View Full Version : Everything crashes, then comes the blue screen of death
spikenla
2011-10-19, 11:21
Everything crashes, then comes the blue screen of death. A few Check for Solutions/Cancel dialog boxes appear, and as soon as you cancel one, the blue screen of death appears. In Safe Mode, Spybot found no errors. This scan was done in safe mode with networking.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Aaron at 4:12:48 on 2011-10-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyServer = 128.119.41.211:3127
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [googletalk] C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\3507563637 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20BDD4B1-3B6D-4654-B871-7FE11208D05E} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
BHO-X64: scriptproxy - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-19 08:57:32 388096 ----a-r- C:\Users\Aaron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-19 08:57:32 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-18 08:03:29 -------- d-sh--w- C:\windows\System32\%APPDATA%
2011-10-18 06:22:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-18 06:22:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-16 03:44:18 -------- d-----w- C:\Program Files\iPod
2011-10-16 03:44:13 -------- d-----w- C:\Program Files\iTunes
2011-10-16 03:44:13 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-16 03:07:16 -------- d-----w- C:\Users\Aaron\AppData\Local\VS Revo Group
2011-10-16 03:07:12 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2011-10-16 03:07:11 -------- d-----w- C:\Program Files\VS Revo Group
2011-10-13 19:23:22 -------- d-----w- C:\Program Files\Bonjour
2011-10-13 19:23:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-10 19:05:50 -------- d-----w- C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2011-10-08 23:53:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-08 23:52:57 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-08 23:52:46 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-08 23:52:43 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-09-27 03:32:58 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 03:07:02 3134976 ----a-w- C:\windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-31 04:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-08-27 12:22:24 19517952 ----a-w- C:\redsn0w.exe
2011-08-27 05:40:28 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-19 06:46:06 30720 ----a-w- C:\windows\System32\drivers\tapoas.sys
2011-08-17 05:32:24 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
.
============= FINISH: 4:14:01.95 ===============
Forgot to compress attachment
My last restore point was at a Microsoft Update. I restored to that point, didn't help. I tried restoring again to earlier point, but no luck. Sorry for jumping the gun, I just really am lost without my laptop, and need it back up and running ASAP. Any help would be greatly appreciated. I am re-posting my logs since the restore. They were taken in safe mode.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Aaron at 7:32:07 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2777 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyServer = 128.119.41.211:3127
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [googletalk] C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\3507563637 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20BDD4B1-3B6D-4654-B871-7FE11208D05E} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
BHO-X64: scriptproxy - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
S0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
S1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-23 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-23 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-23 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-23 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-23 200056]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-23 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-9-28 2009704]
S2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
S2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-28 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
S3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
S3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 FlyUsb;FLY Fusion;C:\windows\system32\DRIVERS\FlyUsb.sys --> C:\windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-4 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;C:\windows\system32\DRIVERS\tapoas.sys --> C:\windows\system32\DRIVERS\tapoas.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-18 06:22:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-18 06:22:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-16 03:44:18 -------- d-----w- C:\Program Files\iPod
2011-10-16 03:44:13 -------- d-----w- C:\Program Files\iTunes
2011-10-16 03:44:13 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-16 03:07:16 -------- d-----w- C:\Users\Aaron\AppData\Local\VS Revo Group
2011-10-16 03:07:12 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2011-10-16 03:07:11 -------- d-----w- C:\Program Files\VS Revo Group
2011-10-13 19:23:22 -------- d-----w- C:\Program Files\Bonjour
2011-10-13 19:23:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-10 19:05:50 -------- d-----w- C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2011-10-08 23:53:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-08 23:52:57 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-08 23:52:46 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-08 23:52:43 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-09-27 03:32:58 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 03:07:02 3134976 ----a-w- C:\windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-31 04:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-08-27 12:22:24 19517952 ----a-w- C:\redsn0w.exe
2011-08-27 05:40:28 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-19 06:46:06 30720 ----a-w- C:\windows\System32\drivers\tapoas.sys
2011-08-17 05:32:24 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
.
============= FINISH: 7:33:09.51 ===============
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.
Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------
spikenla
2011-10-20, 22:45
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-20 15:39:13
-----------------------------
15:39:13.682 OS Version: Windows x64 6.1.7600
15:39:13.682 Number of processors: 4 586 0x2505
15:39:13.698 ComputerName: AARON-PC UserName: Aaron
15:39:14.057 Initialize success
15:39:24.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:39:24.228 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
15:39:24.275 Disk 0 MBR read successfully
15:39:24.291 Disk 0 MBR scan
15:39:24.291 Disk 0 unknown MBR code
15:39:24.291 Service scanning
15:39:26.880 Modules scanning
15:39:26.880 Disk 0 trace - called modules:
15:39:26.896 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:39:26.896 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004862060]
15:39:26.896 3 CLASSPNP.SYS[fffff8800109b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004606050]
15:39:26.896 Scan finished successfully
15:40:08.267 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"
15:40:08.283 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"
Hi spikenla,
Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
spikenla
2011-10-21, 13:45
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: QX310/QX410/QX510/SF310/SF410/SF510
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 127):
0x02852000 \SystemRoot\system32\ntoskrnl.exe
0x02809000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00C24000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C68000 \SystemRoot\system32\PSHED.dll
0x00C7C000 \SystemRoot\system32\CLFS.SYS
0x00CDA000 \SystemRoot\system32\CI.dll
0x00E71000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F15000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F24000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F84000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F8E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FC1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCE000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D9A000 \SystemRoot\System32\drivers\mountmgr.sys
0x010E2000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012EC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012F5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0131F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0132A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0133A000 \SystemRoot\system32\drivers\amdxata.sys
0x01345000 \SystemRoot\system32\drivers\fltmgr.sys
0x01391000 \SystemRoot\system32\drivers\fileinfo.sys
0x01430000 \SystemRoot\System32\Drivers\Ntfs.sys
0x016B6000 \SystemRoot\System32\Drivers\msrpc.sys
0x01714000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0172E000 \SystemRoot\System32\Drivers\cng.sys
0x017A1000 \SystemRoot\System32\drivers\pcw.sys
0x017B2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0184A000 \SystemRoot\system32\drivers\ndis.sys
0x0193C000 \SystemRoot\system32\drivers\NETIO.SYS
0x0199C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017BC000 \SystemRoot\system32\drivers\mfewfpk.sys
0x019C7000 \SystemRoot\system32\drivers\TDI.SYS
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\drivers\rdyboost.sys
0x019DC000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x019E1000 \SystemRoot\System32\Drivers\mup.sys
0x019F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0109A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01686000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02C3E000 \SystemRoot\System32\Drivers\Null.SYS
0x02C47000 \SystemRoot\System32\Drivers\Beep.SYS
0x02C4E000 \SystemRoot\System32\drivers\vga.sys
0x02C5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C81000 \SystemRoot\System32\drivers\watchdog.sys
0x02C91000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C9C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CAD000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02CBE000 \SystemRoot\system32\drivers\usbehci.sys
0x02CCF000 \SystemRoot\system32\drivers\USBPORT.SYS
0x02D25000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02D49000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02D67000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02D76000 \SystemRoot\system32\DRIVERS\ETD.sys
0x02D96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02DA5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DDC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02DE5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02A00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02A10000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x015D2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02A1B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x013A5000 \SystemRoot\system32\DRIVERS\ks.sys
0x015E6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02A1D000 \SystemRoot\system32\DRIVERS\udfs.sys
0x02A72000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02A8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02A91000 \SystemRoot\System32\Drivers\crashdmp.sys
0x034BC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x036C6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x036D9000 \SystemRoot\System32\drivers\Dxapi.sys
0x005E0000 \SystemRoot\System32\drivers\dxg.sys
0x00770000 \SystemRoot\System32\TSDDD.dll
0x00800000 \SystemRoot\System32\framebuf.dll
0x036E5000 \SystemRoot\system32\drivers\WudfPf.sys
0x77C30000 \Windows\System32\ntdll.dll
0x47C60000 \Windows\System32\smss.exe
0xFFF50000 \Windows\System32\apisetschema.dll
0xFF440000 \Windows\System32\autochk.exe
0xFFD60000 \Windows\System32\setupapi.dll
0xFFCF0000 \Windows\System32\gdi32.dll
0xFFC70000 \Windows\System32\shlwapi.dll
0xFFB90000 \Windows\System32\oleaut32.dll
0xFFB70000 \Windows\System32\imagehlp.dll
0x77A20000 \Windows\System32\iertutil.dll
0xFFAD0000 \Windows\System32\comdlg32.dll
0xFFA30000 \Windows\System32\msvcrt.dll
0x77900000 \Windows\System32\kernel32.dll
0xFECA0000 \Windows\System32\shell32.dll
0xFEC50000 \Windows\System32\ws2_32.dll
0xFEBD0000 \Windows\System32\difxapi.dll
0x77E00000 \Windows\System32\psapi.dll
0xFEAC0000 \Windows\System32\msctf.dll
0xFEAB0000 \Windows\System32\lpk.dll
0xFE9E0000 \Windows\System32\usp10.dll
0xFE900000 \Windows\System32\advapi32.dll
0xFE8B0000 \Windows\System32\Wldap32.dll
0xFE810000 \Windows\System32\clbcatq.dll
0xFE800000 \Windows\System32\nsi.dll
0xFE7E0000 \Windows\System32\sechost.dll
0xFE6B0000 \Windows\System32\rpcrt4.dll
0x777B0000 \Windows\System32\urlmon.dll
0x77650000 \Windows\System32\wininet.dll
0xFE680000 \Windows\System32\imm32.dll
0xFE470000 \Windows\System32\ole32.dll
0x77DF0000 \Windows\System32\normaliz.dll
0x77550000 \Windows\System32\user32.dll
0xFE400000 \Windows\System32\KernelBase.dll
0xFE290000 \Windows\System32\crypt32.dll
0xFE270000 \Windows\System32\devobj.dll
0xFE230000 \Windows\System32\wintrust.dll
0xFE190000 \Windows\System32\comctl32.dll
0xFE150000 \Windows\System32\cfgmgr32.dll
0xFE140000 \Windows\System32\msasn1.dll
0x76EE0000 \Windows\SysWOW64\normaliz.dll
Processes (total 22):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
372 csrss.exe
408 csrss.exe
416 C:\Windows\System32\wininit.exe
444 C:\Windows\System32\winlogon.exe
508 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
620 C:\Windows\explorer.exe
1056 C:\Windows\System32\ctfmon.exe
1560 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1832 C:\Program Files\McAfee.com\Agent\mcagent.exe
1224 C:\Users\Aaron\Desktop\MBRCheck.exe
1212 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`46600000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHM641JI, Rev: 2AJ10002
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Hi spikenla,
Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
spikenla
2011-10-21, 22:44
I am unable to complete the process before my CPU crashes. I am in safe mode.
