system infected with security suite

[karman]

OTL Log

Hi,
Seems we fighting against a more powerful enemy :devil:

Lets destroy it :bigthumb:


I got only OTL.log . Didnt get the Extras.txt log. Dont know why...

I am not able to post it here. Tooo many characters. So attaching it. Hope you dont mind.

 

[ken545]

Thats fine, just waiting to hear back from the author of those tools. Be back when I find out more info

In the meantime lets do this

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :reg
  HKCU

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[karman]

SystemLook log

Hi,

The systemlook log below. It didnt even take 5 seconds....the notepad opened almost immediately.

----------------------------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 00:36 on 29/10/2010 by Home
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== reg ==========

[HKEY_CURRENT_USER]
(No values found)

[HKEY_CURRENT_USER\AppEvents]

[HKEY_CURRENT_USER\Console]

[HKEY_CURRENT_USER\Control Panel]

[HKEY_CURRENT_USER\Environment]

[HKEY_CURRENT_USER\EUDC]

[HKEY_CURRENT_USER\HKEY_CURRENT_USER]

[HKEY_CURRENT_USER\Identities]

[HKEY_CURRENT_USER\Keyboard Layout]

[HKEY_CURRENT_USER\Network]

[HKEY_CURRENT_USER\Printers]

[HKEY_CURRENT_USER\Software]

[HKEY_CURRENT_USER\System]

[HKEY_CURRENT_USER\SessionInformation]

[HKEY_CURRENT_USER\Volatile Environment]


-= EOF =-

 

[ken545]

Not showing what i hoped , lets do it this way

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

 

[ken545]

This appears to be an easy fix but I need the export of that run key from SystemLook

 

[karman]

System look log....

Hi,
System look log below:
------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 13:14 on 29/10/2010 by Home
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Google Update"=""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"=""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""
"Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP="C:\Users\Home\AppData\Local\Temp\win.exe"
"Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv="C:\Users\Home\AppData\Local\Temp\login.exe"


-= EOF =-

 

[ken545]

Got it, thanks , looking into a fix now

 

[ken545]

Lets see if this gives us a bit more info, that gibberish is related to a buffer overrun


Double click on OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
• Do Not copy the word CODE

hkcu\software\microsoft\windows\currentversion\run

• Near the top click the None button (it may appear greyed out)
• Then click the Run Scan button at the top
• Let the program run unhindered
• Please save the resulting log to be posted in your next reply.

Please post the OTL log.

 

[ken545]

Good Morning,

We are ready for a fix but SystemLook may not have showed all that was supposed to be on your run keys, so as soon as you post back with the OTL report as stated in my previous post I will be able to compare the two and we can get this thing fixed

 

[karman]

OTl logs

OTL logfile created on: 10/31/2010 6:25:15 PM - Run 6
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.10 Gb Free Space | 63.90% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< hkcu\software\microsoft\windows\currentversion\run >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/04/11 07:10:53 | 001,555,968 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2009/07/31 01:52:33 | 000,133,104 | ---- | M] (Google Inc.)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008/01/21 02:51:33 | 000,138,240 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009/10/31 18:17:09 | 000,039,408 | ---- | M] (Google Inc.)
"Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==" = C:\Users\Home\AppData\Local\Temp\win.exe -- File not found
"Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" = C:\Users\Home\AppData\Local\Temp\login.exe -- File not found

< End of report >

 

[ken545]

Here ya go, post the results of the fix and then a new OTL log without any added script

Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe







Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
  
  
  :Reg
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
  "Google Update"=""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c"
  "ehTray.exe"="C:\Windows\ehome\ehTray.exe"
  "swg"=""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

 

[karman]

OTL fix log

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"Sidebar"|"C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"Google Update"|""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"ehTray.exe"|"C:\Windows\ehome\ehTray.exe" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"swg"|""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 2161301 bytes
->Temporary Internet Files folder emptied: 272167528 bytes
->Java cache emptied: 4329 bytes
->FireFox cache emptied: 94961365 bytes
->Google Chrome cache emptied: 6687307 bytes
->Flash cache emptied: 6036 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14259 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 23972593 bytes

