Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

sorry for double post...here is my DDS log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

sorry for double post...here is my DDS log

Unread postby Robinski123 » December 11th, 2011, 6:06 pm

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Robin at 16:00:36 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.5855 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - C:\Program Files (x86)\Ant.com\IE

add-on\Download.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack

\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Zoominto.IEPlugin.ZoomintoMain: {acdf77a9-9eda-407f-969f-b3bcbe3217d0} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - C:\Program Files (x86)\Ant.com\IE add-on

\AntToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAVCPL~1.LNK - C:

\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files

(x86)\Ant.com\IE add-on\Download.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: line6.net
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

hxxp://cdn.scan.onecare.live.com/resour ... se6770.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files

(x86)\Ant.com\IE add-on\Download.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement

Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO-X64: Zoominto.IEPlugin.ZoomintoMain: {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ant.com Download Toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on

\AntToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?

d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys

[?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows

\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6

64952]
R2 ASRservice;ASRservice;C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2011-12-7 697104]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys

[?]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin

\FABS.exe [2009-8-27 1253376]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

[2009-7-17 4948992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

[2011-7-1 2214504]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

[2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

[2011-3-9 491920]
R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows

\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows

\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows

\system32\drivers\nvhda64v.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41:14;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter

\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services

\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
S3 L6PODX3;L6 POD X3 Service;C:\Windows\system32\Drivers\L6PODX364.sys --> C:\Windows\system32\Drivers

\L6PODX364.sys [?]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers

\L6TPortGX64.sys [?]
S3 L6UX1;Service - Line 6 UX1;C:\Windows\system32\Drivers\L6UX164.sys --> C:\Windows\system32\Drivers\L6UX164.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19

517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows

\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS

\wdcsam64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows

\system32\atiesrxx.exe [?]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

[2011-8-3 379496]
.
=============== Created Last 30 ================
.
2011-12-11 19:33:38 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates

\{CEBEED48-0EF4-480C-85D7-5EF18F93076C}\offreg.dll
2011-12-11 19:33:35 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates

\{CEBEED48-0EF4-480C-85D7-5EF18F93076C}\mpengine.dll
2011-12-11 09:14:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-09 11:45:54 -------- d-----w- C:\Users\Robin\AppData\Roaming\IObit
2011-12-09 11:22:02 -------- d-----w- C:\41f7dcba618342895cab
2011-12-08 18:41:27 -------- d-----w- C:\$WINDOWS.~LS
2011-12-08 18:33:27 -------- d-----w- C:\$WINDOWS.~BT
2011-12-08 06:35:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
2011-12-08 04:34:09 5326 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-12-08 04:31:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-08 04:20:59 98816 ----a-w- C:\Windows\sed.exe
2011-12-08 04:20:59 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-08 04:20:59 256000 ----a-w- C:\Windows\PEV.exe
2011-12-08 04:20:59 208896 ----a-w- C:\Windows\MBR.exe
2011-12-08 03:47:28 -------- d-----w- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-07 09:33:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-07 06:06:40 -------- d-----w- C:\ProgramData\IObit
2011-12-07 05:49:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 16:13:09 -------- d-----w- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
2011-12-04 16:12:59 -------- d-----w- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
2011-11-28 23:15:40 -------- d-----w- C:\Users\Robin\CyberLink
2011-11-28 23:12:37 -------- d-----w- C:\Users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12:33 -------- d-----w- C:\Program Files (x86)\zoomintoIE
2011-11-28 22:17:56 -------- d-----r- C:\Users\Robin\pentadactyl
2011-11-28 15:45:21 0 ----a-w- C:\Users\Robin\AppData\Local\BIT4A86.tmp
2011-11-26 01:59:22 -------- d-----w- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
2011-11-26 01:59:11 -------- d-----w- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
2011-11-23 00:44:15 -------- d-----w- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
2011-11-23 00:44:03 -------- d-----w- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
2011-11-18 08:49:31 -------- d-----w- C:\Users\Robin\.gimp-2.6
2011-11-18 06:10:02 -------- d-----w- C:\Users\Robin\AppData\Roaming

\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-18 04:02:55 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-11-14 03:29:09 79232 ----a-w- C:\Windows\System32\drivers\dvdfab.sys
2011-11-14 03:29:07 -------- d-----w- C:\Program Files (x86)\DVDFab Passkey
2011-11-14 02:52:53 -------- d-----w- C:\Program Files (x86)\SlySoft
.
==================== Find3M ====================
.
2011-11-29 16:53:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-14 02:43:25 82816 ----a-w- C:\Users\Robin\AppData\Roaming\pcouffin.sys
2011-11-02 00:00:38 5018 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-21 02:52:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50:46 0 ----a-w- C:\Windows\SysWow64\REN1B6C.tmp
2006-03-26 20:24:18 557056 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23:58 442368 ----a-w- C:\Program Files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15:16 405504 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41:48 405504 ----a-w- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15:12 98304 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26:04 417792 ----a-w- C:\Program Files (x86)\WaveShell-VST 5.2.dll
.
============= FINISH: 16:01:21.80 ===============

Robinski123 wrote:Hello from Canada!!!.....I have a serious? Infection...Details:
On Dec/6/11, I was checking emails and found one in "Junk".....it said it was from Canada Post......Just by pure coincidence, I just happen to waiting on an Important Letter(Credit Related) from them
so I selected "Safe" and read it.....It came with an Attachment...unfortunatly I downloaded It...STUPID!! I know....The file was a Zip, which I scanned with Both Malwarebytes+Microsoft Security
Essentials...both came up clean!!!...so I unzipped it, deleted the original zip and opened the folder...it contained 1 .pdf and several .txt (0bytes)...I opened the .pdf and the Nightmare Began!!!
Immediatly my screen changed/flashed to a Black screen. Then a bunch (over 20) of rectangular windows showed up...all indicating that my hard drive was failing!!!.there was an option to "Fix" by selecting "OK"....However I didnot..I just forced shutdown by pressing the Start Buttion on my HP. I then started up and the same windows showed up...I shut down again and started with the
Kaspersky Rescue DVD....I would "Boot"..BUT at a certain point it would not continue...."could not find cd"!!....so I restarted in safe mode, ran some scans & was able to start normally, BUT
my desktop was still Black....other symptoms as followed: Start Menu would only show Admin(Empty)...ALL folders were Hidden (I could see then but when opened..were empty!!)..I typed Computer, and Opened it...my drives and partitions still showed up (With correct space used..)...I could access my user folder again by typing it in...same with control panel...etc...Tried a system Restore..
Failed...Tried a Repair computer from a Win 7 Repair disc..to no avail...also all taskbar icon were gone..(But notifications were still there...)...so I deleted ALL system restore points and turned
it off.....did a superantispyware scan in safe mode..found 2 in appdata....ran RKill and it stopped a couple of processes.....rebooted and my desktop was back to normal!! with all my slideshow pics
I started my older second desktop (eMachine T5234-Vista 32) and went on line to fine other anti???....I used my Micro 8GB card to transfer files...I used Combofix..and then everything was almost back to normal.......ALL folders were "Unhidden" and I could open and see contents. BUT MAJOR problems still exist: Updates download BUT are not listed in Windows Update downloads page!!!, tried scannow both normally and from CMD in recovery disc...would not work...Windows Modules Installer Errors "Windows Resource Protetion could not....")......."Turn windows features on or off" is blank........
I would go back and forth between computers and do sugessted "Fixes" on HP......Finally got scannow to run!! (After Restart)...ran for almost 2hrs 30min...restarted...Back to FAST BOOT :)
BUT problems still exist...Reg+dll+ other are probibly corrupted!!...I am uncertain if I got rid of infection or its hiding???...I want to be certain!!....I have thought of nuking my drive and doing
a clean install!! but only as a LAST resort.....I have so many programs & Personal folder/files....I don't want to back up anything NOW (I have a 2TB WD for backups via sata...it USED to be an external...but usb was way too slow....)....Long story short: am I still Infected and how to repair various win7 problems....I am certain my HP has missing/corrupted system files....sorry for thelong letter but I thought that I should give as much info as possible. I have a Hijackthis log....My HP specs are: Windows 7 64, 8GB RAM, 1 dvd+1 Blu-ray Burner, 2 Hard drives>> Main is partitioned..
c: os and user d: Backup.....2nd drive.2 partitions..a: Audio(Cakewalk Projects.I am a Guitarist/Bassist/Keys/Drummer) b: Vid files Main has 620gb...2nd has 500GB.Thank for ANY info.....the Hijackthis.log is suspicially small!! Help me Obi-Wans, you are my only hope!!!......R
Last edited by NonSuch on December 11th, 2011, 7:13 pm, edited 1 time in total.
Reason: Edited to add information from other topic.
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm
Advertisement
Register to Remove

Re: sorry for double post...here is my DDS log

Unread postby Dakeyras » December 13th, 2011, 9:51 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:


All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Do you have a actual Windows 7 Installation DVD? I realise you may not have since your machine appears to be HP modal...If the need we can can work round this if some specific system repairs are required.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my Windows 7 DVD query.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: sorry for double post...here is my DDS log

Unread postby Robinski123 » December 13th, 2011, 2:20 pm

Hello Dakeyras!!.....I am grateful for your assistance, here are my answers as requested: My HP seems to be running OK but I still have the following known issues,
Updates will run and install...but the same update immedietly shows up again, (I have it set to inform me of updates, not Automatic download)
"turn windows features on or off" is still blank, there are many services issues.I forgot specifics but some will not start...relating to updates and others.
when I run "Generate system health report"....the report "looks" different than before.has a diff name...and shows many services issues.
Some of my admin tool don't work right......when I run performance monitor i get a list of errors "Unable to add these counters" 3 Processor Information, 2 Physical Disk and 1
network interface.....in event viewer there is a "Subcriptions" error....."The windows event collector service must be running and configured"
basically i think that many system drivers etc are missing or corrupted???...my windows media player is empty but my music folder still has my .wav and .mp3z...everything seems fine otherwise....but infection caused many problems.
I do have my win 7 disc, however I bought my HP with vista 64 installed and got a HP win 7 upgrade disc a few months later and custom installed it....I was prompted (During Installation) to make a backup of my vista first, so I did and made 3 DVDs.....the OTL.txt will follow.Many Thanks!!!!!!
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

OTL Log

Unread postby Robinski123 » December 13th, 2011, 2:21 pm

OTL logfile created on: 12/13/11 11:38:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

8.00 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 75.93% Memory free
10.00 Gb Paging File | 8.06 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 211.79 Gb Free Space | 36.33% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe (Ant.com)
PRC - C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ASRservice) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe (IObit)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L6UX1) -- C:\Windows\SysNative\drivers\L6UX164.sys (Line 6)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L6PODX3) -- C:\Windows\SysNative\drivers\L6PODX364.sys (Line 6)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVIDIA Corp.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 15:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 06:18:58 | 000,000,000 | ---D | M]

