9971 udp |
"{2D27D041-FF3D-4AA7-A3C7-E33CE68E018E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3528F39A-523F-42C6-A044-BF5ABA861B68}" = lport=9971 | protocol=6 | dir=in | name=bitcomet 9971 tcp |
"{3667AEBC-2EBA-43CA-8DBE-292D09E99E1A}" = lport=27051 | protocol=17 | dir=in | name=bitcomet 27051 udp |
"{36EE2598-BEF9-4A76-A514-9C9A9807F31A}" = lport=21805 | protocol=6 | dir=in | name=bitcomet 21805 tcp |
"{3998EBB3-3E45-4824-8B81-4172764BF0C3}" = lport=11725 | protocol=17 | dir=in | name=bitcomet 11725 udp |
"{3C40F304-24D2-43B5-9FD4-481619591C21}" = lport=7462 | protocol=6 | dir=in | name=bitcomet 7462 tcp |
"{3DC94CBC-5338-4737-A69D-CBBA93C08C4D}" = lport=15338 | protocol=6 | dir=in | name=bitcomet 15338 tcp |
"{3EC14340-C4C7-454B-984E-A4CB30C31EA9}" = lport=22739 | protocol=17 | dir=in | name=bitcomet 22739 udp |
"{4347AC43-A6A2-4FD4-A18C-3E587BF80BB3}" = lport=23923 | protocol=6 | dir=in | name=bitcomet 23923 tcp |
"{43B09E7C-656F-4974-89B4-8E9BEE917BB2}" = lport=7462 | protocol=17 | dir=in | name=bitcomet 7462 udp |
"{472567A6-269E-4974-B0C2-1F12A56BA3A0}" = lport=14636 | protocol=17 | dir=in | name=bitcomet 14636 udp |
"{4B19B0AA-7175-417C-8B33-E0EEDF17A6DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{51C354E3-FF00-4D3C-B131-1D60F9CEEBE1}" = rport=445 | protocol=6 | dir=out | app=system |
"{565A61FA-15B6-47C1-9C61-9BCB47BBEA35}" = lport=9946 | protocol=17 | dir=in | name=bitcomet 9946 udp |
"{5A31F479-C786-40EA-ACED-65626357235B}" = lport=23067 | protocol=17 | dir=in | name=bitcomet 23067 udp |
"{5EE5D46D-9968-414E-8EC8-354895DCEA0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{614CC1E9-1D42-4856-9734-850FB779CC45}" = lport=10508 | protocol=6 | dir=in | name=bitcomet 10508 tcp |
"{623BB5DC-E3E8-4122-834E-AF7E01EB274D}" = lport=445 | protocol=6 | dir=in | app=system |
"{64A694E4-96CB-4688-A095-4CC6A079B2B7}" = lport=25317 | protocol=6 | dir=in | name=bitcomet 25317 tcp |
"{6975CFD3-5764-4862-B4FB-2C58F316D26A}" = lport=14636 | protocol=6 | dir=in | name=bitcomet 14636 tcp |
"{6EE3B8EB-6A5E-415C-B005-1D5E6D8E22A4}" = lport=15579 | protocol=17 | dir=in | name=bitcomet 15579 udp |
"{72BAFD44-8D44-4B2B-8667-29CB043C7F7E}" = lport=22739 | protocol=6 | dir=in | name=bitcomet 22739 tcp |
"{73CEF528-9C68-41AC-9BBE-55A7A499BBA4}" = lport=21309 | protocol=17 | dir=in | name=bitcomet 21309 udp |
"{7641BFD9-75F0-4440-ADEF-7C0F7B107D48}" = lport=16361 | protocol=17 | dir=in | name=bitcomet 16361 udp |
"{7A7CA724-9691-4287-ABC5-32779436EA8C}" = lport=23923 | protocol=17 | dir=in | name=bitcomet 23923 udp |
"{7C810521-A921-4785-AED6-2EAD33FE58C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80D2479A-CBAF-4DAF-A08D-68C9D7071D66}" = lport=23067 | protocol=6 | dir=in | name=bitcomet 23067 tcp |
"{826C9309-A309-45A4-88B5-EFFBC26DE9D2}" = lport=27051 | protocol=6 | dir=in | name=bitcomet 27051 tcp |
"{84725950-76F2-4559-B0C1-F71DD9040355}" = lport=19608 | protocol=6 | dir=in | name=bitcomet 19608 tcp |
"{8661AFF3-23A2-4F0D-9F63-900F0E7C0955}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{8BE9D504-3776-4FB1-AE8E-469F752CA8E1}" = lport=19439 | protocol=17 | dir=in | name=bitcomet 19439 udp |
"{902ABE36-AAA0-4F7E-84B0-994493FFAAEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{905F83B3-44D1-4DF7-89F8-508A8AEB19DA}" = lport=7494 | protocol=6 | dir=in | name=bitcomet 7494 tcp |
"{91E849D9-9705-422A-BDCB-BBEF17919C66}" = lport=9946 | protocol=6 | dir=in | name=bitcomet 9946 tcp |
"{93832D12-65AD-4F7A-A1A6-C505EF929B4F}" = lport=13005 | protocol=6 | dir=in | name=bitcomet 13005 tcp |
"{96B9FCD6-BE87-4FC8-B10C-A8E12140E3F5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98A330B0-407D-4EB7-915C-848BF7A19FCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9979460C-EA9F-4678-8551-2E7F1DE7D9B9}" = lport=19608 | protocol=17 | dir=in | name=bitcomet 19608 udp |
"{9DDE10F1-4B94-4185-8A50-B4D560CB9DA2}" = lport=16361 | protocol=6 | dir=in | name=bitcomet 16361 tcp |
"{A5B0305C-BE0A-4180-AECE-7DE9FF892155}" = lport=21805 | protocol=17 | dir=in | name=bitcomet 21805 udp |