Total Files Cleaned = 381.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 11012010_222900

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[karman]

OTL scan log

OTL logfile created on: 11/1/2010 10:33:46 PM - Run 7
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.31 Gb Free Space | 63.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/31 18:27:59 | 000,000,000 | ---D | M]

[2010/10/19 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2010/11/01 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions
[2010/10/22 06:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 20:23:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 21:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 21:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 21:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 21:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/01 22:29:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 22:24:23 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\erunt
[2010/10/31 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\London Trip
[2010/10/28 21:03:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/28 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Uk Expenses
[2010/10/28 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Java runtime error logs
[2010/10/27 19:13:33 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/10/26 19:15:21 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 19:15:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 19:15:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 19:15:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/10/20 02:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/10/20 02:03:41 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2010/10/20 02:03:41 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2010/10/20 02:03:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2010/10/20 02:03:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/20 02:03:39 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/20 02:03:39 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/10/20 02:03:39 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/20 02:03:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/20 02:03:39 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/20 02:03:39 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2010/10/20 02:03:39 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2010/10/20 02:03:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2010/10/20 02:03:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2010/10/20 02:03:39 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/10/20 02:03:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2010/10/20 02:03:38 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/10/20 02:03:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2010/10/20 02:03:38 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2010/10/20 02:03:38 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2010/10/20 02:03:38 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2010/10/20 02:03:38 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2010/10/20 02:03:38 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2010/10/20 02:03:38 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2010/10/20 02:03:38 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2010/10/20 02:03:38 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2010/10/20 02:03:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2010/10/20 02:03:37 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2010/10/20 02:03:37 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/20 02:03:37 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2010/10/20 02:03:37 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2010/10/20 02:03:37 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/20 02:03:37 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2010/10/20 02:03:37 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2010/10/20 02:03:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/20 02:03:37 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/20 02:02:48 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2010/10/20 02:02:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2010/10/20 02:02:47 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2010/10/20 02:02:36 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2010/10/20 02:02:36 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2010/10/20 02:02:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2010/10/20 02:02:36 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2010/10/20 02:02:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2010/10/20 02:02:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2010/10/20 02:02:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2010/10/20 02:02:35 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2010/10/20 02:02:35 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2010/10/20 02:02:35 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2010/10/20 02:02:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2010/10/20 02:02:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2010/10/20 02:00:30 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Mozilla
[2010/10/19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/14 23:42:08 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2010/10/14 23:42:08 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2010/10/14 23:42:07 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010/10/14 23:42:07 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010/10/14 22:14:33 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:14:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 22:13:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 22:13:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 22:13:33 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:13:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:13:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:13:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:13:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:13:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:13:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 22:13:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 22:12:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:12:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:12:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:12:58 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:12:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:12:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:12:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:12:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:12:57 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/14 22:12:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/14 22:12:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/14 22:12:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:12:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/14 22:12:57 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/14 22:12:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 22:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/14 22:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:12:56 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/14 22:12:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/14 22:12:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/14 22:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/14 22:12:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/14 22:12:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/14 22:12:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/14 22:12:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:12:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:12:38 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:12:34 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:12:31 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:12:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/10/10 22:57:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/10/10 15:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/10/09 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Ogzy
[2010/10/07 18:51:06 | 000,000,000 | ---D | C] -- C:\_OTM

========== Files - Modified Within 30 Days ==========

[2010/11/01 22:38:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/01 22:38:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/01 22:38:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/01 22:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/11/01 22:36:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/11/01 22:36:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/11/01 22:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/11/01 22:30:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/01 22:30:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 22:30:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 22:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 22:30:26 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 22:21:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 21:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/10/28 23:34:57 | 000,075,264 | ---- | M] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:39:13 | 000,004,608 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 21:34:18 | 000,183,641 | ---- | M] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/28 20:57:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/22 12:32:04 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/10/22 12:32:04 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/21 12:26:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/10/20 02:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/15 20:12:13 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 22:34:33 | 000,446,499 | ---- | M] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/10/09 13:35:10 | 000,056,320 | ---- | M] () -- C:\Users\Home\Desktop\AXA - Seperation.xls