[2010/07/15 23:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\anttoolbar@ant.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\cybersearch@cybernetnews.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\foxdie_ext_ocelot@foxdie.us
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\googletube@googletube.com
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/11/11 16:36:31 | 000,002,325 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage-ssl.xml
[2011/12/08 20:22:16 | 000,005,457 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage.xml
[2011/11/28 15:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/20 20:53:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/28 15:50:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/20 20:52:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/09 02:46:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/09 02:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 02:46:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/09 02:46:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/09 02:46:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/07 22:30:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64.exe - Shortcut.lnk = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O8 - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 11:31:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2011/12/12 02:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/12/12 02:27:38 | 000,000,000 | ---D | C] -- C:\WinDDK
[2011/12/12 01:39:29 | 004,425,880 | ---- | C] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
[2011/12/12 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/12 00:16:23 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/12/12 00:16:22 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/12/12 00:16:22 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/12/12 00:16:22 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/12/12 00:16:22 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/12/12 00:12:54 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/12/12 00:12:54 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/12/12 00:12:54 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/12/12 00:12:49 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/12/12 00:12:49 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/12/12 00:12:49 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/12/12 00:12:49 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/12/12 00:12:48 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/12/12 00:12:48 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/12/12 00:12:48 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/12/12 00:12:48 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/12/12 00:12:48 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/12/12 00:12:48 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/12/12 00:12:48 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/12/12 00:12:48 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/12/12 00:12:48 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/12/12 00:12:48 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/12/12 00:12:48 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/12/12 00:12:48 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/12/12 00:12:48 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/12/12 00:12:48 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/12/12 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\NVIDIA Corporation
[2011/12/11 23:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/12/11 22:35:38 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/12/11 22:35:38 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/12/11 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
[2011/12/11 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
[2011/12/11 03:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/11 03:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/09 05:45:54 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\IObit
[2011/12/09 05:22:02 | 000,000,000 | ---D | C] -- C:\41f7dcba618342895cab
[2011/12/08 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/08 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/12/08 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2011/12/07 22:31:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/07 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/12/07 22:28:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/07 22:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 22:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 22:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 22:20:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/07 21:24:36 | 004,331,784 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/07 03:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/07 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover
[2011/12/06 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
[2011/12/04 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn825699552
[2011/11/30 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-CRA-Info+Forms
[2011/11/29 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\$60 COST EACH
[2011/11/29 23:08:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\10 Bags=$490+$55=$544+$31=$576
[2011/11/28 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-IE-Help and Info
[2011/11/28 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Robin\CyberLink
[2011/11/28 17:12:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zoomintoIE
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoominto IePlugin
[2011/11/28 16:17:56 | 000,000,000 | R--D | C] -- C:\Users\Robin\pentadactyl
[2011/11/28 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\S7H0W4
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\selling5699552stuff
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn82@gmail.com
[2011/11/25 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
[2011/11/25 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
[2011/11/24 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Saskatoon Country Western Music Association
[2011/11/22 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
[2011/11/22 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
[2011/11/20 00:11:01 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Metis-Info
[2011/11/19 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Banking-Credit Card & Credit-Info
[2011/11/18 02:49:31 | 000,000,000 | ---D | C] -- C:\Users\Robin\.gimp-2.6
[2011/11/18 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/17 22:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/11/17 22:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/17 21:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/17 21:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/11/17 21:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/11/17 14:28:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\TAKE LEARNERS TEST!!!
[2011/11/14 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Kijiji-Stuff
[2011/11/13 21:50:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\VSOBlurayConverter
[2011/11/13 21:33:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\DVDFab Passkey
[2011/11/13 21:29:09 | 000,079,232 | ---- | C] (Fengtao Software Inc.) -- C:\Windows\SysNative\drivers\dvdfab.sys
[2011/11/13 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab Passkey
[2011/11/13 20:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011/11/13 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011/11/13 20:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2010/01/30 21:06:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2009/10/11 19:26:40 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
[2009/10/11 19:26:35 | 000,442,368 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-DX 5.7.dll
[2009/10/11 19:26:24 | 000,417,792 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.2.dll
[2009/10/11 19:26:19 | 000,098,304 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.0.dll
[2009/10/11 19:26:14 | 000,557,056 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.7.dll
[2009/10/11 19:26:09 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.5.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 11:31:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2011/12/13 11:18:29 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 11:18:29 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 11:11:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
[2011/12/13 11:09:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 04:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 01:30:02 | 000,001,854 | ---- | M] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 22:49:57 | 000,198,656 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 20:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
[2011/12/12 17:25:08 | 005,075,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 12:47:12 | 000,000,850 | ---- | M] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cd
[2011/12/12 01:39:32 | 004,425,880 | ---- | M] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 00:12:15 | 000,001,996 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/12/11 20:41:06 | 000,007,616 | ---- | M] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/11 03:48:40 | 000,001,598 | ---- | M] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:24:56 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/08 23:11:02 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/07 22:30:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/07 18:07:04 | 004,331,784 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 15:02:56 | 000,684,297 | ---- | M] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/06 23:00:26 | 000,754,176 | ---- | M] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/04 11:06:50 | 000,081,183 | ---- | M] () -- C:\Users\Robin\Desktop\01-Black With Red Bows Corset-EBAY-$64.JPG
[2011/12/02 21:48:02 | 014,857,716 | ---- | M] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/11/29 10:53:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 15:51:53 | 000,001,905 | ---- | M] () -- C:\Users\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 09:44:49 | 000,000,000 | ---- | M] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | M] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/13 20:55:16 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/11/13 20:43:25 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2011/11/13 20:43:25 | 000,007,859 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2011/11/13 20:43:25 | 000,001,167 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/12 19:19:42 | 000,754,176 | ---- | C] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/12 12:47:12 | 000,000,850 | ---- | C] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 12:46:23 | 000,001,854 | ---- | C] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | C] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cd
[2011/12/11 03:48:40 | 000,001,598 | ---- | C] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:32:32 | 000,007,616 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/10 23:24:56 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:23 | 000,000,194 | ---- | C] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/10 16:28:53 | 000,684,297 | ---- | C] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/10 16:28:33 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\iExplore.exe
[2011/12/10 16:28:22 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\rkill.exe
[2011/12/08 23:10:41 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/07 23:19:03 | 000,014,726 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Shortcut Icons.JPG
[2011/12/07 23:19:03 | 000,009,804 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Apps Currently Running-NOT MANY.JPG
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:20:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 22:20:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 22:20:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 22:20:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 22:20:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/04 11:13:28 | 000,081,183 | ---- | C] () -- C:\Users\Robin\Desktop\01-Black With Red Bows Corset-EBAY-$64.JPG
[2011/12/02 21:47:11 | 014,857,716 | ---- | C] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/11/28 09:44:49 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | C] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/17 16:20:23 | 091,121,388 | ---- | C] () -- C:\Users\Robin\Desktop\The Jack [Live].wav
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 17:27:11 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/09 17:27:11 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/09 17:27:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/09 17:27:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/09 17:27:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/30 15:59:21 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/09/22 15:36:20 | 000,001,996 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/28 20:44:36 | 000,000,377 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/11 00:28:11 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2010/12/19 22:41:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/23 21:04:44 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\prvlcl.dat
[2010/09/13 19:43:27 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/09/02 01:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 01:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/14 22:21:12 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/06/14 22:21:12 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/04/29 09:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/15 14:54:46 | 000,023,336 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/04 23:31:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/02/04 23:28:03 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/01/30 21:06:32 | 000,007,859 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2010/01/30 21:06:32 | 000,001,167 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2010/01/27 20:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/27 15:51:20 | 000,198,656 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 15:24:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/12/15 15:24:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/10/16 12:27:30 | 000,000,486 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat
[2009/10/10 22:38:21 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/10/08 22:41:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/03 15:39:02 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/03 15:39:02 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/04/18 23:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[1980/01/01 01:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\bootstat.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

< End of report >
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Extras Log

Unread postby Robinski123 » December 13th, 2011, 2:23 pm

OTL Extras logfile created on: 12/13/11 11:38:11 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