Hi spikenla,
Go ahead and try to run it in Safe Mode. :)
spikenla
2011-10-22, 03:09
I am unable to complete the process before my CPU crashes. I am in safe mode.
I did it in safe mode.
Ok try this...
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
In your next reply please post the logs created by TDSSKiller and OTL.
spikenla
2011-10-22, 04:03
It crashed while scanning OTL. Here is TDSS log.
20:34:12.0851 1456 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
20:34:12.0913 1456 ============================================================
20:34:12.0913 1456 Current date / time: 2011/10/21 20:34:12.0913
20:34:12.0913 1456 SystemInfo:
20:34:12.0913 1456
20:34:12.0913 1456 OS Version: 6.1.7600 ServicePack: 0.0
20:34:12.0913 1456 Product type: Workstation
20:34:12.0913 1456 ComputerName: AARON-PC
20:34:12.0913 1456 UserName: Aaron
20:34:12.0913 1456 Windows directory: C:\windows
20:34:12.0913 1456 System windows directory: C:\windows
20:34:12.0913 1456 Running under WOW64
20:34:12.0913 1456 Processor architecture: Intel x64
20:34:12.0913 1456 Number of processors: 4
20:34:12.0913 1456 Page size: 0x1000
20:34:12.0913 1456 Boot type: Safe boot
20:34:12.0913 1456 ============================================================
20:34:13.0428 1456 Initialize success
20:34:19.0107 1484 ============================================================
20:34:19.0107 1484 Scan started
20:34:19.0107 1484 Mode: Manual;
20:34:19.0107 1484 ============================================================
20:34:19.0325 1484 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
20:34:19.0325 1484 1394ohci - ok
20:34:19.0450 1484 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:34:19.0465 1484 ACPI - ok
20:34:19.0575 1484 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:34:19.0575 1484 AcpiPmi - ok
20:34:19.0746 1484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:34:19.0746 1484 adp94xx - ok
20:34:19.0871 1484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:34:19.0871 1484 adpahci - ok
20:34:19.0996 1484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:34:19.0996 1484 adpu320 - ok
20:34:20.0121 1484 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:34:20.0136 1484 AFD - ok
20:34:20.0230 1484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:34:20.0230 1484 agp440 - ok
20:34:20.0355 1484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:34:20.0355 1484 aliide - ok
20:34:20.0448 1484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:34:20.0448 1484 amdide - ok
20:34:20.0511 1484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:34:20.0511 1484 AmdK8 - ok
20:34:20.0542 1484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:34:20.0542 1484 AmdPPM - ok
20:34:20.0604 1484 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:34:20.0604 1484 amdsata - ok
20:34:20.0635 1484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:34:20.0635 1484 amdsbs - ok
20:34:20.0713 1484 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:34:20.0713 1484 amdxata - ok
20:34:20.0838 1484 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:34:20.0838 1484 AppID - ok
20:34:21.0010 1484 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:34:21.0010 1484 arc - ok
20:34:21.0041 1484 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:34:21.0041 1484 arcsas - ok
20:34:21.0072 1484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:34:21.0072 1484 AsyncMac - ok
20:34:21.0103 1484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:34:21.0103 1484 atapi - ok
20:34:21.0181 1484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:34:21.0197 1484 b06bdrv - ok
20:34:21.0306 1484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:34:21.0306 1484 b57nd60a - ok
20:34:21.0462 1484 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:34:21.0462 1484 Beep - ok
20:34:21.0571 1484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:34:21.0571 1484 blbdrive - ok
20:34:21.0665 1484 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:34:21.0665 1484 bowser - ok
20:34:21.0712 1484 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
20:34:21.0712 1484 bpenum - ok
20:34:21.0743 1484 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
20:34:21.0743 1484 bpmp - ok
20:34:21.0759 1484 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
20:34:21.0759 1484 bpusb - ok
20:34:21.0821 1484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:34:21.0821 1484 BrFiltLo - ok
20:34:21.0821 1484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:34:21.0821 1484 BrFiltUp - ok
20:34:21.0837 1484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:34:21.0837 1484 Brserid - ok
20:34:21.0852 1484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:34:21.0852 1484 BrSerWdm - ok
20:34:21.0852 1484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:34:21.0868 1484 BrUsbMdm - ok
20:34:21.0883 1484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:34:21.0883 1484 BrUsbSer - ok
20:34:21.0899 1484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:34:21.0899 1484 BTHMODEM - ok
20:34:21.0930 1484 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:34:21.0930 1484 cdfs - ok
20:34:21.0961 1484 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:34:21.0961 1484 cdrom - ok
20:34:22.0055 1484 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\windows\system32\drivers\cfwids.sys
20:34:22.0055 1484 cfwids - ok
20:34:22.0117 1484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:34:22.0117 1484 circlass - ok
20:34:22.0164 1484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:34:22.0164 1484 CLFS - ok
20:34:22.0398 1484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:34:22.0398 1484 CmBatt - ok
20:34:22.0461 1484 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:34:22.0461 1484 cmdide - ok
20:34:22.0492 1484 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:34:22.0492 1484 CNG - ok
20:34:22.0554 1484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:34:22.0554 1484 Compbatt - ok
20:34:22.0601 1484 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:34:22.0601 1484 CompositeBus - ok
20:34:22.0632 1484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:34:22.0632 1484 crcdisk - ok
20:34:22.0710 1484 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:34:22.0710 1484 DfsC - ok
20:34:22.0773 1484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:34:22.0773 1484 discache - ok
20:34:22.0835 1484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:34:22.0835 1484 Disk - ok
20:34:22.0882 1484 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:34:22.0882 1484 drmkaud - ok
20:34:22.0944 1484 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:34:22.0944 1484 DXGKrnl - ok
20:34:23.0022 1484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:34:23.0069 1484 ebdrv - ok
20:34:23.0225 1484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:34:23.0225 1484 elxstor - ok
20:34:23.0241 1484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:34:23.0241 1484 ErrDev - ok
20:34:23.0303 1484 ETD (ace57d5012b00971cce04c61cfeefae6) C:\windows\system32\DRIVERS\ETD.sys
20:34:23.0303 1484 ETD - ok
20:34:23.0334 1484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:34:23.0334 1484 exfat - ok
20:34:23.0350 1484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:34:23.0350 1484 fastfat - ok
20:34:23.0412 1484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:34:23.0412 1484 fdc - ok
20:34:23.0459 1484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:34:23.0459 1484 FileInfo - ok
20:34:23.0475 1484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:34:23.0475 1484 Filetrace - ok
20:34:23.0475 1484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:34:23.0475 1484 flpydisk - ok
20:34:23.0537 1484 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:34:23.0537 1484 FltMgr - ok
20:34:23.0599 1484 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\windows\system32\DRIVERS\FlyUsb.sys
20:34:23.0599 1484 FlyUsb - ok
20:34:23.0646 1484 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:34:23.0646 1484 FsDepends - ok
20:34:23.0677 1484 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
20:34:23.0677 1484 fssfltr - ok
20:34:23.0709 1484 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:34:23.0709 1484 Fs_Rec - ok
20:34:23.0771 1484 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:34:23.0787 1484 fvevol - ok
20:34:23.0802 1484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:34:23.0802 1484 gagp30kx - ok
20:34:23.0865 1484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:34:23.0865 1484 GEARAspiWDM - ok
20:34:23.0880 1484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:34:23.0880 1484 hcw85cir - ok
20:34:23.0927 1484 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:34:23.0943 1484 HdAudAddService - ok
20:34:23.0974 1484 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:34:23.0974 1484 HDAudBus - ok
20:34:24.0099 1484 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:34:24.0099 1484 HECIx64 - ok
20:34:24.0114 1484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:34:24.0114 1484 HidBatt - ok
20:34:24.0145 1484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:34:24.0145 1484 HidBth - ok
20:34:24.0161 1484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:34:24.0161 1484 HidIr - ok
20:34:24.0239 1484 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:34:24.0239 1484 HidUsb - ok
20:34:24.0270 1484 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:34:24.0270 1484 HpSAMD - ok
20:34:24.0333 1484 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:34:24.0333 1484 HTTP - ok
20:34:24.0364 1484 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:34:24.0364 1484 hwpolicy - ok
20:34:24.0426 1484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:34:24.0426 1484 i8042prt - ok
20:34:24.0473 1484 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
20:34:24.0473 1484 iaStor - ok