========== Files Created - No Company Name ==========

[2010/10/28 23:35:14 | 000,075,264 | ---- | C] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:34:18 | 000,183,641 | ---- | C] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/23 20:41:43 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 02:20:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | C] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/10/09 13:35:07 | 000,056,320 | ---- | C] () -- C:\Users\Home\Desktop\AXA - Seperation.xls
[2010/01/10 13:49:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/10 13:45:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/31 18:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 16:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 16:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 16:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 16:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 16:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 16:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 16:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 16:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 16:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 16:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 16:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 16:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 16:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 16:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 16:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 16:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 16:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 16:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 16:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 16:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 16:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 16:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 16:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 16:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 15:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 15:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 15:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 15:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 15:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 15:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 15:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 15:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 15:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 15:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 15:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 17:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 07:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 07:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 07:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 07:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 07:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/03 19:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 01:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

< End of report >

 

[karman]

Startup items

Hi ,

I checked the startup item through MSCONFIG. There are still some items showing in it. I am attaching a screenshot of it. Thought it might be helpful.

 

[ken545]

Do this, Open MSCONFIG and disable all LVGCIE and OHJXNXXW.

Then lets remove those bad files


Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  
  :Reg
  
  :Files
  C:\Users\home\AppData\Local\temp\cmd.exe
  C:\Users\home\AppData\Local\temp\csrss.exe
  C:\Users\home\AppData\Local\temp\taskmgr.exe
  C:\Users\home\AppData\Local\temp\rpm54cg.exe
  C:\Users\home\AppData\Local\temp\system.exe
  C:\Users\home\AppData\Local\vpwkxpvvr
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log.

• Download TDSSKiller and save it to your Desktop.

Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

Please post the content of the TDSSKiller log


Post both logs please

 

[karman]

OTL Fix log

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Users\home\AppData\Local\temp\cmd.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\csrss.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\taskmgr.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\rpm54cg.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\system.exe not found.
File\Folder C:\Users\home\AppData\Local\vpwkxpvvr not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 74417523 bytes
->Temporary Internet Files folder emptied: 6384043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24810972 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 560 bytes

User: Public

User: vijay

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 11022010_131805

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[karman]