8.00 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 75.93% Memory free
10.00 Gb Paging File | 8.06 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 211.79 Gb Free Space | 36.33% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.4.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Sandboxie" = Sandboxie 3.46 (64-bit)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DE590C-BC6C-4967-B7F3-3012003ED0FD}" = MAGIX Screenshare
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}" = Blue Cat's Stereo Flanger VST 2.4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner Pro v1.8.0.225
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE03D46-ACE6-467E-9B15-1CB1ACAF69CD}" = Blue Cat's Flanger VST 2.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{43DD482E-0A99-43F6-AC8F-E00C7156BAAB}" = Blue Cat's Phaser VST 2.4
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{5620D5AF-A931-4ce5-B533-F70861266BC4}" = Blue Cat's Freeware Pack VST 1.0
"{57797EBA-566C-4333-A632-C7188F574479}" = MAGIX Video Pro X3 (proDAD VitaScene LE)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63BBD5A6-FABF-4CEE-B27F-F40F5657BDD1}" = MAGIX Video Pro X3 (Subtitle effects)
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711B5A2A-73A0-4AFF-BC47-8B84E80FEA00}" = Blue Cat's Gain Suite VST 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74EA8572-283C-45DA-97E7-2EA75B95D893}" = Blue Cat's Triple EQ VST 3.3
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94DABFDA-AAC2-413A-86BE-E61CA96D502C}" = MAGIX Video Pro X3 Download Version
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A687852A-B864-408F-96B7-439A46B2E64B}" = Blue Cat's Chorus - VST
"{A71F3F58-30B3-4A65-A653-71784E4C2F51}" = Blue Cat's FreqAnalyst VST 1.3
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8CFEA15-A660-4742-9AAB-BC659C491046}" = ZoomInto
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 (Advanced) Free
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D194BBA4-52C3-46FC-B112-812546299B79}" = MAGIX Speed burnR (MSI)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93399F6-C902-47E8-B2A4-9C38ACAC03B5}" = EZplayer
"{DA5AAEFB-2881-468E-934C-FC64710C11EA}" = MAGIX Video Pro X3 (Soundtrack Maker styles)
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE8478F-16FC-471C-8C45-8218A78C734B}" = MAGIX Video Pro X3 (proDAD Mercalli 2)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E26EE585-A646-428B-9999-A845C703C13E}" = MAGIX Video Pro X3 (Synthesizers)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E699454B-70AE-4483-A6ED-8C9AC9E23446}" = Blue Cat's Stereo Chorus VST 3.4
"{E97C63D1-6025-4572-9F8A-86C429A9E744}" = MAGIX Video Pro X3 (NewBlueFX Premium Effects)
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED3BFB52-21FA-406F-A1F1-E915169E9C03}" = Ant.com IE add-on
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F181EED0-8A75-4615-8351-AB9CC018BA39}" = Windows7SBS
"{F18FB90C-2DC4-4CFF-908F-2FB7DEEF26E0}" = Musical Scales
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F571A2CC-57D3-4AB6-9FD5-5AF14775E516}" = Ant.com IE add-on
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.94
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Addictive Drums" = Addictive Drums
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Spyware Remover_is1" = Advanced Spyware Remover
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"alotToolbar" = ALOT Toolbar
"Ant.com IE add-on" = Ant.com IE add-on
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 1.2.6
"AudioCreator_is1" = Audio Creator LE 1.5
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"Belarc Advisor" = Belarc Advisor 8.1
"Blu-ray to DVD_is1" = Blu-ray to DVD 1.2.0.14
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Brainworx BX Digital VST_is1" = Brainworx BX Digital VST v1.09
"Cakewalk Dimension Pro_is1" = Dimension Pro
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeStuff Starter" = CodeStuff Starter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DelinvFile_is1" = DelinvFile - 4.03
"DreamStation DXi2" = DreamStation DXi2
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.4.0 (31/10/2011)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Game Booster_is1" = Game Booster
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Photo Creations" = HP Photo Creations
"ImgBurn" = ImgBurn
"Indeo® software" = Indeo® software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"JPG2PDF_is1" = JPG2PDF 2.2
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Line 6 Uninstaller" = Line 6 Uninstaller
"LookInMyPC" = LookInMyPC
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3 Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 2.1.1
"Recover Keys_is1" = Recover Keys
"ReValver Mk III_is1" = ReValver Mk III
"Revo Uninstaller" = Revo Uninstaller 1.93
"Roger Nichols Digital FREQUAL-IZER VST RTAS_is1" = Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"SONARHome7_is1" = SONAR Home Studio 7
"SONARX1Producer_is1" = SONAR X1 Producer
"Sonitus:fx Plugin Suite" = Sonitus:fx Plugin Suite
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"sp41099" = sp41099
"SpeedFan" = SpeedFan (remove only)
"Ultra DVD Creator_is1" = Ultra DVD Creator 2.7.0827
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"VST Bridge_is1" = VST Bridge 1.1
"Waves Mercury Bundle" = Waves Mercury Bundle
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.3.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/11 11:09:30 PM | Computer Name = Robin-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/13/11 12:27:57 AM | Computer Name = Robin-HP | Source = VSS | ID = 8193
Description =

Error - 12/13/11 2:05:18 AM | Computer Name = Robin-HP | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 12/13/11 2:05:45 AM | Computer Name = Robin-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/13/11 2:06:42 AM | Computer Name = Robin-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/13/11 5:00:10 AM | Computer Name = Robin-HP | Source = VSS | ID = 8193
Description =

Error - 12/13/11 1:11:19 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 12/13/11 1:11:19 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 12/13/11 1:13:43 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/13/11 1:13:43 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

[ Media Center Events ]
Error - 5/04/10 12:15:11 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 PM - Error connecting to the internet. 10:15:06 PM - Unable
to contact server..

Error - 5/04/10 1:41:38 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:38 PM - Error connecting to the internet. 11:41:38 PM - Unable
to contact server..

Error - 5/04/10 1:41:45 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:43 PM - Error connecting to the internet. 11:41:43 PM - Unable
to contact server..

Error - 5/04/10 3:29:12 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:11 AM - Error connecting to the internet. 1:29:11 AM - Unable
to contact server..

Error - 5/04/10 3:29:18 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:17 AM - Error connecting to the internet. 1:29:17 AM - Unable
to contact server..

Error - 5/08/10 1:07:21 PM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:07:06 AM - Error connecting to the internet. 11:07:07 AM - Unable
to contact server..

Error - 5/09/10 2:01:24 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:24 AM - Error connecting to the internet. 12:01:24 AM - Unable
to contact server..

Error - 5/09/10 2:01:35 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:29 AM - Error connecting to the internet. 12:01:29 AM - Unable
to contact server..

Error - 5/09/10 3:01:40 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:40 AM - Error connecting to the internet. 1:01:40 AM - Unable
to contact server..

Error - 5/09/10 3:01:47 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:46 AM - Error connecting to the internet. 1:01:46 AM - Unable
to contact server..

[ System Events ]
Error - 12/12/11 7:25:17 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%5

Error - 12/12/11 7:25:23 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%5

Error - 12/12/11 7:25:24 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Update
Center Service service to connect.

Error - 12/12/11 7:25:48 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error - 12/12/11 7:27:55 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%5

Error - 12/13/11 1:09:11 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%5

Error - 12/13/11 1:09:12 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%5

Error - 12/13/11 1:09:13 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Update
Center Service service to connect.

Error - 12/13/11 1:09:17 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error - 12/13/11 1:11:24 PM | Computer Name = Robin-HP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%5


< End of report >
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: sorry for double post...here is my DDS log

Unread postby Dakeyras » December 14th, 2011, 7:48 am

Hi. :)

You're welcome and thanks for the update also!

Firstly I see you have run some specific Anti-Malware tools, namely ComboFix and RogueKiller, my friendly advice do not run/use such powerful applications unless via trained supervision as the very distinct chance if deployed incorrectly either could render a machine unbootible.

Now if there are logs available for the aforementioned and anything was removed please post the logs in your next reply. If nothing was removed by either no need to post the logs at this time then.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Advanced Spyware Remover <-- Deemed a rogue application.
Advanced SystemCare 3 <-- As above plus has the capacity to render a machine little more than a expensive door-stop.
ALOT Toolbar <-- Had undesirable characteristics.
Java(TM) 6 Update 27 <-- We will update this in due course.
µTorrent <-- Has to be removed per forum policy.

To do so click once on each of the above then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

Do you recognise any of the below files at all? As my own research is inconclusive at this time...

C:\Windows\SysNative\1323680642.lock
C:\Windows\SysNative\1323581096.lock
C:\Windows\SysNative\1323581072.lock
C:\Windows\SysNative\1323580396.lock
C:\Windows\SysNative\1323580359.lock
C:\Windows\SysNative\1323580246.lock
C:\Windows\SysNative\1323580223.lock


If the answer is no, not a problem we will upload a few to check for malware traces etc in due course.

CKScanner:

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application! Plus only run the application once only.
  • Right-click on CKScanner.exe and select Run as Administrator, then click on Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Update and requested Logs

Unread postby Robinski123 » December 14th, 2011, 12:11 pm

Hello again Dakeyras!!...here are your requests:..I do think I have ALOT installed...Can't find it...went online...got info..to check:
%ProgramFiles%\alot....not there......and also: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
\SharedTaskScheduler\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}<< no reg key exists....just HKEY_LOCAL_MACHINE
\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler and I checked both ie & firefox...neither had the ALOT
add-on.....plus: I do not have any of these: C:\Windows\SysNative\1323680642.lock...etc...I have uninstalled the listed
programs..(using revo)...except for java....could not while using ie.......
I shall post the following:
1) ComboFix.txt,
2) ComboFix-quarantined-files.txt,
3) TDSSKiller.2.6.21.0_06.12.2011_23.51.28_log.txt,
4) RKreport.txt,
5) ckfiles.txt, and the most recent
6) Combfix2.txt.(renamed cause both are on my desktop-txt Copies)

Thanks again for your most excellent work!!!......It would drive me crazy!!....to methodically go through all of the log postings!!!
I hope that you take time off often for Family, Friends and to just have FUN!!...doing whatever else that brings you Joy...like a non
computer related hobby.....sorry to get personal....for me... Music is my life and PASSION!!!...anyways, Thanks from Canada!!
PS: just checked the ckfiles.txt.......there is alot of software that I got through p2p.....I am ashamed BUT I honestly don't do THAT
anymore...I hope that I won't get into any trouble.....I have all of the software that I'll ever really need....I like watching movies once in a while.....R.
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Log 1