20:34:24.0504 1484 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:34:24.0504 1484 iaStorV - ok
20:34:24.0785 1484 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
20:34:25.0050 1484 igfx - ok
20:34:25.0159 1484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:34:25.0159 1484 iirsp - ok
20:34:25.0237 1484 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:34:25.0237 1484 Impcd - ok
20:34:25.0331 1484 IntcAzAudAddService (bbda43f02a2c642a2df191fa8c0b0052) C:\windows\system32\drivers\RTKVHD64.sys
20:34:25.0347 1484 IntcAzAudAddService - ok
20:34:25.0471 1484 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
20:34:25.0471 1484 IntcDAud - ok
20:34:25.0503 1484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:34:25.0503 1484 intelide - ok
20:34:25.0549 1484 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:34:25.0549 1484 intelppm - ok
20:34:25.0596 1484 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:34:25.0596 1484 IpFilterDriver - ok
20:34:25.0612 1484 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:34:25.0612 1484 IPMIDRV - ok
20:34:25.0627 1484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:34:25.0627 1484 IPNAT - ok
20:34:25.0674 1484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:34:25.0674 1484 IRENUM - ok
20:34:25.0705 1484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:34:25.0705 1484 isapnp - ok
20:34:25.0737 1484 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:34:25.0737 1484 iScsiPrt - ok
20:34:25.0783 1484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:34:25.0783 1484 kbdclass - ok
20:34:25.0799 1484 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:34:25.0799 1484 kbdhid - ok
20:34:25.0830 1484 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:34:25.0830 1484 KSecDD - ok
20:34:25.0861 1484 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:34:25.0861 1484 KSecPkg - ok
20:34:25.0877 1484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:34:25.0877 1484 ksthunk - ok
20:34:25.0971 1484 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:34:25.0971 1484 lltdio - ok
20:34:26.0017 1484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:34:26.0033 1484 LSI_FC - ok
20:34:26.0049 1484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:34:26.0049 1484 LSI_SAS - ok
20:34:26.0064 1484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:34:26.0064 1484 LSI_SAS2 - ok
20:34:26.0095 1484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:34:26.0095 1484 LSI_SCSI - ok
20:34:26.0127 1484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:34:26.0127 1484 luafv - ok
20:34:26.0314 1484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:34:26.0314 1484 megasas - ok
20:34:26.0329 1484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:34:26.0329 1484 MegaSR - ok
20:34:26.0376 1484 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\windows\system32\drivers\mfeapfk.sys
20:34:26.0376 1484 mfeapfk - ok
20:34:26.0439 1484 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\windows\system32\drivers\mfeavfk.sys
20:34:26.0439 1484 mfeavfk - ok
20:34:26.0548 1484 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\windows\system32\drivers\mfefirek.sys
20:34:26.0548 1484 mfefirek - ok
20:34:26.0626 1484 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\windows\system32\drivers\mfehidk.sys
20:34:26.0626 1484 mfehidk - ok
20:34:26.0673 1484 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\windows\system32\DRIVERS\mfenlfk.sys
20:34:26.0673 1484 mfenlfk - ok
20:34:26.0735 1484 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\windows\system32\drivers\mferkdet.sys
20:34:26.0735 1484 mferkdet - ok
20:34:26.0813 1484 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\windows\system32\drivers\mfewfpk.sys
20:34:26.0813 1484 mfewfpk - ok
20:34:26.0891 1484 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:34:26.0891 1484 Modem - ok
20:34:26.0938 1484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:34:26.0938 1484 monitor - ok
20:34:26.0969 1484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:34:26.0969 1484 mouclass - ok
20:34:27.0016 1484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:34:27.0016 1484 mouhid - ok
20:34:27.0031 1484 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:34:27.0031 1484 mountmgr - ok
20:34:27.0063 1484 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:34:27.0063 1484 mpio - ok
20:34:27.0078 1484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:34:27.0078 1484 mpsdrv - ok
20:34:27.0094 1484 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:34:27.0109 1484 MRxDAV - ok
20:34:27.0125 1484 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:34:27.0141 1484 mrxsmb - ok
20:34:27.0187 1484 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:34:27.0187 1484 mrxsmb10 - ok
20:34:27.0203 1484 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:34:27.0203 1484 mrxsmb20 - ok
20:34:27.0219 1484 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
20:34:27.0219 1484 msahci - ok
20:34:27.0250 1484 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:34:27.0250 1484 msdsm - ok
20:34:27.0281 1484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:34:27.0281 1484 Msfs - ok
20:34:27.0297 1484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:34:27.0297 1484 mshidkmdf - ok
20:34:27.0328 1484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:34:27.0328 1484 msisadrv - ok
20:34:27.0390 1484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:34:27.0390 1484 MSKSSRV - ok
20:34:27.0406 1484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:34:27.0406 1484 MSPCLOCK - ok
20:34:27.0421 1484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:34:27.0421 1484 MSPQM - ok
20:34:27.0437 1484 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:34:27.0437 1484 MsRPC - ok
20:34:27.0468 1484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:34:27.0468 1484 mssmbios - ok
20:34:27.0484 1484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:34:27.0484 1484 MSTEE - ok
20:34:27.0499 1484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:34:27.0499 1484 MTConfig - ok
20:34:27.0546 1484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:34:27.0546 1484 Mup - ok
20:34:27.0624 1484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:34:27.0624 1484 NativeWifiP - ok
20:34:27.0671 1484 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:34:27.0687 1484 NDIS - ok
20:34:27.0702 1484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:34:27.0702 1484 NdisCap - ok
20:34:27.0733 1484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:34:27.0733 1484 NdisTapi - ok
20:34:27.0780 1484 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:34:27.0780 1484 Ndisuio - ok
20:34:27.0796 1484 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:34:27.0796 1484 NdisWan - ok
20:34:27.0811 1484 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:34:27.0811 1484 NDProxy - ok
20:34:27.0858 1484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:34:27.0858 1484 NetBIOS - ok
20:34:27.0874 1484 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:34:27.0874 1484 NetBT - ok
20:34:28.0061 1484 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\windows\system32\DRIVERS\NETw5s64.sys
20:34:28.0201 1484 NETw5s64 - ok
20:34:28.0326 1484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:34:28.0326 1484 nfrd960 - ok
20:34:28.0373 1484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:34:28.0373 1484 Npfs - ok
20:34:28.0389 1484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:34:28.0389 1484 nsiproxy - ok
20:34:28.0451 1484 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:34:28.0467 1484 Ntfs - ok
20:34:28.0482 1484 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:34:28.0482 1484 Null - ok
20:34:28.0732 1484 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\windows\system32\DRIVERS\nvlddmkm.sys
20:34:28.0919 1484 nvlddmkm - ok
20:34:29.0059 1484 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\windows\system32\DRIVERS\nvpciflt.sys
20:34:29.0059 1484 nvpciflt - ok
20:34:29.0106 1484 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:34:29.0106 1484 nvraid - ok
20:34:29.0137 1484 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:34:29.0137 1484 nvstor - ok
20:34:29.0200 1484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:34:29.0200 1484 nv_agp - ok
20:34:29.0231 1484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:34:29.0231 1484 ohci1394 - ok
20:34:29.0293 1484 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:34:29.0293 1484 Parport - ok
20:34:29.0325 1484 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:34:29.0325 1484 partmgr - ok
20:34:29.0340 1484 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
20:34:29.0340 1484 pci - ok
20:34:29.0356 1484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:34:29.0356 1484 pciide - ok
20:34:29.0387 1484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:34:29.0387 1484 pcmcia - ok
20:34:29.0403 1484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:34:29.0403 1484 pcw - ok
20:34:29.0434 1484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:34:29.0449 1484 PEAUTH - ok
20:34:29.0543 1484 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:34:29.0543 1484 PptpMiniport - ok
20:34:29.0559 1484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:34:29.0574 1484 Processor - ok
20:34:29.0637 1484 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:34:29.0637 1484 Psched - ok
20:34:29.0699 1484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:34:29.0715 1484 ql2300 - ok
20:34:29.0746 1484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:34:29.0746 1484 ql40xx - ok
20:34:29.0777 1484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:34:29.0777 1484 QWAVEdrv - ok
20:34:29.0793 1484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:34:29.0793 1484 RasAcd - ok
20:34:29.0824 1484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:34:29.0839 1484 RasAgileVpn - ok