"{A5CA2931-101A-4F4B-ADD9-A200C33965AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7926189-7CD6-450F-ADB9-86A4B9742C7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8670DE0-BE4A-4BAF-8322-1F086F56E20A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A96847F5-7C89-40A2-BD53-3F871E5D1AB1}" = lport=10508 | protocol=17 | dir=in | name=bitcomet 10508 udp |
"{AADC90E2-512B-4210-9099-CAA12820EDDA}" = lport=25217 | protocol=17 | dir=in | name=bitcomet 25217 udp |
"{B11641C4-90F7-4CD4-9820-E0406712CDED}" = lport=11725 | protocol=6 | dir=in | name=bitcomet 11725 tcp |
"{B238D7AB-1542-4829-BC04-5DA129917B04}" = lport=15338 | protocol=17 | dir=in | name=bitcomet 15338 udp |
"{B388A680-193C-4019-A35D-A3150C95F0D0}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{B40EC1B3-10FA-4365-B421-BF00BF2BD3B2}" = lport=13391 | protocol=6 | dir=in | name=bitcomet 13391 tcp |
"{B82B89B4-EEEA-4D7D-A1A1-C1386D8BADF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{BE23BD35-ABD0-493B-B877-9E63BBCC8E49}" = lport=22160 | protocol=6 | dir=in | name=bitcomet 22160 tcp |
"{BE9E6F7A-4A5B-4477-85E2-8247F6C71218}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C21FE1B2-1249-4A47-94F6-02E97E5006CB}" = lport=22412 | protocol=17 | dir=in | name=bitcomet 22412 udp |
"{C7A84910-D9D4-4C09-B4DB-E33AFE476DE8}" = lport=25217 | protocol=6 | dir=in | name=bitcomet 25217 tcp |
"{C9845947-7766-4A6A-8E8D-3DCC595E12AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDFCCBAE-E3DB-40AE-AE89-5F317B46D206}" = lport=13391 | protocol=17 | dir=in | name=bitcomet 13391 udp |
"{DF775D6F-98E5-4FF9-BC1F-545A3B51EA9D}" = lport=22412 | protocol=6 | dir=in | name=bitcomet 22412 tcp |
"{E3BD3435-6001-4D54-8D62-54A03756FE3E}" = lport=27216 | protocol=17 | dir=in | name=bitcomet 27216 udp |
"{ECC7979A-744C-4696-9065-16BC260DEFF3}" = rport=138 | protocol=17 | dir=out | app=system |
"{F318CD79-4ACB-4ECF-8B69-13DE27290567}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9996BF6-18FF-4644-88BE-EC29EF72EA87}" = lport=21309 | protocol=6 | dir=in | name=bitcomet 21309 tcp |
"{FB09128D-0D28-41C3-8B93-2F911EB81879}" = lport=27216 | protocol=6 | dir=in | name=bitcomet 27216 tcp |
"{FB973470-CE89-40C0-9514-3B61D522979E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE4EB7D0-BBC3-44B7-B9A6-847BF03E3C68}" = lport=10216 | protocol=17 | dir=in | name=bitcomet 10216 udp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BA2021-2F9A-4A2E-AEF5-67DA83341808}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{05F8CE8A-90C4-4C9F-86D3-19F73A3EBDA9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07FE5F63-17D7-4EEB-A2EC-4537022C2F8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08D87835-D29B-456A-84AC-1A3BC531B100}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{128E6192-367A-45BD-AE6F-17877222F02E}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{1D49A50C-6CD5-470F-9B6B-A74DA9DC0031}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{1DA105A4-E5E2-47DE-828A-B2FC64BAA6B4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{24B889AC-BD8F-4835-B364-11F7215A61FF}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{2E46ED9B-58A1-4EF3-B0AF-881190F19453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{46BFC813-F74D-4E4D-8631-43318C182BE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49E4F760-107C-417B-9E62-10624D6DB35D}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{57812C51-0F95-4F74-AC5A-462601261107}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A44BECE-09B2-4C8D-B971-77E88489FEA8}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{65C7EADA-FAB0-454F-A1DE-36D71AE387CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6863E653-A914-48B6-ACA3-D6C82CA2910A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{835E447C-E70A-43B5-8007-228669C678CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85F00F56-AC91-44B7-A055-43C23C839559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8A4058E6-ADF9-449A-8DC1-04D869719FCF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8C8B5B10-53A0-4C6B-8393-7B4DEC2EA3DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{962D154E-8E72-4725-B57E-00949832143C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A671A358-A572-457B-9FD7-7819183DF5AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFE985FA-0A5C-4748-8E66-B280408F8B66}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B810594E-E0F7-4E0C-A640-8DF32B337941}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B8B81E0A-F0FB-4FD1-9EE6-7DF7609AE439}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BB681BF5-9448-4E51-836A-661D30A404B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DF1453B3-F608-45FE-BFD2-369CAF898B10}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E00E7072-4A76-4368-9820-6A24F1253CEE}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E6EAFD9F-CC9A-4AD9-B5A4-6C713ED2D6B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAF29A8E-4EF1-46C9-8714-780AE866FDA3}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{FB40723D-0BFA-450E-9230-B15789C2D75E}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{2200C789-5520-403E-AC5C-F33120A6E235}C:\program files\pagebreeze\pagebreeze.exe" = protocol=6 | dir=in | app=c:\program files\pagebreeze\pagebreeze.exe |
"TCP Query User{33977174-F34B-4AB2-A961-9CD63C9F9807}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{4B3B070A-CB66-4E80-908D-38AD7C20D1D9}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{5D367FBC-AD00-4DC9-BD3C-962874F1F01C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5F0E84D3-0782-4F4B-8E7F-B646F600043F}C:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{AC4B5ACE-566D-4F95-907A-B7DE032DD997}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B20A12E6-860A-469C-9E3D-6C31F62BB1D2}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{C2F3526A-6323-4EE1-8CDA-42D4E705B06E}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{C6D0D201-3621-498D-876B-B0A7D1AD9D2F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D449EF11-181B-48E4-945C-D910FEDA05BC}C:\program files\camfrog\camfrog video chat1\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat1\camfrog video chat.exe |
"TCP Query User{DF00BFB9-1CB7-4F8F-9377-6A7F7EF3E290}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EBF757E0-7834-4765-974D-8766910B3B23}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{F05453FD-F776-45D5-B533-489B31357208}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F4FB5387-2C23-4BEB-B53C-6390DD66A055}C:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{0DE72E7B-A079-4296-9066-3F866D12214B}C:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{15FAC531-12E3-454A-AE3B-2E9FCA13F577}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{288A4B18-A0DA-4B65-A8A2-59F51667A2CB}C:\program files\camfrog\camfrog video chat1\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat1\camfrog video chat.exe |
"UDP Query User{36207F87-2033-4009-9EF4-0A9EB499AE37}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{698B3610-F251-4B94-A70C-8920A42F4431}C:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\gartoy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{75D734FE-F83C-4A2B-A98B-FBD1DAAAFCB7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7A68C198-7E20-4A7B-BE10-BCF39B075CE1}C:\program files\pagebreeze\pagebreeze.exe" = protocol=17 | dir=in | app=c:\program files\pagebreeze\pagebreeze.exe |
"UDP Query User{9FF36BB5-A953-4192-936B-A62314940E8C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A5A708E9-3F2C-4A4B-A9C5-7A83F3BDAAA2}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{B7907891-7C1C-42DA-944F-5A8F6A9CCB92}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{EEE0C8C8-D572-4CE9-91D1-D27FB6FF780A}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{EFC0C891-1D82-4EDD-8DD8-BD1B0EA4A3D8}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{FBBE65EE-EF55-4DF1-8ED3-0F74FB90B45F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{FC6A1B1A-4F94-4D76-9EC0-7C78A17DAA85}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00B70EED-B236-4FBC-A367-76E8DB75C7B0}" = WebSoftware HotHTML 2001 Professional Edition