Unread postby Robinski123 » December 14th, 2011, 12:12 pm

ComboFix 11-12-06.02 - Robin 12/07/11 22:22:45.1.3 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.7021 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robin\AppData\Roaming\inst.exe
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event
c:\users\Robin\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\tcpip.copy
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 04:29 . 2011-12-08 04:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C677301A-185E-44C0-ACA4-6A05FF909BD6}\offreg.dll
2011-12-08 04:29 . 2011-12-08 04:29 -------- d-----w- c:\programdata\NVIDIA
2011-12-08 03:47 . 2011-12-08 03:47 -------- d-----w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34 . 2011-12-08 00:34 -------- d-----w- c:\program files (x86)\ESET
2011-12-07 23:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C677301A-185E-44C0-ACA4-6A05FF909BD6}\mpengine.dll
2011-12-07 09:33 . 2011-12-07 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-07 06:06 . 2011-12-07 06:11 -------- d-----w- c:\programdata\IObit
2011-12-07 05:49 . 2011-12-07 05:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 23:15 . 2011-11-28 23:15 -------- d--h--w- c:\users\Public\CyberLink
2011-11-28 23:15 . 2011-11-28 23:15 -------- d--h--w- c:\users\Robin\CyberLink
2011-11-28 23:12 . 2011-11-28 23:12 -------- d--h--w- c:\users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\program files (x86)\zoomintoIE
2011-11-28 22:17 . 2011-11-28 22:17 -------- d--h--w- c:\users\Robin\pentadactyl
2011-11-28 15:45 . 2011-11-28 15:45 0 ----a-w- c:\users\Robin\AppData\Local\BIT4A86.tmp
2011-11-18 08:49 . 2011-11-23 01:32 -------- d-----w- c:\users\Robin\.gimp-2.6
2011-11-18 06:10 . 2011-11-18 06:10 -------- d--h--w- c:\users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-18 04:02 . 2011-11-18 04:02 -------- d--h--w- c:\programdata\regid.1986-12.com.adobe
2011-11-18 03:59 . 2011-11-18 04:02 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-18 03:58 . 2011-11-18 03:58 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-11-14 03:29 . 2011-08-15 20:51 79232 ----a-w- c:\windows\system32\drivers\dvdfab.sys
2011-11-14 03:29 . 2011-12-07 10:50 -------- d-----w- c:\program files (x86)\DVDFab Passkey
2011-11-14 02:52 . 2011-11-14 02:52 -------- d-----w- c:\program files (x86)\SlySoft
2011-11-11 08:29 . 2011-12-06 09:21 -------- d-----w- c:\users\Robin\.1-www.alibaba.com-PP
2011-11-09 06:30 . 2011-11-09 06:30 -------- d--h--w- c:\programdata\NVIDIA Corporation
2011-11-09 06:24 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 06:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 06:24 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:24 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 16:53 . 2011-05-19 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2010-12-20 22:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 02:43 . 2010-01-31 03:06 82816 ----a-w- c:\users\Robin\AppData\Roaming\pcouffin.sys
2011-11-02 00:00 . 2010-07-16 22:19 5018 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-11 18:56 . 2011-10-11 18:56 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A64552E0-5EFC-4868-944A-ECE595E015ED}\gapaengine.dll
2011-09-21 02:52 . 2010-10-15 19:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6C.tmp
2011-09-18 06:19 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-10 00:23 . 2011-10-09 23:27 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2006-03-26 20:24 . 2009-10-12 01:26 557056 ----a-w- c:\program files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23 . 2009-10-12 01:26 442368 ----a-w- c:\program files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15 . 2009-10-12 01:26 98304 ----a-w- c:\program files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26 . 2009-10-12 01:26 417792 ----a-w- c:\program files (x86)\WaveShell-VST 5.2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ACDF77A9-9EDA-407f-969F-B3BCBE3217D0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 576232]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RAVCpl64.exe - Shortcut.lnk - c:\program files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe [2009-3-3 6564384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FKFAP;FKFAP;c:\program files (x86)\Perfect Uninstaller\FKFAP.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 343856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tcpz-x64;Tcpz-x64;c:\users\Robin\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ASRservice;ASRservice;c:\program files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2009-12-10 697104]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiA
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - TfFsMon
*Deregistered* - TfNetMon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Zoom Into - c:\program files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files (x86)\Ant.com\IE add-on\Download.dll
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b6526ae ... g=en-GB&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60989253.sys
WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)
AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2E924F4F-67F0-4BD8-9560-49F468E843D2}"=hex:51,66,7a,6c,4c,1d,38,12,21,4c,81,
2a,c2,29,b6,0e,ea,76,0a,b4,6d,b6,07,c6
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}"=hex:51,66,7a,6c,4c,1d,38,12,5f,dd,7c,
30,cb,91,e4,04,ef,de,f9,71,d9,c1,b6,fb
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ACDF77A9-9EDA-407F-969F-B3BCBE3217D0}"=hex:51,66,7a,6c,4c,1d,38,12,c7,74,cc,
a8,e8,d0,11,05,e9,89,f0,fc,bb,6c,53,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,5d,5b,3b,23,ae,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-12-07 22:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 04:44
.
Pre-Run: 248,549,744,640 bytes free
Post-Run: 248,381,444,096 bytes free
.
- - End Of File - - A3D5FC26B2C2716C0A7AFA83D2DEEB4E
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Log 2

Unread postby Robinski123 » December 14th, 2011, 12:14 pm

2011-12-08 04:35:11 . 2011-12-08 04:35:11 1,974 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1.reg.dat
2011-12-08 04:34:53 . 2011-12-08 04:34:53 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}.reg.dat
2011-12-08 04:34:46 . 2011-12-08 04:34:46 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-60989253.sys.reg.dat
2011-12-08 04:26:47 . 2011-12-08 04:26:47 4,399 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-08 04:20:57 . 2011-12-08 04:20:57 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-18 04:32:35 . 2011-11-18 04:32:36 366,516 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.txt.vir
2010-07-16 04:30:22 . 2010-07-16 04:30:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event.vir
2010-02-11 07:11:20 . 2009-07-14 01:45:55 1,898,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\tcpip.copy.vir
2010-01-31 03:08:09 . 2011-10-27 01:00:59 668 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\vso_ts_preview.xml.vir
2010-01-31 03:06:32 . 2011-11-14 02:43:25 99,384 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\inst.exe.vir
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Log 3