20:34:29.0855 1484 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:34:29.0855 1484 Rasl2tp - ok
20:34:29.0871 1484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:34:29.0871 1484 RasPppoe - ok
20:34:29.0886 1484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:34:29.0886 1484 RasSstp - ok
20:34:29.0917 1484 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:34:29.0917 1484 rdbss - ok
20:34:29.0933 1484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:34:29.0933 1484 rdpbus - ok
20:34:29.0949 1484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:34:29.0949 1484 RDPCDD - ok
20:34:29.0980 1484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:34:29.0980 1484 RDPENCDD - ok
20:34:29.0995 1484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:34:29.0995 1484 RDPREFMP - ok
20:34:30.0011 1484 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:34:30.0011 1484 RDPWD - ok
20:34:30.0042 1484 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
20:34:30.0042 1484 rdyboost - ok
20:34:30.0136 1484 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
20:34:30.0136 1484 Revoflt - ok
20:34:30.0183 1484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:34:30.0183 1484 rspndr - ok
20:34:30.0198 1484 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
20:34:30.0214 1484 RTL8167 - ok
20:34:30.0261 1484 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
20:34:30.0261 1484 rtport - ok
20:34:30.0307 1484 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
20:34:30.0307 1484 SABI - ok
20:34:30.0323 1484 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:34:30.0323 1484 sbp2port - ok
20:34:30.0339 1484 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:34:30.0339 1484 scfilter - ok
20:34:30.0385 1484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:34:30.0401 1484 secdrv - ok
20:34:30.0463 1484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:34:30.0463 1484 Serenum - ok
20:34:30.0495 1484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:34:30.0495 1484 Serial - ok
20:34:30.0510 1484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:34:30.0510 1484 sermouse - ok
20:34:30.0557 1484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:34:30.0557 1484 sffdisk - ok
20:34:30.0557 1484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:34:30.0557 1484 sffp_mmc - ok
20:34:30.0573 1484 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:34:30.0573 1484 sffp_sd - ok
20:34:30.0604 1484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:34:30.0604 1484 sfloppy - ok
20:34:30.0635 1484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:34:30.0651 1484 SiSRaid2 - ok
20:34:30.0666 1484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:34:30.0666 1484 SiSRaid4 - ok
20:34:30.0697 1484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:34:30.0697 1484 Smb - ok
20:34:30.0760 1484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:34:30.0760 1484 spldr - ok
20:34:30.0807 1484 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:34:30.0807 1484 srv - ok
20:34:30.0838 1484 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:34:30.0838 1484 srv2 - ok
20:34:30.0869 1484 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:34:30.0869 1484 srvnet - ok
20:34:30.0931 1484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:34:30.0931 1484 stexstor - ok
20:34:30.0963 1484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:34:30.0963 1484 swenum - ok
20:34:31.0041 1484 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\windows\system32\DRIVERS\tapoas.sys
20:34:31.0041 1484 tapoas - ok
20:34:31.0103 1484 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
20:34:31.0119 1484 Tcpip - ok
20:34:31.0243 1484 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
20:34:31.0259 1484 TCPIP6 - ok
20:34:31.0290 1484 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:34:31.0290 1484 tcpipreg - ok
20:34:31.0306 1484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:34:31.0306 1484 TDPIPE - ok
20:34:31.0321 1484 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:34:31.0321 1484 TDTCP - ok
20:34:31.0337 1484 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:34:31.0337 1484 tdx - ok
20:34:31.0368 1484 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:34:31.0368 1484 TermDD - ok
20:34:31.0446 1484 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:34:31.0462 1484 tssecsrv - ok
20:34:31.0493 1484 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:34:31.0493 1484 tunnel - ok
20:34:31.0540 1484 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\windows\system32\DRIVERS\TurboB.sys
20:34:31.0540 1484 TurboB - ok
20:34:31.0555 1484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:34:31.0555 1484 uagp35 - ok
20:34:31.0602 1484 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
20:34:31.0602 1484 udfs - ok
20:34:31.0618 1484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:34:31.0618 1484 uliagpkx - ok
20:34:31.0649 1484 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:34:31.0649 1484 umbus - ok
20:34:31.0680 1484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:34:31.0680 1484 UmPass - ok
20:34:31.0743 1484 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
20:34:31.0743 1484 USBAAPL64 - ok
20:34:31.0789 1484 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:34:31.0789 1484 usbccgp - ok
20:34:31.0821 1484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:34:31.0821 1484 usbcir - ok
20:34:31.0852 1484 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:34:31.0852 1484 usbehci - ok
20:34:31.0883 1484 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:34:31.0899 1484 usbhub - ok
20:34:31.0914 1484 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:34:31.0914 1484 usbohci - ok
20:34:31.0945 1484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:34:31.0961 1484 usbprint - ok
20:34:31.0992 1484 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:34:32.0008 1484 usbscan - ok
20:34:32.0023 1484 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS
20:34:32.0039 1484 USBSTOR - ok
20:34:32.0070 1484 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:34:32.0070 1484 usbuhci - ok
20:34:32.0101 1484 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:34:32.0101 1484 usbvideo - ok
20:34:32.0164 1484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:34:32.0164 1484 vdrvroot - ok
20:34:32.0211 1484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:34:32.0211 1484 vga - ok
20:34:32.0242 1484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:34:32.0242 1484 VgaSave - ok
20:34:32.0257 1484 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:34:32.0257 1484 vhdmp - ok
20:34:32.0273 1484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:34:32.0273 1484 viaide - ok
20:34:32.0304 1484 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:34:32.0304 1484 volmgr - ok
20:34:32.0335 1484 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:34:32.0335 1484 volmgrx - ok
20:34:32.0351 1484 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:34:32.0351 1484 volsnap - ok
20:34:32.0398 1484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:34:32.0398 1484 vsmraid - ok
20:34:32.0413 1484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:34:32.0413 1484 vwifibus - ok
20:34:32.0429 1484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:34:32.0429 1484 vwififlt - ok
20:34:32.0476 1484 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:34:32.0476 1484 vwifimp - ok
20:34:32.0491 1484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:34:32.0491 1484 WacomPen - ok
20:34:32.0538 1484 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:34:32.0538 1484 WANARP - ok
20:34:32.0554 1484 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:34:32.0554 1484 Wanarpv6 - ok
20:34:32.0601 1484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:34:32.0601 1484 Wd - ok
20:34:32.0632 1484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:34:32.0632 1484 Wdf01000 - ok
20:34:32.0679 1484 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
20:34:32.0679 1484 wdkmd - ok
20:34:32.0741 1484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:34:32.0741 1484 WfpLwf - ok
20:34:32.0788 1484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:34:32.0788 1484 WIMMount - ok
20:34:32.0866 1484 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
20:34:32.0866 1484 WinUsb - ok
20:34:32.0928 1484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:34:32.0928 1484 WmiAcpi - ok
20:34:32.0959 1484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:34:32.0959 1484 ws2ifsl - ok
20:34:32.0991 1484 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:34:32.0991 1484 WudfPf - ok
20:34:33.0022 1484 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:34:33.0022 1484 WUDFRd - ok
20:34:33.0084 1484 yukonw7 (918cfcdbb6c297c53788b926954da907) C:\windows\system32\DRIVERS\yk62x64.sys
20:34:33.0084 1484 yukonw7 - ok
20:34:33.0147 1484 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:34:33.0256 1484 \Device\Harddisk0\DR0 - ok
20:34:33.0256 1484 Boot (0x1200) (324f3050fa77d8e1f23f0c20651acfc1) \Device\Harddisk0\DR0\Partition0
20:34:33.0256 1484 \Device\Harddisk0\DR0\Partition0 - ok
20:34:33.0271 1484 Boot (0x1200) (8271aea1be55250c2329a266f3502767) \Device\Harddisk0\DR0\Partition1
20:34:33.0271 1484 \Device\Harddisk0\DR0\Partition1 - ok
20:34:33.0303 1484 Boot (0x1200) (ace5640f199cfbdc3bb6d269f1f35cf1) \Device\Harddisk0\DR0\Partition2
20:34:33.0303 1484 \Device\Harddisk0\DR0\Partition2 - ok
20:34:33.0303 1484 ============================================================
20:34:33.0303 1484 Scan finished
20:34:33.0303 1484 ============================================================
20:34:33.0303 1476 Detected object count: 0
20:34:33.0303 1476 Actual detected object count: 0
20:35:45.0281 1452 Deinitialize success
spikenla
2011-10-22, 04:30
I tried it again...