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098104AB-F9FF-4BF5-B909-071C60164E82}" = TileGem
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1" = CDA to MP3 Converter v2.8 build 839
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}" = NETGEAR WN121T wireless USB 2.0 adapter
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DDCB109-F81F-4307-9A2E-351BF0EC721D}" = 2010 Hallmark Registration Bonus Pack
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36A3719F-8A06-451A-935A-B4A5BAE77C87}" = ESET Smart Security
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}" = Hallmark Card Studio 2007 Deluxe
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDD4EA-9D68-11D5-8A28-005004D37F93}" = Wolfenstein 3D
"{6B99AF03-2668-4572-BD3D-8C7A5D103065}" = AuthenTec Fingerprint Software
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91FA5123-41A2-401D-9A60-7A0E075A9A5E}" = Roulette Sniper Version 2.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{999F7660-0374-5501-11BF-1129B004811F9}_is1" = Columbus Ghost Of The Mystery Stone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9E790A85-469F-4ED9-85AE-785C62DEFCAA}_is1" = Nick Chase - A Detective Story
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3043377-81E5-4370-B030-3FB4FA8CA81D}" = Radiotracker
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E306E9DA-FEAC-46C8-8378-2C73EF81C60E}" = ImageStyler
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1" = RadioGet 1.3.9
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"815EB4ED418166EC2BBE3A39EAC38C74AE911A8C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"ActiveTracker 3.2 Email tracker plugin" = ActiveTracker 3.2 Email tracker plugin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe ImageStyler 1.0" = Adobe ImageStyler 1.0
"Advanced Business Card Maker 4.0_is1" = Business Card Maker 4.0
"Advanced Emailer_is1" = Advanced Emailer
"AIM_6" = AIM 6
"AiroWizard 1.0 Beta" = AiroWizard 1.0 Beta
"Art of Murder The Secret Files 1.00" = Art of Murder The Secret Files 1.00
"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger
"ATT-PRT22" = ATT-PRT22
"ATT-RC" = ATT-RC Self Support Tool
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Awakening - The Dreamless Castle ." = Awakening - The Dreamless Castle .
"Belarc Advisor" = Belarc Advisor 8.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Fear for Sale - The Mystery of McInroy Manor Collector's Edition" = Fear for Sale: The Mystery of McInroy Manor Collector's Edition
"BFG-Time Mysteries - Inheritance" = Time Mysteries: Inheritance
"Birthday Reminder v1.40" = Birthday Reminder v1.40
"BitComet" = BitComet 1.25
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Build a lot 3 Passport to Europe1.0" = Build a lot 3 Passport to Europe
"Build A Lot 4-Power source ." = Build A Lot 4-Power source .
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"Camfrog 5.5" = Camfrog Video Chat 5.5
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup Image Mapper" = CoffeeCup Image Mapper
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition 1.00" = Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition 1.00
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dorgem_is1" = Dorgem 2.1.0
"Drawn The Painted Tower 1.00" = Drawn The Painted Tower 1.00
"Dynomite 2.01" = Dynomite 2.01
"EADM" = EA Download Manager
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"EasyBCD" = EasyBCD 1.7.2
"Echoes of the Past Royal House of Stone 1.00" = Echoes of the Past Royal House of Stone 1.00
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"Escape Rosecliff Island 1.00" = Escape Rosecliff Island 1.00
"ESET Online Scanner" = ESET Online Scanner v3
"Fabulous Finds1.0.1" = Fabulous Finds
"Fear for Sale The Mystery of McInroy Manor CE 1.00" = Fear for Sale The Mystery of McInroy Manor CE 1.00
"Fiction Fixers Adventures in Wonderland Premium Edition 1.10" = Fiction Fixers Adventures in Wonderland Premium Edition 1.10
"Fiction Fixers The Curse of OZ 1.00" = Fiction Fixers The Curse of OZ 1.00
"Flash Saver" = Flash Saver