Unread postby Robinski123 » December 14th, 2011, 12:14 pm

23:51:28.0351 1420 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:51:28.0398 1420 ============================================================
23:51:28.0398 1420 Current date / time: 2011/12/06 23:51:28.0398
23:51:28.0398 1420 SystemInfo:
23:51:28.0398 1420
23:51:28.0398 1420 OS Version: 6.1.7601 ServicePack: 1.0
23:51:28.0398 1420 Product type: Workstation
23:51:28.0398 1420 ComputerName: ROBIN-HP
23:51:28.0398 1420 UserName: Robin
23:51:28.0398 1420 Windows directory: C:\Windows
23:51:28.0398 1420 System windows directory: C:\Windows
23:51:28.0398 1420 Running under WOW64
23:51:28.0398 1420 Processor architecture: Intel x64
23:51:28.0398 1420 Number of processors: 3
23:51:28.0398 1420 Page size: 0x1000
23:51:28.0398 1420 Boot type: Safe boot
23:51:28.0398 1420 ============================================================
23:51:29.0740 1420 Initialize success
23:51:45.0184 1192 ============================================================
23:51:45.0184 1192 Scan started
23:51:45.0184 1192 Mode: Manual;
23:51:45.0184 1192 ============================================================
23:51:46.0400 1192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:51:46.0400 1192 1394ohci - ok
23:51:46.0416 1192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:51:46.0416 1192 ACPI - ok
23:51:46.0432 1192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:51:46.0432 1192 AcpiPmi - ok
23:51:46.0510 1192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:46.0510 1192 adp94xx - ok
23:51:46.0572 1192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:51:46.0572 1192 adpahci - ok
23:51:46.0588 1192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:51:46.0588 1192 adpu320 - ok
23:51:46.0634 1192 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:51:46.0650 1192 AFD - ok
23:51:46.0681 1192 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
23:51:46.0681 1192 AgereSoftModem - ok
23:51:46.0712 1192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:51:46.0712 1192 agp440 - ok
23:51:46.0728 1192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:51:46.0728 1192 aliide - ok
23:51:46.0744 1192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:51:46.0744 1192 amdide - ok
23:51:46.0759 1192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:51:46.0759 1192 AmdK8 - ok
23:51:46.0900 1192 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:47.0009 1192 amdkmdag - ok
23:51:47.0040 1192 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:51:47.0040 1192 amdkmdap - ok
23:51:47.0071 1192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:51:47.0087 1192 AmdPPM - ok
23:51:47.0118 1192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:51:47.0118 1192 amdsata - ok
23:51:47.0134 1192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:47.0134 1192 amdsbs - ok
23:51:47.0165 1192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:51:47.0165 1192 amdxata - ok
23:51:47.0258 1192 AnyDVD (8286917a791a7c58948d83dec8b8b37f) C:\Windows\system32\Drivers\AnyDVD.sys
23:51:47.0258 1192 AnyDVD - ok
23:51:47.0290 1192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:51:47.0290 1192 AppID - ok
23:51:47.0321 1192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:51:47.0321 1192 arc - ok
23:51:47.0336 1192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:51:47.0336 1192 arcsas - ok
23:51:47.0352 1192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:47.0352 1192 AsyncMac - ok
23:51:47.0383 1192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:51:47.0383 1192 atapi - ok
23:51:47.0508 1192 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:47.0555 1192 atikmdag - ok
23:51:47.0602 1192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:47.0602 1192 b06bdrv - ok
23:51:47.0617 1192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:47.0617 1192 b57nd60a - ok
23:51:47.0648 1192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:51:47.0648 1192 Beep - ok
23:51:47.0680 1192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:47.0680 1192 blbdrive - ok
23:51:47.0711 1192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:51:47.0711 1192 bowser - ok
23:51:47.0726 1192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:47.0742 1192 BrFiltLo - ok
23:51:47.0758 1192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:47.0758 1192 BrFiltUp - ok
23:51:47.0758 1192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:51:47.0758 1192 Brserid - ok
23:51:47.0773 1192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:47.0789 1192 BrSerWdm - ok
23:51:47.0804 1192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:47.0804 1192 BrUsbMdm - ok
23:51:47.0820 1192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:47.0820 1192 BrUsbSer - ok
23:51:47.0851 1192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:47.0851 1192 BTHMODEM - ok
23:51:47.0882 1192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:51:47.0882 1192 cdfs - ok
23:51:47.0898 1192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:51:47.0898 1192 cdrom - ok
23:51:47.0914 1192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:51:47.0914 1192 circlass - ok
23:51:47.0945 1192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:51:47.0945 1192 CLFS - ok
23:51:47.0976 1192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:47.0976 1192 CmBatt - ok
23:51:47.0992 1192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:51:47.0992 1192 cmdide - ok
23:51:48.0023 1192 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:51:48.0023 1192 CNG - ok
23:51:48.0038 1192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:51:48.0038 1192 Compbatt - ok
23:51:48.0054 1192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:51:48.0054 1192 CompositeBus - ok
23:51:48.0116 1192 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
23:51:48.0116 1192 cpuz132 - ok
23:51:48.0116 1192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:48.0116 1192 crcdisk - ok
23:51:48.0163 1192 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) C:\Windows\system32\drivers\DefragFS.sys
23:51:48.0163 1192 DefragFS - ok
23:51:48.0194 1192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:51:48.0194 1192 DfsC - ok
23:51:48.0210 1192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:51:48.0210 1192 discache - ok
23:51:48.0226 1192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:51:48.0226 1192 Disk - ok
23:51:48.0257 1192 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:51:48.0272 1192 Dot4 - ok
23:51:48.0304 1192 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:51:48.0304 1192 Dot4Print - ok
23:51:48.0319 1192 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:51:48.0319 1192 dot4usb - ok
23:51:48.0350 1192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:51:48.0350 1192 drmkaud - ok
23:51:48.0413 1192 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
23:51:48.0413 1192 dvdfab - ok
23:51:48.0460 1192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:51:48.0460 1192 DXGKrnl - ok
23:51:48.0538 1192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:51:48.0553 1192 ebdrv - ok
23:51:48.0647 1192 ElbyCDIO (7984a82c1c373923330e6781f762d140) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:51:48.0647 1192 ElbyCDIO - ok
23:51:48.0678 1192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:51:48.0678 1192 elxstor - ok
23:51:48.0740 1192 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
23:51:48.0740 1192 epmntdrv - ok
23:51:48.0772 1192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:51:48.0772 1192 ErrDev - ok
23:51:48.0850 1192 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
23:51:48.0850 1192 EuGdiDrv - ok
23:51:48.0881 1192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:51:48.0896 1192 exfat - ok
23:51:48.0928 1192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:51:48.0928 1192 fastfat - ok
23:51:48.0943 1192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:51:48.0943 1192 fdc - ok
23:51:48.0974 1192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:51:48.0974 1192 FileInfo - ok
23:51:48.0990 1192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:51:48.0990 1192 Filetrace - ok
23:51:49.0037 1192 FKFAP - ok
23:51:49.0068 1192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:49.0068 1192 flpydisk - ok
23:51:49.0099 1192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:51:49.0115 1192 FltMgr - ok
23:51:49.0130 1192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:51:49.0130 1192 FsDepends - ok
23:51:49.0130 1192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:51:49.0130 1192 Fs_Rec - ok
23:51:49.0177 1192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:51:49.0177 1192 fvevol - ok
23:51:49.0193 1192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:49.0193 1192 gagp30kx - ok
23:51:49.0240 1192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:51:49.0240 1192 hcw85cir - ok
23:51:49.0286 1192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:51:49.0286 1192 HdAudAddService - ok
23:51:49.0333 1192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:49.0333 1192 HDAudBus - ok
23:51:49.0349 1192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:49.0349 1192 HidBatt - ok
23:51:49.0364 1192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:51:49.0364 1192 HidBth - ok
23:51:49.0380 1192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:51:49.0380 1192 HidIr - ok
23:51:49.0411 1192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:51:49.0411 1192 HidUsb - ok
23:51:49.0489 1192 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys
23:51:49.0489 1192 hotcore3 - ok
23:51:49.0520 1192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:51:49.0520 1192 HpSAMD - ok
23:51:49.0583 1192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:51:49.0583 1192 HTTP - ok
23:51:49.0614 1192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:51:49.0614 1192 hwpolicy - ok
23:51:49.0630 1192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:51:49.0630 1192 i8042prt - ok
23:51:49.0676 1192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:51:49.0676 1192 iaStorV - ok
23:51:49.0692 1192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:51:49.0692 1192 iirsp - ok
23:51:49.0754 1192 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
23:51:49.0770 1192 IntcAzAudAddService - ok
23:51:49.0786 1192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:51:49.0786 1192 intelide - ok
23:51:49.0817 1192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:51:49.0817 1192 intelppm - ok
23:51:49.0864 1192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:49.0864 1192 IpFilterDriver - ok
23:51:49.0895 1192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:51:49.0895 1192 IPMIDRV - ok
23:51:49.0926 1192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:51:49.0926 1192 IPNAT - ok
23:51:49.0957 1192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:51:49.0957 1192 IRENUM - ok
23:51:49.0973 1192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:51:49.0973 1192 isapnp - ok
23:51:50.0004 1192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:51:50.0004 1192 iScsiPrt - ok
23:51:50.0035 1192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:51:50.0035 1192 kbdclass - ok
23:51:50.0066 1192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:51:50.0066 1192 kbdhid - ok
23:51:50.0082 1192 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:51:50.0082 1192 KSecDD - ok
23:51:50.0113 1192 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:51:50.0113 1192 KSecPkg - ok
23:51:50.0129 1192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:51:50.0129 1192 ksthunk - ok
23:51:50.0160 1192 L6PODX3 (db08799c17af4f23a5ac2a6218a0c8f6) C:\Windows\system32\Drivers\L6PODX364.sys
23:51:50.0176 1192 L6PODX3 - ok
23:51:50.0207 1192 L6TPortGX (9878d1602a503fc92786cebff2951b68) C:\Windows\system32\Drivers\L6TPortGX64.sys
23:51:50.0222 1192 L6TPortGX - ok
23:51:50.0269 1192 L6UX1 (0ffd454efac2882e366d598163cca6e7) C:\Windows\system32\Drivers\L6UX164.sys
23:51:50.0285 1192 L6UX1 - ok
23:51:50.0300 1192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:51:50.0300 1192 lltdio - ok
23:51:50.0347 1192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:50.0347 1192 LSI_FC - ok
23:51:50.0363 1192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:50.0363 1192 LSI_SAS - ok
23:51:50.0363 1192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:50.0378 1192 LSI_SAS2 - ok
23:51:50.0378 1192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:50.0394 1192 LSI_SCSI - ok
23:51:50.0425 1192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:51:50.0425 1192 luafv - ok
23:51:50.0456 1192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:51:50.0456 1192 megasas - ok
23:51:50.0488 1192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:50.0488 1192 MegaSR - ok
23:51:50.0503 1192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:51:50.0503 1192 Modem - ok
23:51:50.0550 1192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:51:50.0550 1192 monitor - ok
23:51:50.0550 1192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:51:50.0550 1192 mouclass - ok
23:51:50.0597 1192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:51:50.0597 1192 mouhid - ok
23:51:50.0628 1192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:51:50.0628 1192 mountmgr - ok
23:51:50.0690 1192 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:51:50.0690 1192 MpFilter - ok
23:51:50.0722 1192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:51:50.0722 1192 mpio - ok
23:51:50.0768 1192 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:51:50.0768 1192 MpNWMon - ok
23:51:50.0784 1192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:51:50.0784 1192 mpsdrv - ok
23:51:50.0815 1192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:51:50.0815 1192 MRxDAV - ok
23:51:50.0846 1192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:50.0846 1192 mrxsmb - ok
23:51:50.0878 1192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:50.0878 1192 mrxsmb10 - ok
23:51:50.0893 1192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:50.0893 1192 mrxsmb20 - ok
23:51:50.0909 1192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:51:50.0909 1192 msahci - ok
23:51:50.0940 1192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:51:50.0940 1192 msdsm - ok
23:51:50.0987 1192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:51:50.0987 1192 Msfs - ok
23:51:51.0002 1192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:51:51.0002 1192 mshidkmdf - ok
23:51:51.0018 1192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:51:51.0018 1192 msisadrv - ok
23:51:51.0049 1192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:51:51.0049 1192 MSKSSRV - ok