OTL logfile created on: 10/21/2011 9:24:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.79 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 84.50% Memory free
7.58 Gb Paging File | 7.01 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.00 Gb Total Space | 161.20 Gb Free Space | 69.19% Space Free | Partition Type: NTFS
Drive D: | 347.24 Gb Total Space | 347.10 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Toolbar Updater Service) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (bpmp) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://samsung.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.119.41.211:3127
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/09/27 19:45:50 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll (McAfee, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20BDD4B1-3B6D-4654-B871-7FE11208D05E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e073ceb6-6059-11e0-891c-ebde2bc4079c}\Shell - "" = AutoRun
O33 - MountPoints2\{e073ceb6-6059-11e0-891c-ebde2bc4079c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/21 21:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/10/21 20:29:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/10/21 20:09:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/21 15:04:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/21 15:04:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/21 15:04:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/21 15:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 15:01:02 | 004,269,231 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2011/10/21 11:24:50 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\TDSSKiller.exe
[2011/10/20 15:34:55 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR.exe
[2011/10/20 07:31:51 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/20 07:14:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/10/20 07:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/19 04:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/18 01:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/18 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/15 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/15 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/15 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/15 22:07:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\VS Revo Group
[2011/10/15 22:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/10/15 22:07:12 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2011/10/15 22:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/13 19:39:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/13 19:39:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/13 19:39:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/13 19:39:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/13 19:39:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/13 19:39:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/10/13 19:39:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/13 19:39:04 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/10/13 19:39:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/10/13 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/13 12:18:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/13 12:18:43 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/13 12:18:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2011/10/13 12:18:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2011/10/13 12:18:43 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/13 12:18:43 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax
[2011/10/13 12:18:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/13 12:18:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax
[2011/10/13 12:18:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax
[2011/10/13 12:18:43 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax
[2011/10/13 12:18:41 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/13 12:18:41 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/10/10 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
[2011/10/03 13:00:33 | 000,000,000 | ---D | C] -- C:\windows\Minidump
========== Files - Modified Within 30 Days ==========
[2011/10/21 21:00:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/21 21:00:07 | 367,731,687 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/21 21:00:04 | 4070,748,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 20:46:43 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 20:46:43 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 20:40:22 | 000,000,410 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job
[2011/10/21 20:35:39 | 000,001,075 | ---- | M] () -- C:\Users\Aaron\Desktop\TDSSKiller.2.6.12.0_21.10.2011_20.34.12_log - Shortcut.lnk
[2011/10/21 20:29:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/10/21 20:29:08 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\TDSSKiller.exe
[2011/10/21 15:41:17 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/10/21 15:00:58 | 004,269,231 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2011/10/21 06:20:25 | 000,080,384 | ---- | M] () -- C:\Users\Aaron\Desktop\MBRCheck.exe
[2011/10/20 15:40:08 | 000,000,512 | ---- | M] () -- C:\Users\Aaron\Desktop\MBR.dat
[2011/10/20 15:35:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR.exe
[2011/10/20 07:36:03 | 000,006,580 | ---- | M] () -- C:\Users\Aaron\Desktop\Attach.zip
[2011/10/20 07:14:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/10/20 07:12:59 | 000,000,905 | ---- | M] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2011/10/16 19:55:40 | 000,000,734 | ---- | M] () -- C:\Users\Aaron\Desktop\hosts.old
[2011/10/16 19:32:30 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3685146816-85811682-3049726123-1001UA.job
[2011/10/15 22:46:18 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/15 20:32:26 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3685146816-85811682-3049726123-1001Core.job
[2011/10/13 20:25:09 | 000,425,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/13 19:57:30 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/13 19:57:30 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/13 19:57:30 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/08 18:57:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/03 13:27:18 | 001,628,490 | ---- | M] () -- C:\Users\Aaron\Documents\Trade-in Receipt _ NextWorth.pdf
[2011/09/26 22:32:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2011/10/21 20:35:39 | 000,001,075 | ---- | C] () -- C:\Users\Aaron\Desktop\TDSSKiller.2.6.12.0_21.10.2011_20.34.12_log - Shortcut.lnk
[2011/10/21 15:41:17 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/10/21 15:04:02 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/21 15:04:02 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/21 15:04:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/21 15:04:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/21 15:04:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/21 06:20:01 | 000,080,384 | ---- | C] () -- C:\Users\Aaron\Desktop\MBRCheck.exe
[2011/10/20 15:40:08 | 000,000,512 | ---- | C] () -- C:\Users\Aaron\Desktop\MBR.dat
[2011/10/20 07:36:03 | 000,006,580 | ---- | C] () -- C:\Users\Aaron\Desktop\Attach.zip
[2011/10/20 07:12:59 | 000,000,905 | ---- | C] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2011/10/15 22:46:18 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/15 20:34:35 | 000,000,734 | ---- | C] () -- C:\Users\Aaron\Desktop\hosts.old
[2011/10/08 18:57:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/03 13:27:18 | 001,628,490 | ---- | C] () -- C:\Users\Aaron\Documents\Trade-in Receipt _ NextWorth.pdf
[2011/10/03 13:00:28 | 367,731,687 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/02/21 11:57:26 | 000,000,017 | ---- | C] () -- C:\Users\Aaron\AppData\Local\resmon.resmoncfg
[2010/12/08 12:23:55 | 002,427,248 | ---- | C] () -- C:\windows\SysWow64\pbsvc_heroes.exe
[2010/12/06 16:08:57 | 000,038,407 | ---- | C] () -- C:\windows\scunin.dat
[2010/09/29 14:16:02 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/09/29 14:16:02 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/09/29 14:16:02 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/09/29 14:16:01 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/09/29 14:15:59 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/09/28 22:53:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/09/28 22:13:28 | 000,002,134 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/02/04 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Amazon
[2011/09/10 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2011/06/19 23:00:57 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Electronic Arts
[2011/10/20 09:48:19 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\FinalMediaPlayer
[2011/10/17 10:14:02 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\redsn0w
[2011/10/21 20:40:22 | 000,000,410 | ---- | M] () -- C:\windows\Tasks\Final Media Player Update Checker.job
[2011/10/21 20:47:40 | 000,032,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
spikenla
2011-10-22, 04:31
OTL Extras logfile created on: 10/21/2011 9:24:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.79 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 84.50% Memory free
7.58 Gb Paging File | 7.01 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.00 Gb Total Space | 161.20 Gb Free Space | 69.19% Space Free | Partition Type: NTFS
Drive D: | 347.24 Gb Total Space | 347.10 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}" = SRS Premium Sound Control Panel
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel(R) Wireless Display
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Elantech" = ETDWare PS/2-X64 8.0.7.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = MultimediaPOP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5F44BE9A-1464-4C70-A383-8837828C62B9}" = BatteryLifeExtender
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D6C3C0-B209-4572-B2D2-ABFF0A30970D}" = Easy Network Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DA5CA9-5576-4E77-8D83-5FCA5DF9ACF1}_is1" = Shadow Era version 1.277
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}" = RingtoneJunkiez Desktop
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"conduitEngine" = Conduit Engine
"ERUNT_is1" = ERUNT 1.1j
"FinalMediaPlayer_is1" = Final Media Player 2011
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Marvell Miniport Driver" = Marvell Miniport Driver
"MSC" = McAfee SecurityCenter
"NVIDIA.Updatus" = NVIDIA Updatus
"Starcraft" = Starcraft
"StartNow Toolbar" = StartNow Toolbar 2.0
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trusted Software Assistant_is1" = File Type Assistant
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Kindle For PC" = Amazon Kindle For PC
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2011 5:47:17 AM | Computer Name = Aaron-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(90:27:e4:5a:c5:05@fe80::9227:e4ff:fe5a:c505._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 10/19/2011 5:52:29 AM | Computer Name = Aaron-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8
Error - 10/19/2011 5:52:38 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: dnsrslvr.dll, version: 6.1.7600.16772,
time stamp: 0x4d6f2f82 Exception code: 0xc0000005 Fault offset: 0x00000000000018df
Faulting
process id: 0x488 Faulting application start time: 0x01cc8e44ba64a5ea Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: c:\windows\system32\dnsrslvr.dll
Report
Id: 13a2a055-fa38-11e0-b0f2-8bc87164fea1
Error - 10/19/2011 6:11:59 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 10/19/2011 6:12:48 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 10/19/2011 2:01:56 PM | Computer Name = AARON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WLIDSVC.EXE, version: 7.250.4225.0, time
stamp: 0x4c9927ce Faulting module name: WLIDSVC.EXE, version: 7.250.4225.0, time
stamp: 0x4c9927ce Exception code: 0xc0000005 Fault offset: 0x00000000000a6759 Faulting
process id: 0x8e0 Faulting application start time: 0x01cc8e89274b3662 Faulting application
path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE Faulting
module path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Report
Id: 6e8bb1ad-fa7c-11e0-a3fb-832e9d692aa0
Error - 10/19/2011 2:01:57 PM | Computer Name = Aaron-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8
Error - 10/19/2011 2:11:22 PM | Computer Name = Aaron-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(90:27:e4:5a:c5:05@fe80::9227:e4ff:fe5a:c505._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 10/19/2011 7:44:03 PM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7600.20537,
time stamp: 0x4ac2d496 Faulting module name: MSUTB.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdfba Exception code: 0xc0000409 Fault offset: 0x0000000000001217
Faulting
process id: 0x728 Faulting application start time: 0x01cc8eb8d7093543 Faulting application