tdsskiller log

2010/11/02 13:25:22.0003 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 13:25:22.0003 ================================================================================
2010/11/02 13:25:22.0003 SystemInfo:
2010/11/02 13:25:22.0003
2010/11/02 13:25:22.0003 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/02 13:25:22.0003 Product type: Workstation
2010/11/02 13:25:22.0003 ComputerName: MANJULA-HOME
2010/11/02 13:25:22.0003 UserName: Home
2010/11/02 13:25:22.0003 Windows directory: C:\Windows
2010/11/02 13:25:22.0003 System windows directory: C:\Windows
2010/11/02 13:25:22.0003 Running under WOW64
2010/11/02 13:25:22.0003 Processor architecture: Intel x64
2010/11/02 13:25:22.0003 Number of processors: 2
2010/11/02 13:25:22.0003 Page size: 0x1000
2010/11/02 13:25:22.0003 Boot type: Normal boot
2010/11/02 13:25:22.0003 ================================================================================
2010/11/02 13:25:22.0019 Utility is running under WOW64
2010/11/02 13:25:22.0331 Initialize success
2010/11/02 13:25:29.0850 ================================================================================
2010/11/02 13:25:29.0850 Scan started
2010/11/02 13:25:29.0850 Mode: Manual;
2010/11/02 13:25:29.0850 ================================================================================
2010/11/02 13:25:31.0301 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/02 13:25:31.0847 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/02 13:25:31.0956 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/02 13:25:32.0050 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/02 13:25:32.0143 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/02 13:25:32.0284 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/02 13:25:32.0393 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/02 13:25:32.0487 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/02 13:25:32.0596 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2010/11/02 13:25:32.0627 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/02 13:25:32.0689 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/02 13:25:32.0799 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/02 13:25:32.0861 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/02 13:25:32.0970 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/02 13:25:33.0017 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/02 13:25:33.0189 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2010/11/02 13:25:33.0282 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/11/02 13:25:33.0469 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/02 13:25:33.0501 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/02 13:25:33.0532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/02 13:25:33.0641 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/02 13:25:33.0688 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/02 13:25:33.0797 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/02 13:25:33.0828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/02 13:25:33.0875 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/02 13:25:33.0984 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/02 13:25:34.0047 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/02 13:25:34.0171 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/02 13:25:34.0234 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/11/02 13:25:34.0296 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/02 13:25:34.0452 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/02 13:25:34.0515 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/02 13:25:34.0546 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/02 13:25:34.0624 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/02 13:25:34.0733 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2010/11/02 13:25:34.0905 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/02 13:25:34.0967 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/02 13:25:35.0154 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/02 13:25:35.0217 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/02 13:25:35.0373 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2010/11/02 13:25:35.0497 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/02 13:25:35.0591 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/02 13:25:35.0638 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/02 13:25:35.0794 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2010/11/02 13:25:35.0872 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/02 13:25:35.0934 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/02 13:25:36.0075 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/02 13:25:36.0121 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/02 13:25:36.0153 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/02 13:25:36.0184 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/02 13:25:36.0324 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/02 13:25:36.0480 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/02 13:25:36.0543 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/02 13:25:36.0574 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/02 13:25:36.0745 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/02 13:25:36.0886 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/02 13:25:36.0917 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/11/02 13:25:36.0964 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/02 13:25:37.0104 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/02 13:25:37.0182 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/02 13:25:37.0323 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/02 13:25:37.0385 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/02 13:25:37.0416 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/02 13:25:37.0759 igfx (d4a887f145e96fa9f08c1d1d67ea6546) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/02 13:25:38.0071 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/02 13:25:38.0181 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2010/11/02 13:25:38.0352 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/02 13:25:38.0399 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/02 13:25:38.0493 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/02 13:25:38.0695 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/02 13:25:38.0758 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/02 13:25:38.0820 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/02 13:25:38.0992 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/02 13:25:39.0054 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/02 13:25:39.0101 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/02 13:25:39.0273 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/02 13:25:39.0319 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/11/02 13:25:39.0444 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/02 13:25:39.0491 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/02 13:25:39.0569 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/02 13:25:39.0725 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/02 13:25:39.0803 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/02 13:25:39.0897 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/02 13:25:40.0006 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/02 13:25:40.0084 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/02 13:25:40.0115 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/02 13:25:40.0255 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/02 13:25:40.0333 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/02 13:25:40.0474 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/02 13:25:40.0536 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/02 13:25:40.0583 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/02 13:25:40.0645 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/02 13:25:40.0801 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/02 13:25:40.0879 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/02 13:25:40.0926 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/02 13:25:41.0067 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/02 13:25:41.0160 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/02 13:25:41.0238 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/02 13:25:41.0379 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/02 13:25:41.0457 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/02 13:25:41.0550 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2010/11/02 13:25:41.0644 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/02 13:25:41.0784 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/02 13:25:41.0878 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/02 13:25:41.0940 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/02 13:25:42.0003 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/02 13:25:42.0065 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/02 13:25:42.0174 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/02 13:25:42.0299 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/02 13:25:42.0393 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/02 13:25:42.0549 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/02 13:25:42.0814 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/02 13:25:42.0970 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/02 13:25:43.0110 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/02 13:25:43.0173 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/02 13:25:43.0235 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/02 13:25:43.0375 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/02 13:25:43.0438 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/02 13:25:43.0516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/02 13:25:43.0672 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/02 13:25:43.0750 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/02 13:25:43.0797 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/02 13:25:43.0921 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/02 13:25:44.0109 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/02 13:25:44.0171 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/02 13:25:44.0218 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/02 13:25:44.0249 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/02 13:25:44.0452 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