23:51:51.0096 1192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:51.0096 1192 MSPCLOCK - ok
23:51:51.0112 1192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:51:51.0112 1192 MSPQM - ok
23:51:51.0158 1192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:51:51.0158 1192 MsRPC - ok
23:51:51.0174 1192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:51:51.0174 1192 mssmbios - ok
23:51:51.0205 1192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:51:51.0205 1192 MSTEE - ok
23:51:51.0221 1192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:51.0221 1192 MTConfig - ok
23:51:51.0252 1192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:51:51.0252 1192 Mup - ok
23:51:51.0299 1192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:51:51.0299 1192 NativeWifiP - ok
23:51:51.0346 1192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:51:51.0361 1192 NDIS - ok
23:51:51.0392 1192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:51.0392 1192 NdisCap - ok
23:51:51.0408 1192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:51.0424 1192 NdisTapi - ok
23:51:51.0439 1192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:51.0439 1192 Ndisuio - ok
23:51:51.0486 1192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:51.0486 1192 NdisWan - ok
23:51:51.0517 1192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:51:51.0517 1192 NDProxy - ok
23:51:51.0564 1192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:51:51.0564 1192 NetBIOS - ok
23:51:51.0595 1192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:51:51.0595 1192 NetBT - ok
23:51:51.0642 1192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:51.0642 1192 nfrd960 - ok
23:51:51.0689 1192 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:51:51.0689 1192 NisDrv - ok
23:51:51.0736 1192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:51:51.0736 1192 Npfs - ok
23:51:51.0751 1192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:51:51.0751 1192 nsiproxy - ok
23:51:51.0814 1192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:51:51.0829 1192 Ntfs - ok
23:51:51.0829 1192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:51:51.0829 1192 Null - ok
23:51:51.0860 1192 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:51:51.0876 1192 NVENETFD - ok
23:51:51.0938 1192 NVHDA (7c5b642380b9ade6734721057c03f900) C:\Windows\system32\drivers\nvhda64v.sys
23:51:51.0938 1192 NVHDA - ok
23:51:52.0188 1192 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:51:52.0406 1192 nvlddmkm - ok
23:51:52.0469 1192 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:51:52.0469 1192 NVNET - ok
23:51:52.0469 1192 NVR0FLASHDev - ok
23:51:52.0500 1192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:51:52.0500 1192 nvraid - ok
23:51:52.0531 1192 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
23:51:52.0531 1192 nvrd64 - ok
23:51:52.0562 1192 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
23:51:52.0562 1192 nvsmu - ok
23:51:52.0578 1192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:51:52.0578 1192 nvstor - ok
23:51:52.0594 1192 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
23:51:52.0594 1192 nvstor64 - ok
23:51:52.0656 1192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:51:52.0656 1192 nv_agp - ok
23:51:52.0703 1192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:51:52.0703 1192 ohci1394 - ok
23:51:52.0750 1192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:51:52.0750 1192 Parport - ok
23:51:52.0765 1192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:51:52.0765 1192 partmgr - ok
23:51:52.0781 1192 PcdrNdisuio - ok
23:51:52.0796 1192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:51:52.0796 1192 pci - ok
23:51:52.0828 1192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:51:52.0828 1192 pciide - ok
23:51:52.0843 1192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:52.0843 1192 pcmcia - ok
23:51:52.0890 1192 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:51:52.0890 1192 pcouffin - ok
23:51:52.0906 1192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:51:52.0906 1192 pcw - ok
23:51:52.0921 1192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:51:52.0937 1192 PEAUTH - ok
23:51:52.0999 1192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:51:52.0999 1192 PptpMiniport - ok
23:51:53.0015 1192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:51:53.0015 1192 Processor - ok
23:51:53.0062 1192 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
23:51:53.0062 1192 Ps2 - ok
23:51:53.0093 1192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:51:53.0093 1192 Psched - ok
23:51:53.0155 1192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:51:53.0155 1192 ql2300 - ok
23:51:53.0186 1192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:53.0186 1192 ql40xx - ok
23:51:53.0218 1192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:51:53.0218 1192 QWAVEdrv - ok
23:51:53.0233 1192 RapportKE64 - ok
23:51:53.0264 1192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:51:53.0264 1192 RasAcd - ok
23:51:53.0311 1192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:53.0311 1192 RasAgileVpn - ok
23:51:53.0327 1192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:53.0327 1192 Rasl2tp - ok
23:51:53.0358 1192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:53.0358 1192 RasPppoe - ok
23:51:53.0405 1192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:51:53.0405 1192 RasSstp - ok
23:51:53.0436 1192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:51:53.0436 1192 rdbss - ok
23:51:53.0436 1192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:53.0436 1192 rdpbus - ok
23:51:53.0467 1192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:53.0467 1192 RDPCDD - ok
23:51:53.0467 1192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:51:53.0467 1192 RDPENCDD - ok
23:51:53.0498 1192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:51:53.0498 1192 RDPREFMP - ok
23:51:53.0530 1192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:51:53.0530 1192 RDPWD - ok
23:51:53.0576 1192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:51:53.0576 1192 rdyboost - ok
23:51:53.0623 1192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:51:53.0623 1192 rspndr - ok
23:51:53.0779 1192 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
23:51:53.0795 1192 SASDIFSV - ok
23:51:53.0842 1192 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
23:51:53.0842 1192 SASKUTIL - ok
23:51:53.0998 1192 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
23:51:53.0998 1192 SbieDrv - ok
23:51:54.0060 1192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:51:54.0060 1192 sbp2port - ok
23:51:54.0107 1192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:51:54.0107 1192 scfilter - ok
23:51:54.0138 1192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:51:54.0138 1192 secdrv - ok
23:51:54.0169 1192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:51:54.0169 1192 Serenum - ok
23:51:54.0216 1192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:51:54.0216 1192 Serial - ok
23:51:54.0232 1192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:51:54.0232 1192 sermouse - ok
23:51:54.0294 1192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:51:54.0294 1192 sffdisk - ok
23:51:54.0294 1192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:51:54.0294 1192 sffp_mmc - ok
23:51:54.0310 1192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:51:54.0310 1192 sffp_sd - ok
23:51:54.0325 1192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:54.0325 1192 sfloppy - ok
23:51:54.0388 1192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:54.0388 1192 SiSRaid2 - ok
23:51:54.0403 1192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:54.0403 1192 SiSRaid4 - ok
23:51:54.0419 1192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:51:54.0419 1192 Smb - ok
23:51:54.0419 1192 speedfan - ok
23:51:54.0466 1192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:51:54.0466 1192 spldr - ok
23:51:54.0497 1192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:51:54.0512 1192 srv - ok
23:51:54.0512 1192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:51:54.0528 1192 srv2 - ok
23:51:54.0528 1192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:51:54.0528 1192 srvnet - ok
23:51:54.0590 1192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:51:54.0590 1192 stexstor - ok
23:51:54.0622 1192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:51:54.0622 1192 swenum - ok
23:51:54.0746 1192 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:51:54.0746 1192 Tcpip - ok
23:51:54.0793 1192 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:51:54.0809 1192 TCPIP6 - ok
23:51:54.0856 1192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:51:54.0856 1192 tcpipreg - ok
23:51:54.0980 1192 Tcpz-x64 - ok
23:51:55.0012 1192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:51:55.0012 1192 TDPIPE - ok
23:51:55.0027 1192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:51:55.0027 1192 TDTCP - ok
23:51:55.0074 1192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:51:55.0074 1192 tdx - ok
23:51:55.0105 1192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:51:55.0105 1192 TermDD - ok
23:51:55.0152 1192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:55.0152 1192 tssecsrv - ok
23:51:55.0183 1192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:51:55.0183 1192 TsUsbFlt - ok
23:51:55.0230 1192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:51:55.0230 1192 tunnel - ok
23:51:55.0246 1192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:51:55.0246 1192 uagp35 - ok
23:51:55.0292 1192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:51:55.0292 1192 udfs - ok
23:51:55.0370 1192 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys
23:51:55.0370 1192 UimBus - ok
23:51:55.0402 1192 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys
23:51:55.0417 1192 Uim_IM - ok
23:51:55.0448 1192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:51:55.0448 1192 uliagpkx - ok
23:51:55.0464 1192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:51:55.0464 1192 umbus - ok
23:51:55.0495 1192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:51:55.0495 1192 UmPass - ok
23:51:55.0573 1192 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:51:55.0573 1192 usbaudio - ok
23:51:55.0620 1192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:55.0620 1192 usbccgp - ok
23:51:55.0651 1192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:51:55.0651 1192 usbcir - ok
23:51:55.0682 1192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:51:55.0698 1192 usbehci - ok
23:51:55.0714 1192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:51:55.0714 1192 usbhub - ok
23:51:55.0745 1192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:51:55.0745 1192 usbohci - ok
23:51:55.0776 1192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:51:55.0776 1192 usbprint - ok
23:51:55.0807 1192 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:51:55.0807 1192 usbscan - ok
23:51:55.0838 1192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:51:55.0838 1192 USBSTOR - ok
23:51:55.0854 1192 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:51:55.0854 1192 usbuhci - ok
23:51:55.0916 1192 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:51:55.0916 1192 VBoxNetAdp - ok
23:51:55.0948 1192 VBoxNetFlt - ok
23:51:55.0994 1192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:51:55.0994 1192 vdrvroot - ok
23:51:56.0010 1192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:56.0026 1192 vga - ok
23:51:56.0041 1192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:51:56.0041 1192 VgaSave - ok
23:51:56.0072 1192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:51:56.0072 1192 vhdmp - ok
23:51:56.0104 1192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:51:56.0104 1192 viaide - ok
23:51:56.0119 1192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:51:56.0119 1192 volmgr - ok
23:51:56.0150 1192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:51:56.0150 1192 volmgrx - ok
23:51:56.0213 1192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:51:56.0213 1192 volsnap - ok
23:51:56.0244 1192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:56.0244 1192 vsmraid - ok
23:51:56.0275 1192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:51:56.0275 1192 vwifibus - ok
23:51:56.0322 1192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:51:56.0322 1192 WacomPen - ok
23:51:56.0353 1192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:51:56.0353 1192 WANARP - ok
23:51:56.0353 1192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:51:56.0353 1192 Wanarpv6 - ok
23:51:56.0400 1192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:51:56.0400 1192 Wd - ok
23:51:56.0447 1192 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:51:56.0447 1192 WDC_SAM - ok
23:51:56.0494 1192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:51:56.0509 1192 Wdf01000 - ok
23:51:56.0572 1192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:56.0572 1192 WfpLwf - ok
23:51:56.0587 1192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:51:56.0587 1192 WIMMount - ok
23:51:56.0650 1192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:51:56.0650 1192 WmiAcpi - ok
23:51:56.0681 1192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:51:56.0681 1192 ws2ifsl - ok
23:51:56.0712 1192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:51:56.0728 1192 WudfPf - ok
23:51:56.0728 1192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:56.0728 1192 WUDFRd - ok
23:51:56.0759 1192 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
23:51:56.0946 1192 \Device\Harddisk0\DR0 - ok
23:51:56.0962 1192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:51:56.0962 1192 \Device\Harddisk1\DR1 - ok
23:51:56.0962 1192 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
23:51:56.0977 1192 \Device\Harddisk4\DR4 - ok
23:51:56.0977 1192 Boot (0x1200) (4d00c673ac3ae071e187f8aaeafdf9f4) \Device\Harddisk0\DR0\Partition0
23:51:56.0977 1192 \Device\Harddisk0\DR0\Partition0 - ok
23:51:56.0993 1192 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
23:51:56.0993 1192 \Device\Harddisk0\DR0\Partition1 - ok
23:51:56.0993 1192 Boot (0x1200) (2c7b73fafdad923e1d829442b1346fd8) \Device\Harddisk1\DR1\Partition0
23:51:56.0993 1192 \Device\Harddisk1\DR1\Partition0 - ok
23:51:57.0008 1192 Boot (0x1200) (c77d7510dd683831cf1df0e461efa144) \Device\Harddisk1\DR1\Partition1
23:51:57.0008 1192 \Device\Harddisk1\DR1\Partition1 - ok
23:51:57.0008 1192 Boot (0x1200) (50e9b6e51fd5798940fe245b779c347e) \Device\Harddisk4\DR4\Partition0
23:51:57.0008 1192 \Device\Harddisk4\DR4\Partition0 - ok
23:51:57.0008 1192 ============================================================
23:51:57.0008 1192 Scan finished
23:51:57.0008 1192 ============================================================