path: C:\windows\system32\taskhost.exe Faulting module path: C:\windows\system32\MSUTB.dll
Report
Id: 39586ddb-faac-11e0-8005-afaccabaafae
Error - 10/19/2011 7:44:06 PM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122 Faulting module name: msutb.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdfba Exception code: 0xc0000409 Fault offset: 0x0000000000001217
Faulting
process id: 0x848 Faulting application start time: 0x01cc8eb8d747190a Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\windows\system32\msutb.dll
Report
Id: 3b27448c-faac-11e0-8005-afaccabaafae
[ System Events ]
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:08 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:10 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:10 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 10/21/2011 10:07:10 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
< End of report >
Hi spikenla,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
SRV - (Toolbar Updater Service) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.119.41.211:3127
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{e073ceb6-6059-11e0-891c-ebde2bc4079c}\Shell - "" = AutoRun
O33 - MountPoints2\{e073ceb6-6059-11e0-891c-ebde2bc4079c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptyflash]
[clearallrestorepoints]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
spikenla
2011-10-22, 17:13
OTL logfile created on: 10/22/2011 10:05:27 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.79 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 86.30% Memory free
7.58 Gb Paging File | 7.07 Gb Available in Paging File | 93.31% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.00 Gb Total Space | 161.56 Gb Free Space | 69.34% Space Free | Partition Type: NTFS
Drive D: | 347.24 Gb Total Space | 347.10 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (bpmp) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://samsung.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/09/27 19:45:50 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
O1 HOSTS File: ([2011/10/22 09:52:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll (McAfee, Inc.)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E96EAC7-C9DD-4B69-B739-9AA123F25AEE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20BDD4B1-3B6D-4654-B871-7FE11208D05E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/22 09:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/10/22 09:52:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/21 20:29:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/10/21 20:09:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/21 15:04:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/21 15:04:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/21 15:04:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/21 15:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 15:01:02 | 004,269,231 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2011/10/21 11:24:50 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\TDSSKiller.exe
[2011/10/20 15:34:55 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR.exe
[2011/10/20 07:31:51 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/20 07:14:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/10/20 07:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/19 04:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/18 01:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/18 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/15 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/15 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/15 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/15 22:07:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\VS Revo Group
[2011/10/15 22:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/10/15 22:07:12 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2011/10/15 22:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/13 19:39:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/13 19:39:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/13 19:39:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/13 19:39:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/13 19:39:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/13 19:39:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/10/13 19:39:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/13 19:39:04 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/10/13 19:39:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/10/13 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/13 12:18:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/13 12:18:43 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/13 12:18:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2011/10/13 12:18:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2011/10/13 12:18:43 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/13 12:18:43 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax
[2011/10/13 12:18:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/13 12:18:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax
[2011/10/13 12:18:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax
[2011/10/13 12:18:43 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax
[2011/10/13 12:18:41 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/13 12:18:41 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/10/10 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
[2011/10/03 13:00:33 | 000,000,000 | ---D | C] -- C:\windows\Minidump
========== Files - Modified Within 30 Days ==========
[2011/10/22 09:57:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/22 09:56:51 | 427,658,911 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/22 09:56:51 | 4070,748,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 09:55:11 | 000,000,410 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job
[2011/10/22 09:52:54 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/10/21 20:46:43 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 20:46:43 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 20:35:39 | 000,001,075 | ---- | M] () -- C:\Users\Aaron\Desktop\TDSSKiller.2.6.12.0_21.10.2011_20.34.12_log - Shortcut.lnk
[2011/10/21 20:29:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/10/21 20:29:08 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\TDSSKiller.exe
[2011/10/21 15:41:17 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/10/21 15:00:58 | 004,269,231 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2011/10/21 06:20:25 | 000,080,384 | ---- | M] () -- C:\Users\Aaron\Desktop\MBRCheck.exe
[2011/10/20 15:40:08 | 000,000,512 | ---- | M] () -- C:\Users\Aaron\Desktop\MBR.dat
[2011/10/20 15:35:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR.exe
[2011/10/20 07:36:03 | 000,006,580 | ---- | M] () -- C:\Users\Aaron\Desktop\Attach.zip
[2011/10/20 07:14:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/10/20 07:12:59 | 000,000,905 | ---- | M] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2011/10/16 19:55:40 | 000,000,734 | ---- | M] () -- C:\Users\Aaron\Desktop\hosts.old
[2011/10/16 19:32:30 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3685146816-85811682-3049726123-1001UA.job
[2011/10/15 22:46:18 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/15 20:32:26 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3685146816-85811682-3049726123-1001Core.job
[2011/10/13 20:25:09 | 000,425,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/13 19:57:30 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/13 19:57:30 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/13 19:57:30 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/08 18:57:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/03 13:27:18 | 001,628,490 | ---- | M] () -- C:\Users\Aaron\Documents\Trade-in Receipt _ NextWorth.pdf
[2011/09/26 22:32:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2011/10/21 20:35:39 | 000,001,075 | ---- | C] () -- C:\Users\Aaron\Desktop\TDSSKiller.2.6.12.0_21.10.2011_20.34.12_log - Shortcut.lnk
[2011/10/21 15:41:17 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/10/21 15:04:02 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/21 15:04:02 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/21 15:04:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/21 15:04:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/21 15:04:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/21 06:20:01 | 000,080,384 | ---- | C] () -- C:\Users\Aaron\Desktop\MBRCheck.exe
[2011/10/20 15:40:08 | 000,000,512 | ---- | C] () -- C:\Users\Aaron\Desktop\MBR.dat
[2011/10/20 07:36:03 | 000,006,580 | ---- | C] () -- C:\Users\Aaron\Desktop\Attach.zip
[2011/10/20 07:12:59 | 000,000,905 | ---- | C] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2011/10/15 22:46:18 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/15 20:34:35 | 000,000,734 | ---- | C] () -- C:\Users\Aaron\Desktop\hosts.old
[2011/10/08 18:57:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/03 13:27:18 | 001,628,490 | ---- | C] () -- C:\Users\Aaron\Documents\Trade-in Receipt _ NextWorth.pdf
[2011/10/03 13:00:28 | 427,658,911 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/02/21 11:57:26 | 000,000,017 | ---- | C] () -- C:\Users\Aaron\AppData\Local\resmon.resmoncfg
[2010/12/08 12:23:55 | 002,427,248 | ---- | C] () -- C:\windows\SysWow64\pbsvc_heroes.exe
[2010/12/06 16:08:57 | 000,038,407 | ---- | C] () -- C:\windows\scunin.dat
[2010/09/29 14:16:02 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/09/29 14:16:02 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/09/29 14:16:02 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/09/29 14:16:01 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/09/29 14:15:59 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/09/28 22:53:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/09/28 22:13:28 | 000,002,134 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
Hi spikenla,
Please do the following:
Hold down the Windows key and press R to open a run box
type the following text into the run box
appwiz.cpl
This will open your Programs And Features. A list of installed programs will populate
Remove the following programs:
BitTorrentBar Toolbar
Conduit Engine
----------
P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
----------
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.
Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish
http://www.eset.com/onlinescan/
----------
In your next reply please post the logs created by Malwarebytes and ESET online scanner.
How is your system running right now? :)
spikenla
2011-10-23, 02:55
I was unable to uninstall:
BitTorrentBar Toolbar
Conduit Engine
The bitTorrent toolbar kept giving me an error, and nothing happened when I attempted to uninstall Conduit Engine.
I was able complete the Malwarebytes scan, but not the eset scan. My cpu crashed evertime I tried to download it. I tried on both IE and Chrome.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8002
Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421
10/22/2011 7:11:54 PM
mbam-log-2011-10-22 (19-11-54).txt
Scan type: Quick scan
Objects scanned: 218677
Time elapsed: 1 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Aaron\downloads\golf.exe (PUP.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Aaron\downloads\winelec.exe (PUP.RelevantKnowledge) -> Quarantined and deleted successfully.
I was unable to uninstall:
BitTorrentBar Toolbar
Conduit Engine
The bitTorrent toolbar kept giving me an error, and nothing happened when I attempted to uninstall Conduit Engine.Don't worry about these. We can come back to them later. :)
Let's try a different online scan:
Do an online scan with BitDefender QuickScan.
Please be patient as scanning may take some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://quickscan.bitdefender.com/) to go to BitDefender QuickScan page.
For Firefox users:
Click on Free Scan Now. You will be prompted to install a plug-in. Please Allow. In case you get stuck, please refresh the page to try again.
A Software Installation window will appear. Click Install Now and the plugin will be installed as an Add-on.
Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.
For Internet Explorer users:
Click on Free Scan Now. You will be prompted to install an ActiveX control. Please install.
The page will refresh. Click on Free Scan Now again and proceed accordingly.
When scan has completed, click on View report and a Notepad log shall open.
If there are any infections found, you will get a warning and the link to the report will be displayed as the number of infections. Click on it.
Post back the contents of this report. It can also be found at C:\Documents and Settings\<username>\Application Data\QuickScan, <username> is the Windows log-in name.
spikenla
2011-10-23, 04:27
QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Sat Oct 22 21:23:13 2011
Machine ID: 40D67F16
No infection found.