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Freemake Video Converter_is1" = Freemake Video Converter version 1.3.0
"Gardenscapes ." = Gardenscapes .
"gBurner" = gBurner
"Green MoonJust For Fun Games" = Green MoonJust For Fun Games
"Haunted Halls Green Hills Sanitarium Collectors Edition 1.00" = Haunted Halls Green Hills Sanitarium Collectors Edition 1.00
"Haunted Hotel 3 Lonely Dream 1.00" = Haunted Hotel 3 Lonely Dream 1.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hidden Identity" = Hidden Identity
"Hidden Identity 1.00" = Hidden Identity 1.00
"Hidden Mysteries Salem Secrets 1.00" = Hidden Mysteries Salem Secrets 1.00
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HookAnalyzer_is1" = RootKit Hook Analyzer 3.02
"Image Mapper" = Image Mapper
"Indeo® Software" = Indeo® Software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}" = NETGEAR WN121T wireless USB 2.0 adapter
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Instant Housecall" = Instant Housecall - Specialist Sign-in
"iReboot" = iReboot 1.1.0
"James Pattersons Womens Murder Club - Little Black Lies ." = James Pattersons Womens Murder Club - Little Black Lies .
"Journalistic Investigations Stolen Inheritance + SG" = Journalistic Investigations Stolen Inheritance + SG
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.1 (remove only)
"Map Designer pro_is1" = Map Designer Pro
"Mapedit" = Mapedit
"Mary Kay Andrews - The Fixer Upper_is1" = Mary Kay Andrews - The Fixer Upper
"MaxBulk Mailer_is1" = MaxBulk Mailer 5.6.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Million Dollar Quest1.0" = Million Dollar Quest
"Mishap An Accidental Haunting 1.00" = Mishap An Accidental Haunting 1.00
"Mortimer Beckett And The Time Paradox FINAL 1.00" = Mortimer Beckett And The Time Paradox FINAL 1.00
"MP3 Rocket" = MP3 Rocket
"Mystery Age 2- The Dark Priests1.0" = Mystery Age 2- The Dark Priests
"Mystery Legends Phantom of the Opera1.0" = Mystery Legends Phantom of the Opera
"Mystery Valley 1.00" = Mystery Valley 1.00
"Nick Chase and the Deadly Diamond 1.00" = Nick Chase and the Deadly Diamond 1.00
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"PageBreeze Professional" = PageBreeze Professional
"PalTalk8.2" = PaltalkScene
"PC Image Editor" = PC Image Editor
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"Pos HTML Image Mapper" = Pos HTML Image Mapper
"Power Mic for Yahoo Messenger 2.1" = Power Mic for Yahoo Messenger 2.1
"Press Your Luck 2010" = Press Your Luck 2010 1.0.2
"Pretty In Pink 1.00" = Pretty In Pink 1.00
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rapid-Emailer_is1" = Absolute Futurity Rapid-Emailer Ver 2.0.22
"ReadNotify IE Add-on" = RN_Object
"RegDoctor_is1" = RegDoctor 1.74
"RegHealer_is2" = Registry Healer 4.5.0 uninstall
"RegHealer_is3" = Registry Healer 4.2.0 uninstall
"RegHealer_is4" = Registry Healer 4.5.0 uninstall
"Registry Winner_is1" = Registry Winner 5.5
"Rhapsody" = Rhapsody
"Rhianna Ford - The Da Vinci Letter1.0" = Rhianna Ford - The Da Vinci Letter
"RKU" = Rootkit Unhooker Uninstall
"Royal Envoy Collector's Edition" = Royal Envoy Collector's Edition
"Software Informer_is1" = Software Informer 1.0 BETA
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SuperMP3Download" = Super MP3 Download
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Dark Hills of Cherai 1.00" = The Dark Hills of Cherai 1.00
"TopMail" = TopMail
"Total HTML Converter_is1" = TotalHTMLConverter
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TVWiz" = Intel(R) TV Wizard
"Twisted - A Haunted Carol1.0" = Twisted - A Haunted Carol
"Twisted Lands Shadow Town Collectors Edition 1.00" = Twisted Lands Shadow Town Collectors Edition 1.00
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.5
"Web Communicator" = Web Communicator
"Where's Waldo The Fantastic Journey" = Where's Waldo The Fantastic Journey 1.0.10
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"magicJack" = magicJack
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 9:36:02 PM | Computer Name = Happy | Source = Windows Search Service | ID = 3013
Description =