23:51:57.0024 1544 Detected object count: 0
23:51:57.0024 1544 Actual detected object count: 0
23:52:19.0020 1524 ============================================================
23:52:19.0020 1524 Scan started
23:52:19.0020 1524 Mode: Manual; SigCheck; TDLFS;
23:52:19.0020 1524 ============================================================
23:52:19.0582 1524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:52:19.0847 1524 1394ohci - ok
23:52:19.0878 1524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:52:19.0894 1524 ACPI - ok
23:52:19.0909 1524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:52:19.0940 1524 AcpiPmi - ok
23:52:19.0987 1524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:52:20.0003 1524 adp94xx - ok
23:52:20.0018 1524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:52:20.0034 1524 adpahci - ok
23:52:20.0050 1524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:52:20.0050 1524 adpu320 - ok
23:52:20.0112 1524 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:52:20.0128 1524 AFD - ok
23:52:20.0174 1524 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
23:52:20.0190 1524 AgereSoftModem - ok
23:52:20.0221 1524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:52:20.0221 1524 agp440 - ok
23:52:20.0237 1524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:52:20.0252 1524 aliide - ok
23:52:20.0284 1524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:52:20.0284 1524 amdide - ok
23:52:20.0299 1524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:52:20.0346 1524 AmdK8 - ok
23:52:20.0471 1524 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:20.0564 1524 amdkmdag - ok
23:52:20.0596 1524 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:52:20.0627 1524 amdkmdap - ok
23:52:20.0658 1524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:52:20.0658 1524 AmdPPM - ok
23:52:20.0689 1524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:52:20.0705 1524 amdsata - ok
23:52:20.0720 1524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:52:20.0736 1524 amdsbs - ok
23:52:20.0767 1524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:52:20.0783 1524 amdxata - ok
23:52:20.0830 1524 AnyDVD (8286917a791a7c58948d83dec8b8b37f) C:\Windows\system32\Drivers\AnyDVD.sys
23:52:21.0095 1524 AnyDVD - ok
23:52:21.0126 1524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:52:21.0204 1524 AppID - ok
23:52:21.0235 1524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:52:21.0251 1524 arc - ok
23:52:21.0266 1524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:52:21.0282 1524 arcsas - ok
23:52:21.0313 1524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:52:21.0360 1524 AsyncMac - ok
23:52:21.0407 1524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:52:21.0407 1524 atapi - ok
23:52:21.0547 1524 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:21.0641 1524 atikmdag - ok
23:52:21.0672 1524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:52:21.0688 1524 b06bdrv - ok
23:52:21.0703 1524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:52:21.0734 1524 b57nd60a - ok
23:52:21.0766 1524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:52:21.0812 1524 Beep - ok
23:52:21.0844 1524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:52:21.0875 1524 blbdrive - ok
23:52:21.0906 1524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:52:21.0922 1524 bowser - ok
23:52:21.0937 1524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:52:22.0015 1524 BrFiltLo - ok
23:52:22.0031 1524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:52:22.0046 1524 BrFiltUp - ok
23:52:22.0062 1524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:52:22.0078 1524 Brserid - ok
23:52:22.0109 1524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:52:22.0124 1524 BrSerWdm - ok
23:52:22.0140 1524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:52:22.0171 1524 BrUsbMdm - ok
23:52:22.0202 1524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:52:22.0218 1524 BrUsbSer - ok
23:52:22.0234 1524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:52:22.0265 1524 BTHMODEM - ok
23:52:22.0296 1524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:52:22.0343 1524 cdfs - ok
23:52:22.0374 1524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:52:22.0405 1524 cdrom - ok
23:52:22.0436 1524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:52:22.0452 1524 circlass - ok
23:52:22.0499 1524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:52:22.0514 1524 CLFS - ok
23:52:22.0530 1524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:52:22.0561 1524 CmBatt - ok
23:52:22.0577 1524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:52:22.0592 1524 cmdide - ok
23:52:22.0624 1524 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:52:22.0655 1524 CNG - ok
23:52:22.0655 1524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:52:22.0670 1524 Compbatt - ok
23:52:22.0702 1524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:52:22.0717 1524 CompositeBus - ok
23:52:22.0748 1524 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
23:52:22.0764 1524 cpuz132 - ok
23:52:22.0764 1524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:52:22.0780 1524 crcdisk - ok
23:52:22.0811 1524 DefragFS (d07cfb826d1c7648e74f369dea4dbef8) C:\Windows\system32\drivers\DefragFS.sys
23:52:22.0826 1524 DefragFS - ok
23:52:22.0842 1524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:52:22.0904 1524 DfsC - ok
23:52:22.0936 1524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:52:22.0967 1524 discache - ok
23:52:22.0982 1524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:52:22.0982 1524 Disk - ok
23:52:23.0014 1524 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:52:23.0060 1524 Dot4 - ok
23:52:23.0076 1524 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:52:23.0107 1524 Dot4Print - ok
23:52:23.0123 1524 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:52:23.0154 1524 dot4usb - ok
23:52:23.0185 1524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:52:23.0216 1524 drmkaud - ok
23:52:23.0248 1524 dvdfab (eee504899a0cc781f09cf003ca897771) C:\Windows\system32\drivers\dvdfab.sys
23:52:23.0248 1524 dvdfab - ok
23:52:23.0310 1524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:52:23.0326 1524 DXGKrnl - ok
23:52:23.0404 1524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:52:23.0450 1524 ebdrv - ok
23:52:23.0528 1524 ElbyCDIO (7984a82c1c373923330e6781f762d140) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:52:23.0528 1524 ElbyCDIO - ok
23:52:23.0560 1524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:52:23.0575 1524 elxstor - ok
23:52:23.0622 1524 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
23:52:23.0653 1524 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
23:52:23.0653 1524 epmntdrv - detected UnsignedFile.Multi.Generic (1)
23:52:23.0684 1524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:52:23.0716 1524 ErrDev - ok
23:52:23.0747 1524 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
23:52:23.0762 1524 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
23:52:23.0762 1524 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
23:52:23.0778 1524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:52:23.0840 1524 exfat - ok
23:52:23.0856 1524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:52:23.0918 1524 fastfat - ok
23:52:23.0934 1524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:52:23.0965 1524 fdc - ok
23:52:23.0996 1524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:52:23.0996 1524 FileInfo - ok
23:52:24.0012 1524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:52:24.0074 1524 Filetrace - ok
23:52:24.0106 1524 FKFAP - ok
23:52:24.0121 1524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:52:24.0152 1524 flpydisk - ok
23:52:24.0184 1524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:52:24.0199 1524 FltMgr - ok
23:52:24.0215 1524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:52:24.0230 1524 FsDepends - ok
23:52:24.0230 1524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:52:24.0246 1524 Fs_Rec - ok
23:52:24.0277 1524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:52:24.0277 1524 fvevol - ok
23:52:24.0308 1524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:52:24.0308 1524 gagp30kx - ok
23:52:24.0340 1524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:52:24.0355 1524 hcw85cir - ok
23:52:24.0386 1524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:52:24.0418 1524 HdAudAddService - ok
23:52:24.0449 1524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:52:24.0464 1524 HDAudBus - ok
23:52:24.0496 1524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:52:24.0511 1524 HidBatt - ok
23:52:24.0511 1524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:52:24.0527 1524 HidBth - ok
23:52:24.0542 1524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:52:24.0574 1524 HidIr - ok
23:52:24.0589 1524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:52:24.0620 1524 HidUsb - ok
23:52:24.0667 1524 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys
23:52:24.0667 1524 hotcore3 - ok
23:52:24.0698 1524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:52:24.0714 1524 HpSAMD - ok
23:52:24.0761 1524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:52:24.0823 1524 HTTP - ok
23:52:24.0854 1524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:52:24.0870 1524 hwpolicy - ok
23:52:24.0886 1524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:52:24.0886 1524 i8042prt - ok
23:52:24.0932 1524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:52:24.0948 1524 iaStorV - ok
23:52:24.0979 1524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:52:24.0979 1524 iirsp - ok
23:52:25.0057 1524 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
23:52:25.0088 1524 IntcAzAudAddService - ok
23:52:25.0104 1524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:52:25.0120 1524 intelide - ok
23:52:25.0135 1524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:52:25.0151 1524 intelppm - ok
23:52:25.0198 1524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:52:25.0229 1524 IpFilterDriver - ok
23:52:25.0260 1524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:52:25.0276 1524 IPMIDRV - ok
23:52:25.0291 1524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:52:25.0338 1524 IPNAT - ok
23:52:25.0369 1524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:52:25.0400 1524 IRENUM - ok
23:52:25.0416 1524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:52:25.0416 1524 isapnp - ok
23:52:25.0447 1524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:52:25.0447 1524 iScsiPrt - ok
23:52:25.0478 1524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:52:25.0494 1524 kbdclass - ok
23:52:25.0525 1524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:52:25.0541 1524 kbdhid - ok
23:52:25.0572 1524 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:52:25.0572 1524 KSecDD - ok
23:52:25.0603 1524 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:52:25.0619 1524 KSecPkg - ok
23:52:25.0634 1524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:52:25.0697 1524 ksthunk - ok
23:52:25.0744 1524 L6PODX3 (db08799c17af4f23a5ac2a6218a0c8f6) C:\Windows\system32\Drivers\L6PODX364.sys
23:52:25.0759 1524 L6PODX3 - ok
23:52:25.0806 1524 L6TPortGX (9878d1602a503fc92786cebff2951b68) C:\Windows\system32\Drivers\L6TPortGX64.sys
23:52:25.0822 1524 L6TPortGX - ok
23:52:25.0868 1524 L6UX1 (0ffd454efac2882e366d598163cca6e7) C:\Windows\system32\Drivers\L6UX164.sys
23:52:25.0884 1524 L6UX1 - ok
23:52:25.0915 1524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:52:25.0962 1524 lltdio - ok
23:52:25.0993 1524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:52:25.0993 1524 LSI_FC - ok
23:52:26.0009 1524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:52:26.0024 1524 LSI_SAS - ok
23:52:26.0040 1524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:52:26.0040 1524 LSI_SAS2 - ok
23:52:26.0056 1524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:52:26.0071 1524 LSI_SCSI - ok
23:52:26.0102 1524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:52:26.0149 1524 luafv - ok
23:52:26.0165 1524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:52:26.0165 1524 megasas - ok
23:52:26.0196 1524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:52:26.0212 1524 MegaSR - ok
23:52:26.0227 1524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:52:26.0274 1524 Modem - ok
23:52:26.0290 1524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:52:26.0321 1524 monitor - ok
23:52:26.0352 1524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:52:26.0368 1524 mouclass - ok
23:52:26.0414 1524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:52:26.0414 1524 mouhid - ok
23:52:26.0446 1524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:52:26.0461 1524 mountmgr - ok
23:52:26.0492 1524 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:52:26.0492 1524 MpFilter - ok
23:52:26.0539 1524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:52:26.0539 1524 mpio - ok
23:52:26.0570 1524 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:52:26.0570 1524 MpNWMon - ok
23:52:26.0602 1524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:52:26.0648 1524 mpsdrv - ok
23:52:26.0695 1524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:52:26.0726 1524 MRxDAV - ok
23:52:26.0758 1524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:52:26.0773 1524 mrxsmb - ok
23:52:26.0804 1524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:52:26.0804 1524 mrxsmb10 - ok
23:52:26.0820 1524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:52:26.0836 1524 mrxsmb20 - ok
23:52:26.0851 1524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:52:26.0867 1524 msahci - ok
23:52:26.0882 1524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:52:26.0898 1524 msdsm - ok
23:52:26.0945 1524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:52:26.0976 1524 Msfs - ok
23:52:26.0992 1524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:52:27.0038 1524 mshidkmdf - ok
23:52:27.0054 1524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:52:27.0070 1524 msisadrv - ok
23:52:27.0101 1524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:52:27.0148 1524 MSKSSRV - ok
23:52:27.0163 1524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:52:27.0210 1524 MSPCLOCK - ok
23:52:27.0226 1524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:52:27.0288 1524 MSPQM - ok
23:52:27.0335 1524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:52:27.0350 1524 MsRPC - ok
23:52:27.0366 1524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:52:27.0366 1524 mssmbios - ok
23:52:27.0397 1524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:52:27.0444 1524 MSTEE - ok