2010/11/02 13:25:44.0499 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
2010/11/02 13:25:44.0655 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/02 13:25:44.0779 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/02 13:25:44.0951 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/02 13:25:45.0013 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/02 13:25:45.0123 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/11/02 13:25:45.0247 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/02 13:25:45.0325 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/02 13:25:45.0591 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/02 13:25:45.0653 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/02 13:25:45.0762 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/02 13:25:45.0949 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/02 13:25:46.0043 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/02 13:25:46.0199 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/02 13:25:46.0261 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/02 13:25:46.0417 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/02 13:25:46.0605 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/02 13:25:46.0729 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/02 13:25:46.0807 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/02 13:25:46.0963 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/02 13:25:47.0057 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/02 13:25:47.0197 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/02 13:25:47.0275 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/02 13:25:47.0400 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/02 13:25:47.0494 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/02 13:25:47.0681 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/11/02 13:25:47.0728 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/11/02 13:25:47.0759 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/11/02 13:25:47.0837 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/02 13:25:47.0962 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/02 13:25:48.0040 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/02 13:25:48.0118 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/02 13:25:48.0258 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/11/02 13:25:48.0321 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/11/02 13:25:48.0367 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/02 13:25:48.0586 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/02 13:25:48.0648 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/02 13:25:48.0711 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/02 13:25:48.0835 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/02 13:25:48.0898 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/02 13:25:48.0960 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/02 13:25:49.0023 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/02 13:25:49.0163 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/02 13:25:49.0257 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/02 13:25:49.0319 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/02 13:25:49.0459 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/02 13:25:49.0553 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/11/02 13:25:49.0709 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/02 13:25:49.0771 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/02 13:25:49.0834 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/02 13:25:49.0881 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/02 13:25:50.0130 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/02 13:25:50.0333 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/02 13:25:50.0520 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/02 13:25:50.0661 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/02 13:25:50.0739 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/02 13:25:50.0770 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/02 13:25:50.0910 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/02 13:25:50.0957 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/02 13:25:51.0160 tmpreflt (9394fd63beaea93d82d261b5f3080209) C:\Windows\system32\DRIVERS\tmpreflt.sys
2010/11/02 13:25:51.0238 tmtdi (59e0649a8fbfb978a753dc03136b4f00) C:\Windows\system32\DRIVERS\tmtdi.sys
2010/11/02 13:25:51.0331 tmxpflt (01b58eecc23d54f25a936ebb43a0f1ee) C:\Windows\system32\DRIVERS\tmxpflt.sys
2010/11/02 13:25:51.0487 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/02 13:25:51.0534 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/02 13:25:51.0628 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/02 13:25:51.0753 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/02 13:25:51.0831 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/02 13:25:51.0987 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/02 13:25:52.0018 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/02 13:25:52.0065 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/02 13:25:52.0096 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/02 13:25:52.0221 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/02 13:25:52.0314 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/02 13:25:52.0455 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/02 13:25:52.0533 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/02 13:25:52.0657 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/02 13:25:52.0798 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/02 13:25:52.0845 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/02 13:25:52.0891 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/02 13:25:53.0001 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/02 13:25:53.0079 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/02 13:25:53.0125 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/02 13:25:53.0172 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/02 13:25:53.0297 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/02 13:25:53.0391 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/02 13:25:53.0531 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/02 13:25:53.0703 vsapint (69650cbf9d56f3f439989d79727ce4af) C:\Windows\system32\DRIVERS\vsapint.sys
2010/11/02 13:25:53.0859 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/02 13:25:53.0937 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/02 13:25:53.0999 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 13:25:54.0015 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 13:25:54.0186 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/02 13:25:54.0249 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/02 13:25:54.0545 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/02 13:25:54.0639 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/02 13:25:54.0701 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/02 13:25:54.0873 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/02 13:25:54.0997 ================================================================================
2010/11/02 13:25:54.0997 Scan finished
2010/11/02 13:25:54.0997 ================================================================================

 

[ken545]

Looks good, are those items still showing in Task Manager on your Start Up Tab ?

 

[karman]

startup entries still there

Hi,

The startup entris still seem to be there..i checked the registry and there are no such entries in the registry..it only shows in the MSCONFIG->Startup list....

 

[ken545]

Open up Notepad and copy and paste this in

del C:\Users\home\AppData\Local\temp\*.*

Save it to your desktop and name it Temp.bat

Save it as all files

Double click it to run,

Reboot and check and see if there gone in msconfig