-------------------
Processes
---------
Windows® Internet Explorer 1396 C:\PROGRA~2\INTERN~1\iexplore.exe
Windows® Internet Explorer 1400 C:\PROGRA~2\INTERN~1\iexplore.exe
Windows® Internet Explorer 1880 C:\PROGRA~2\INTERN~1\iexplore.exe
Network activity
----------------
Process iexplore.exe (1400) connected on port 443 (HTTP over SSL) --> 74.125.159.95
Process iexplore.exe (1400) connected on port 443 (HTTP over SSL) --> 74.125.159.95
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 174.76.226.9
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 174.76.226.9
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 174.76.226.33
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 174.76.226.33
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 74.125.227.5
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 74.125.227.5
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 69.171.229.16
Process iexplore.exe (1400) connected on port 80 (HTTP) --> 69.171.229.16
Process iexplore.exe (1880) connected on port 80 (HTTP) --> 68.142.250.161
Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Google Talk C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe
Internet Explorer C:\Program Files (x86)\Internet Explorer
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\BCSSync.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
MobileMe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Monitor Application C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
NVIDIA D3D shim drivers c:\windows\syswow64\nvinit.dll
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Google Update C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Battlefield Play4Free Updater C:\windows\Downloaded Program Files\BP4FUpdater.dll
Battlefield Play4Free Updater C:\windows\Downloaded Program Files\BP4FUpdater.exe
BitDefender QuickScan C:\Windows\Downloaded Program Files\CONFLICT.1\qsax.dll
BitDefender QuickScan C:\windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
EA Battlefield Heroes Updater C:\windows\Downloaded Program Files\BFHUpdater.dll
EA Battlefield Heroes Updater C:\windows\Downloaded Program Files\BFHUpdater.exe
Game Face Plugin C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
Google Talk Plugin C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
Google Talk Plugin Video Accelerator C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
Google Update C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
Java(TM) Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
McAfee SiteAdvisor c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
McAfee SiteAdvisor C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
McAfee SiteAdvisor C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Unity Player C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
VSCORE C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
w2pbrowser.dll c:\program files\samsung anyweb print\w2pbrowser.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll
Missing files
-------------
File not found: C:\Windows\System32\StikyNot.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"RESTART_STICKY_NOTES"
Scan
----
MD5: f042ee4c8d66248d9b86dcf52abae416 C:\ComboFix\pev.3XE
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: e5ddabd42ecb6e24cb1a19a2bc8f1f98 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 11a52cf7b265631deeb24c6149309eff C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: f7dd2d785280db73dc9060f80361befb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: d8e18021f91ad79ca8491cb5a5da22d4 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 42cdfb2273eec623b903c311b19fb484 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: d10f1b2d6d39a7ffcd4e9575f570617a C:\Program Files (x86)\Common Files\McAfee\SystemCore\mcshield.dll
MD5: 3b13e3967ad0f878ea70ddbe21d0c8ba C:\Program Files (x86)\Common Files\McAfee\SystemCore\mytilus3.dll
MD5: 9ce0ae7e1cac5deaecd021333dfc004b C:\Program Files (x86)\Common Files\McAfee\SystemCore\mytilus3_worker.dll
MD5: 86aba316b68e49a78c4556350cc182f5 C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110904213146.dll
MD5: e9901a7e569c4156fda69f5c9356b8ed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MD5: 8ad5de1f4eba106365f65cdf8bc2f1bf c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 417297b2b9aabe748bb7f3a1e1aa1418 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7ccaebcab6fc1ed0206c07e083e79207 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
MD5: 6ef066116affc6dd3b090789a75387f5 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
MD5: 4735b3050c0d6f9dc571451298c54fa0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
MD5: 465a33bae8fa29dd4aa01c468698da4c C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: d9d5b8876afaef641fa71cf40ebfa4f2 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 7e6606af3b33b76c9d539bb07478058c C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: ef900ef15f71bb7ac415bd5cef90b56d C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 24a7d535bd9e58e5bc1ac52ef7e2ec8e C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
MD5: 4e993cf5bcf1de60af4c88dfc7deb2b5 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
MD5: 9df36b181745a7566a493a201af30007 c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
MD5: 88868433345274d5771a7d656d07d4d9 C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
MD5: 676ccc08d9e9a3f4ca39cb04e97048df C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MD5: fb8c6a46eaf7585d2ca8583c4c9a8edf C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files (x86)\microsoft office\office14\urlredir.dll
MD5: ce6db25ffa35fd051c503f11db745862 C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 812bf9531c827e1d8029843cddb2b5d6 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 5839a8027d6d324a7cd494051a96628c C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
MD5: c6576cee9889fab684b176318a96099e C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f424c93e849872c91c4e5c1704995384 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: b67040947c9a51709783f605fcb34325 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: 458a013df72eaab91877fa03533e2c8b C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
MD5: 3ccbb86680a7390078f540bf5a57315f C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
MD5: ad2b622b46b78f212eb82330073b79e0 C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
MD5: 6debf42ac97831be3f2bb71a0b0b1579 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
MD5: f5783f6424e3785a91e0cee41374a161 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 6564e84b1522c12ea1c3a181ed03276f C:\Program Files\Intel\TurboBoost\TurboBoost.exe
MD5: 75a9246254dc8f193548544eb4a0a313 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: d733241b0c2b51f0dfd79c9ea7a5a946 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
MD5: 8686e96e13f41ac9806a79ca8004feee C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
MD5: 61458c120cddfe7514e2db125568ca59 C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
MD5: 7cd5129b3fec89d508ac0b7ef210e763 C:\Program Files\iPod\bin\iPodService.exe
MD5: c080d975ebbf3fd749f25b94bbee5624 C:\Program Files\McAfee.com\Agent\mcagent.exe
MD5: c530fdfd6799b84ca6433aa126c6cbc1 C:\Program Files\McAfee\VirusScan\mcods.exe
MD5: 1fad6aca65366e1aff10ec6b02f47a84 C:\Program Files\Microsoft Office\Office14\BCSSync.exe
MD5: 2fb1f832a6f93d3dc83bab044328699e C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
MD5: 62f2a1dc24d176cac0fcbce34daeb7b9 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MD5: 1cb6eba08e6b5c566295b8dc3708d7ba c:\program files\samsung anyweb print\w2pbrowser.dll
MD5: 084893d490a4b386efab5d84d4b15b83 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 904e13ba41af2e353a32cf351ca53639 C:\PROGRA~2\INTERN~1\iexplore.exe
MD5: 56fc8294fbbb6c793b6c3ad277f512aa C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
MD5: 0d54bde041a1b094adb33648dce3fcfa C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
MD5: c78cb29c3070530a08aca4cc3e4b89f3 C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: e66945f023fc0b42ddcc81a37ed7e28f C:\Users\Aaron\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
MD5: bcd9cbf0621f9a6767276a2e0bf1dd15 C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe
MD5: d7940f3553ab8377088078767e71ddb8 C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
MD5: d4ad919d2632c54a9035c6de7403d2a0 C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
MD5: 90a2f1892544ac2425281db0b886c486 C:\windows\Downloaded Program Files\BFHUpdater.dll
MD5: 163e55df9d78c2c9dff1555ecd90edce C:\windows\Downloaded Program Files\BFHUpdater.exe
MD5: 404acbfe634560f39abeb30394fcac84 C:\windows\Downloaded Program Files\BP4FUpdater.dll
MD5: 6f182c4e686855323c7e71b6123ca5d5 C:\windows\Downloaded Program Files\BP4FUpdater.exe
MD5: 823451876778f382b23afe20ef2ddc20 C:\Windows\Downloaded Program Files\CONFLICT.1\qsax.dll
MD5: 823451876778f382b23afe20ef2ddc20 C:\windows\Downloaded Program Files\qsax.dll
MD5: caa6da8a2c6f3b55e9754cca1a4e2fa7 C:\windows\ehome\ehRecvr.exe
MD5: 10f4ca917444d345a3873d99ce960f81 C:\windows\ehome\ehsched.exe
MD5: 0862495e0c825893db75ef44faea8e93 C:\windows\Explorer.exe
MD5: e548ee750fe0d277dbb354889415f541 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
MD5: bb4efa8f5670a417c848eec7200f9997 C:\windows\system32\Adobe\Director\np32dsw.dll