Error - 12/29/2010 9:36:03 PM | Computer Name = Happy | Source = Windows Search Service | ID = 3013
Description =

Error - 12/29/2010 9:37:02 PM | Computer Name = Happy | Source = Windows Search Service | ID = 3013
Description =

Error - 12/29/2010 10:13:52 PM | Computer Name = Happy | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2010 10:59:28 PM | Computer Name = Happy | Source = EventSystem | ID = 4621
Description =

Error - 12/29/2010 11:06:51 PM | Computer Name = Happy | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 11:08:07 AM | Computer Name = Happy | Source = EventSystem | ID = 4609
Description =

Error - 12/30/2010 11:08:38 AM | Computer Name = Happy | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 11:14:43 AM | Computer Name = Happy | Source = EventSystem | ID = 4609
Description =

Error - 12/30/2010 11:14:52 AM | Computer Name = Happy | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/21/2010 4:37:08 AM | Computer Name = Happy | Source = WLAN-Tray | ID = 0
Description = 03:37:06, Tue, Dec 21, 10 Error - Unable to gain access to user store

Error - 12/22/2010 1:30:50 PM | Computer Name = Happy | Source = WLAN-Tray | ID = 0
Description = 12:30:49, Wed, Dec 22, 10 Error - Unable to gain access to user store

Error - 12/24/2010 12:38:27 AM | Computer Name = Happy | Source = WLAN-Tray | ID = 0
Description = 23:38:26, Thu, Dec 23, 10 Error - Unable to gain access to user store

Error - 12/27/2010 7:20:07 PM | Computer Name = Happy | Source = WLAN-Tray | ID = 0
Description = 18:20:05, Mon, Dec 27, 10 Error - Unable to gain access to user store

[ DigitalPersona Pro Events ]
Error - 3/31/2010 9:05:35 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:36 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:39 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:40 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:42 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:44 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:45 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:46 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/31/2010 9:05:47 PM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/14/2010 10:28:05 AM | Computer Name = Happy | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 4/13/2009 5:19:17 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 5:19:56 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:29:44 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:46:16 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:47:04 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:47:50 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:48:10 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:51:45 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/13/2009 6:55:31 PM | Computer Name = Happy | Source = ehRecvr | ID = 3
Description =

Error - 4/24/2009 5:29:41 PM | Computer Name = Happy | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/30/2010 7:51:37 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2010 11:44:46 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7030
Description =

Error - 12/30/2010 11:44:56 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7034
Description =

Error - 12/30/2010 11:46:11 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7030
Description =

Error - 12/30/2010 11:50:25 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7034
Description =

Error - 12/30/2010 11:50:27 PM | Computer Name = Happy | Source = Service Control Manager | ID = 7030
Description =

Error - 12/31/2010 12:02:23 AM | Computer Name = Happy | Source = Service Control Manager | ID = 7030
Description =

Error - 12/31/2010 12:19:16 AM | Computer Name = Happy | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 12/31/2010 12:20:55 AM | Computer Name = Happy | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2010 12:23:20 AM | Computer Name = Happy | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

< End of report >

Log in or Sign up

Inactive Threat found MBR sector of the 1. physical disk.

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

garfield Inactive Thread Starter

garfield Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Threat found MBR sector of the 1. physical disk.

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

garfield Inactive Thread Starter

garfield Inactive Thread Starter

Share This Page

Useful Searches