MD5: 5f3bdb02d64443efca7dd9248619c962 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 225e83f591113adec764afba0ab12593 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 0a58da99321d95944e796541a716cbf5 C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ea93d50a341350321c96208f651408d0 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 267aff1ea665dbe422276601989efff3 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3927fdfe073338428a24160e427e87a3 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 56b798396b5ad9fb064528b638a6008f C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 88955bce0a301ca342562be24415d9cc C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: a5750894aefe1d57cf8c460ea4065748 C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: b3758364d42bbdba18383f010fb7cfcd C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 20f76c488929b6288733888bffe62f65 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: daef44b6ff4aec4533bab3761310d4a5 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: c13d2932297d3597fea7b6902efc117d C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 69ac43aae61eec7625726b377ccaaa13 C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: a2903ece1d115fea38bb07e01c122b5e C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 74c46bfdf7bb7a42f4e943a1dfaccdd0 C:\windows\system32\d2d1.dll
MD5: 265bfd1dc5929b88fa19209fbd27caee C:\windows\system32\d3d10_1.dll
MD5: 029e2a480ce2020df097e535a2311712 C:\windows\system32\d3d10_1core.dll
MD5: cf656a649cdd022327e332a7a49f96e3 C:\windows\system32\d3d10core.dll
MD5: 524408d5127f14b71e574d80f2f0924f C:\windows\system32\D3D10Warp.dll
MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\windows\system32\DEVRTL.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\windows\system32\dnsapi.DLL
MD5: 2c52b617edb9cdc636fd3a6e6b06abc1 C:\windows\system32\dwmapi.dll
MD5: ee7a4a082605add85709e813d9211f83 C:\windows\system32\DWrite.dll
MD5: d8ff7c12516ccd820c647091b683d602 C:\windows\system32\explorer.exe
MD5: 325796dc7b4bc5dc52030301cb0ee88d C:\windows\system32\explorerframe.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\windows\system32\IEADVPACK.DLL
MD5: f0f079a8a947fcfbf8275be7ec1a35ae C:\windows\system32\IEFRAME.dll
MD5: 83424cf46ffef33736df95c6db52f4bb C:\windows\system32\IEUI.dll
MD5: 8aba7dbfc0dae718245e4569ab0477f6 C:\windows\system32\JScript.dll
MD5: ef33e396b60a59cfd34f3096feacf21b C:\windows\system32\JScript9.dll
MD5: 5c99f92b3c4cfcdf928258c2e838d000 C:\windows\system32\LZ32.dll
MD5: 04e0cd31a63dfc0d73725a3d1768fb5a C:\windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\windows\system32\msls31.dll
MD5: bd669749eaeff96773b5f8d0a43e0068 C:\windows\System32\msxml3.dll
MD5: 5f856156f709df40b42d36ae8a0f0695 C:\windows\System32\msxml6.dll
MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\windows\system32\OLEACC.dll
MD5: 6ff0a8b9889def15651825f5c1e70235 C:\windows\system32\rasadhlp.dll
MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\windows\system32\SearchIndexer.exe
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\windows\system32\SPFILEQ.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\windows\system32\VBScript.dll
MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\windows\System32\wcncsvc.dll
MD5: e3f76221f4c3258279a7dc8d7836dcf3 C:\windows\System32\webclnt.dll
MD5: bf4f11476ca6f96b8bf04d99496a06d5 C:\windows\System32\winhttp.dll
MD5: 2cff5a86d1ec493c5c03ee8f259d7e46 C:\windows\system32\WsmSvc.dll
MD5: 0c2ae180d8c35f723ba13a16aa9ac453 C:\windows\system32\xmllite.dll
MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\windows\syswow64\CFGMGR32.dll
MD5: deb42beb298ff9fe38b3302df5658005 C:\windows\syswow64\CRYPT32.dll
MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\windows\syswow64\DEVOBJ.dll
MD5: 4ca0dba9e224473d664c25e411f5a3bd C:\windows\SysWOW64\drivers\rtport.sys
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: f0f079a8a947fcfbf8275be7ec1a35ae c:\windows\syswow64\ieframe.dll
MD5: 0d78a3c39959aac62de9aa1f41712d9e C:\windows\syswow64\iertutil.dll
MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\windows\syswow64\kernel32.dll
MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\windows\syswow64\KERNELBASE.dll
MD5: c1377779618cf33afcef5299309dbef6 C:\windows\SysWOW64\Macromed\Flash\Flash10x.ocx
MD5: 4b381e429a2982dde8c0aeaae75a65e9 C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 5ed76a46eff78575f99d3bf3302889cf C:\windows\SysWOW64\ntdll.dll
MD5: 1072ff485783259b90adf3c9b29858d8 c:\windows\syswow64\nvinit.dll
MD5: 063f5dd2ee8f05b2ca03c81af5f850f5 C:\windows\syswow64\ole32.dll
MD5: 705c210efc5564be49eb026bd7aff27a C:\windows\syswow64\OLEAUT32.dll
MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\windows\SysWOW64\schannel.dll
MD5: 3bf5881cb3d3402ade70be9e96e18c67 C:\windows\syswow64\urlmon.dll
MD5: d3788d91530cfa005bd516189a4c676e C:\windows\syswow64\WININET.dll
MD5: cb4d5284dc7820944a90c4dc85ac173b C:\windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: c6c69223a053e90b66d9729a9ee30c6a C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
The following file(s) must be uploaded for server-side scanning:
C:\windows\system32\rasadhlp.dll
C:\windows\system32\d3d10_1.dll
C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\windows\System32\winhttp.dll
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\webclnt.dll
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
C:\windows\system32\d3d10core.dll
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\ehome\ehsched.exe
C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
C:\Program Files (x86)\Common Files\McAfee\SystemCore\mcshield.dll
C:\windows\system32\dwmapi.dll
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Upload started - 28 file(s)
ehsched.exe (127488)
mscorsvw.exe (138576)
Monitor.exe (193880)
mcshield.exe (200056)
LMS.exe (268824)
PanDhcpDns.exe (340240)
iTunesHelper.exe (421736)
mDNSResponder.exe (462184)
mcods.exe (509416)
ehRecvr.exe (696320)
RegSrvc.exe (831760)
iPodService.exe (934760)
AdobeARM.exe (937920)
rasadhlp.dll (11776)
dwmapi.dll (67072)
WLIDNSP.DLL (145280)
ATL90.DLL (159048)
d3d10_1.dll (161792)
WLIDNSP.DLL (170880)
d3d10core.dll (190464)
ieproxy.dll (193536)
webclnt.dll (204800)
npmcffplg32.dll (218992)
winhttp.dll (350720)
mcshield.dll (377120)
windowslivelogin.dll (439168)
npUnity3D32.dll (476632)
COMCTL32.dll (530432)
Upload speed - 102 KB/s
Upload finished - 28 uploaded, 0 failed
The uploaded file(s) were found clean.
Scan finished - communication took 93 sec
Total traffic - 9.33 MB sent, 0.43 KB recvd
Scanned 311 files and modules - 115 seconds
==============================================================================
Things are looking good.
Run another scan with ComboFix and then post that log into your next reply.
How is your system running?
spikenla
2011-10-23, 05:10
My CPU is still crashing before combofix can complete scan.
Hi spikenla,
I see that you are running Windows 7; however, the most recent update to Windows 7 is service pack 1. Please go here (http://www.microsoft.com/download/en/details.aspx?id=5842) and download/install the updates. This may help with the crashes.
---------
Once you get that completed please run DDS once more and post the logs that are created. :)
spikenla
2011-10-23, 20:04
Do I download all of the files?
You know that sure does look like a lot of files. Go here (http://windows.microsoft.com/installwindows7sp1) and just follow the instructions there. Let's let Windows do it for us. :)
spikenla
2011-10-24, 02:31
I am getting an "end of file" error when I try to install the update.
Hi spikenla,
Let's check your system for errors...
Press Start
Type cmd in Start Search bar
When "cmd" populates above, right-click and run as administrator
Once command prompt opens copy/paste the bolded text below into the command prompt.
chkdsk /f
If you are told that it will occur at next startup go ahead and reboot and let chkdsk take place. Let me know what the results are. :)
spikenla
2011-10-24, 04:16
I did it. Not quite sure what the results were. Does it save a log anywhere?
Hi spikenla,
I think we may have some software problems and that is what we are checking for now. I am not seeing anymore malware in the logs though so that is a plus. :)
You will need your Windows Installation disk for this next step. If there are errors found and a suitable copy cannot be found they will need to be pulled from the installation disk. Do the following steps and if there are errors to be fixed just follow the prompts.
SFC Scannow
Click on Start, All Programs, Accessories.
Right-Click and Run as Administrator on Command Prompt
In the Command Prompt Window, type (or copy and paste) sfc /scannow and
press Enter.
In your next reply please let me know how that worked
spikenla
2011-10-25, 02:29
"Windows Resource Protection did not find any integrity violations."
Hi spikenla,
Please visit this page here (http://support.microsoft.com/mats/windows_update/) and run the Windows Fix-it tool and then try to update Windows again. Let me know how that works for you. :)
spikenla
2011-10-25, 05:10
I ran the fix, it supposedly fix some settings. Tried to update again, and got the same error message. I did notice that the update file was only 13 MB. The update file that you initially wanted me to download was 900 MB.
Hi spikenla,
Sorry about the late reply. I have been out of town all day today and will be again tomorrow. I am also getting some opinions from some of my colleagues as well about your problems. I will return as quickly as I can. :)
Hi spikenla,
I am not seeing anymore malware present in the logs you have given. I believe that you may have some type of a software problem. I would recommend that you visit What the Tech and post a new topic in the Windows forum found here (http://forums.whatthetech.com/index.php?showforum=119). The techs there are really good and are better able to help you with an issue like this than I am. Be sure that you post the link to this topic so that the techs there can see what we have done.
I will leave this topic open until you return and then we will remove the tools that we used and give you some good information to help keep your system more secure from future infections. :)
Hi spikenla,
Do you still need help? :)
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.