23:52:27.0460 1524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:52:27.0475 1524 MTConfig - ok
23:52:27.0506 1524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:52:27.0522 1524 Mup - ok
23:52:27.0553 1524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:52:27.0584 1524 NativeWifiP - ok
23:52:27.0631 1524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:52:27.0662 1524 NDIS - ok
23:52:27.0678 1524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:52:27.0725 1524 NdisCap - ok
23:52:27.0756 1524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:52:27.0803 1524 NdisTapi - ok
23:52:27.0850 1524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:52:27.0896 1524 Ndisuio - ok
23:52:27.0928 1524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:52:27.0959 1524 NdisWan - ok
23:52:27.0974 1524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:52:28.0021 1524 NDProxy - ok
23:52:28.0037 1524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:52:28.0084 1524 NetBIOS - ok
23:52:28.0115 1524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:52:28.0162 1524 NetBT - ok
23:52:28.0193 1524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:52:28.0208 1524 nfrd960 - ok
23:52:28.0255 1524 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:52:28.0271 1524 NisDrv - ok
23:52:28.0302 1524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:52:28.0349 1524 Npfs - ok
23:52:28.0380 1524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:52:28.0427 1524 nsiproxy - ok
23:52:28.0489 1524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:52:28.0520 1524 Ntfs - ok
23:52:28.0520 1524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:52:28.0583 1524 Null - ok
23:52:28.0614 1524 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:52:28.0630 1524 NVENETFD - ok
23:52:28.0661 1524 NVHDA (7c5b642380b9ade6734721057c03f900) C:\Windows\system32\drivers\nvhda64v.sys
23:52:28.0676 1524 NVHDA - ok
23:52:28.0926 1524 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:52:29.0129 1524 nvlddmkm - ok
23:52:29.0176 1524 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:52:29.0176 1524 NVNET - ok
23:52:29.0176 1524 NVR0FLASHDev - ok
23:52:29.0207 1524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:52:29.0222 1524 nvraid - ok
23:52:29.0254 1524 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
23:52:29.0254 1524 nvrd64 - ok
23:52:29.0285 1524 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
23:52:29.0285 1524 nvsmu - ok
23:52:29.0300 1524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:52:29.0316 1524 nvstor - ok
23:52:29.0316 1524 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
23:52:29.0332 1524 nvstor64 - ok
23:52:29.0363 1524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:52:29.0378 1524 nv_agp - ok
23:52:29.0394 1524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:52:29.0425 1524 ohci1394 - ok
23:52:29.0456 1524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:52:29.0488 1524 Parport - ok
23:52:29.0519 1524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:52:29.0534 1524 partmgr - ok
23:52:29.0534 1524 PcdrNdisuio - ok
23:52:29.0550 1524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:52:29.0566 1524 pci - ok
23:52:29.0581 1524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:52:29.0597 1524 pciide - ok
23:52:29.0612 1524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:52:29.0628 1524 pcmcia - ok
23:52:29.0675 1524 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:52:29.0675 1524 pcouffin - ok
23:52:29.0690 1524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:52:29.0706 1524 pcw - ok
23:52:29.0722 1524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:52:29.0768 1524 PEAUTH - ok
23:52:29.0831 1524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:52:29.0878 1524 PptpMiniport - ok
23:52:29.0893 1524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:52:29.0924 1524 Processor - ok
23:52:29.0956 1524 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
23:52:29.0956 1524 Ps2 - ok
23:52:29.0987 1524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:52:30.0049 1524 Psched - ok
23:52:30.0096 1524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:52:30.0127 1524 ql2300 - ok
23:52:30.0143 1524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:52:30.0143 1524 ql40xx - ok
23:52:30.0174 1524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:52:30.0205 1524 QWAVEdrv - ok
23:52:30.0221 1524 RapportKE64 - ok
23:52:30.0236 1524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:52:30.0283 1524 RasAcd - ok
23:52:30.0314 1524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:52:30.0361 1524 RasAgileVpn - ok
23:52:30.0392 1524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:30.0455 1524 Rasl2tp - ok
23:52:30.0470 1524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:30.0502 1524 RasPppoe - ok
23:52:30.0533 1524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:52:30.0580 1524 RasSstp - ok
23:52:30.0611 1524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:52:30.0673 1524 rdbss - ok
23:52:30.0673 1524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:52:30.0689 1524 rdpbus - ok
23:52:30.0704 1524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:30.0767 1524 RDPCDD - ok
23:52:30.0767 1524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:52:30.0814 1524 RDPENCDD - ok
23:52:30.0829 1524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:52:30.0876 1524 RDPREFMP - ok
23:52:30.0892 1524 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:52:30.0938 1524 RDPWD - ok
23:52:30.0970 1524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:52:30.0985 1524 rdyboost - ok
23:52:31.0016 1524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:52:31.0063 1524 rspndr - ok
23:52:31.0204 1524 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
23:52:31.0219 1524 SASDIFSV - ok
23:52:31.0266 1524 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Robin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
23:52:31.0266 1524 SASKUTIL - ok
23:52:31.0406 1524 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
23:52:31.0422 1524 SbieDrv - ok
23:52:31.0469 1524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:52:31.0484 1524 sbp2port - ok
23:52:31.0531 1524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:52:31.0578 1524 scfilter - ok
23:52:31.0625 1524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:52:31.0687 1524 secdrv - ok
23:52:31.0718 1524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:52:31.0718 1524 Serenum - ok
23:52:31.0765 1524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:52:31.0765 1524 Serial - ok
23:52:31.0796 1524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:52:31.0812 1524 sermouse - ok
23:52:31.0859 1524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:52:31.0874 1524 sffdisk - ok
23:52:31.0890 1524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:52:31.0906 1524 sffp_mmc - ok
23:52:31.0906 1524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:52:31.0921 1524 sffp_sd - ok
23:52:31.0952 1524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:31.0968 1524 sfloppy - ok
23:52:31.0999 1524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:31.0999 1524 SiSRaid2 - ok
23:52:32.0030 1524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:32.0030 1524 SiSRaid4 - ok
23:52:32.0046 1524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:52:32.0077 1524 Smb - ok
23:52:32.0093 1524 speedfan - ok
23:52:32.0124 1524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:52:32.0140 1524 spldr - ok
23:52:32.0171 1524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:52:32.0186 1524 srv - ok
23:52:32.0202 1524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:52:32.0233 1524 srv2 - ok
23:52:32.0233 1524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:52:32.0249 1524 srvnet - ok
23:52:32.0280 1524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:52:32.0296 1524 stexstor - ok
23:52:32.0327 1524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:52:32.0327 1524 swenum - ok
23:52:32.0420 1524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:52:32.0452 1524 Tcpip - ok
23:52:32.0498 1524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:52:32.0530 1524 TCPIP6 - ok
23:52:32.0576 1524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:52:32.0639 1524 tcpipreg - ok
23:52:32.0732 1524 Tcpz-x64 - ok
23:52:32.0764 1524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:52:32.0795 1524 TDPIPE - ok
23:52:32.0826 1524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:52:32.0857 1524 TDTCP - ok
23:52:32.0904 1524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:52:32.0951 1524 tdx - ok
23:52:32.0982 1524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:52:32.0998 1524 TermDD - ok
23:52:33.0029 1524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:33.0076 1524 tssecsrv - ok
23:52:33.0107 1524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:52:33.0107 1524 TsUsbFlt - ok
23:52:33.0154 1524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:52:33.0185 1524 tunnel - ok
23:52:33.0216 1524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:52:33.0232 1524 uagp35 - ok
23:52:33.0263 1524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:52:33.0310 1524 udfs - ok
23:52:33.0356 1524 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys
23:52:33.0356 1524 UimBus - ok
23:52:33.0403 1524 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys
23:52:33.0403 1524 Uim_IM - ok
23:52:33.0450 1524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:52:33.0450 1524 uliagpkx - ok
23:52:33.0481 1524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:52:33.0497 1524 umbus - ok
23:52:33.0512 1524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:52:33.0544 1524 UmPass - ok
23:52:33.0575 1524 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:52:33.0590 1524 usbaudio - ok
23:52:33.0637 1524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:33.0637 1524 usbccgp - ok
23:52:33.0653 1524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:52:33.0684 1524 usbcir - ok
23:52:33.0715 1524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:52:33.0746 1524 usbehci - ok
23:52:33.0778 1524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:52:33.0793 1524 usbhub - ok
23:52:33.0809 1524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:52:33.0824 1524 usbohci - ok
23:52:33.0856 1524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:52:33.0871 1524 usbprint - ok
23:52:33.0918 1524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:52:33.0934 1524 usbscan - ok
23:52:33.0965 1524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:33.0980 1524 USBSTOR - ok
23:52:33.0996 1524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:34.0012 1524 usbuhci - ok
23:52:34.0074 1524 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:52:34.0074 1524 VBoxNetAdp - ok
23:52:34.0090 1524 VBoxNetFlt - ok
23:52:34.0121 1524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:52:34.0136 1524 vdrvroot - ok
23:52:34.0152 1524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:34.0168 1524 vga - ok
23:52:34.0199 1524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:52:34.0246 1524 VgaSave - ok
23:52:34.0308 1524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:52:34.0308 1524 vhdmp - ok
23:52:34.0339 1524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:52:34.0339 1524 viaide - ok
23:52:34.0370 1524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:52:34.0370 1524 volmgr - ok
23:52:34.0402 1524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:52:34.0417 1524 volmgrx - ok
23:52:34.0433 1524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:52:34.0433 1524 volsnap - ok
23:52:34.0464 1524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:34.0480 1524 vsmraid - ok
23:52:34.0511 1524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:52:34.0558 1524 vwifibus - ok
23:52:34.0573 1524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:52:34.0604 1524 WacomPen - ok
23:52:34.0636 1524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:34.0682 1524 WANARP - ok
23:52:34.0698 1524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:34.0729 1524 Wanarpv6 - ok
23:52:34.0760 1524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:52:34.0760 1524 Wd - ok
23:52:34.0823 1524 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:52:34.0823 1524 WDC_SAM - ok
23:52:34.0870 1524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:52:34.0885 1524 Wdf01000 - ok
23:52:34.0916 1524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:34.0963 1524 WfpLwf - ok
23:52:34.0994 1524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:52:34.0994 1524 WIMMount - ok
23:52:35.0057 1524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:52:35.0088 1524 WmiAcpi - ok
23:52:35.0135 1524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:52:35.0182 1524 ws2ifsl - ok
23:52:35.0213 1524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:52:35.0260 1524 WudfPf - ok
23:52:35.0275 1524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:35.0306 1524 WUDFRd - ok
23:52:35.0338 1524 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
23:52:35.0587 1524 \Device\Harddisk0\DR0 - ok
23:52:35.0587 1524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:52:35.0650 1524 \Device\Harddisk1\DR1 - ok
23:52:35.0665 1524 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
23:52:35.0915 1524 \Device\Harddisk4\DR4 - ok
23:52:35.0915 1524 Boot (0x1200) (4d00c673ac3ae071e187f8aaeafdf9f4) \Device\Harddisk0\DR0\Partition0
23:52:35.0915 1524 \Device\Harddisk0\DR0\Partition0 - ok
23:52:35.0930 1524 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
23:52:35.0930 1524 \Device\Harddisk0\DR0\Partition1 - ok
23:52:35.0962 1524 Boot (0x1200) (2c7b73fafdad923e1d829442b1346fd8) \Device\Harddisk1\DR1\Partition0
23:52:35.0962 1524 \Device\Harddisk1\DR1\Partition0 - ok
23:52:35.0977 1524 Boot (0x1200) (c77d7510dd683831cf1df0e461efa144) \Device\Harddisk1\DR1\Partition1
23:52:35.0977 1524 \Device\Harddisk1\DR1\Partition1 - ok
23:52:35.0977 1524 Boot (0x1200) (50e9b6e51fd5798940fe245b779c347e) \Device\Harddisk4\DR4\Partition0
23:52:35.0977 1524 \Device\Harddisk4\DR4\Partition0 - ok
23:52:35.0977 1524 ============================================================
23:52:35.0977 1524 Scan finished
23:52:35.0977 1524 ============================================================
23:52:35.0993 1172 Detected object count: 2
23:52:35.0993 1172 Actual detected object count: 2
23:55:18.0326 1172 HKLM\SYSTEM\ControlSet002\services\epmntdrv - will be deleted on reboot
23:55:18.0342 1172 HKLM\SYSTEM\ControlSet003\services\epmntdrv - will be deleted on reboot
23:55:18.0358 1172 C:\Windows\system32\epmntdrv.sys - will be deleted on reboot
23:55:18.0358 1172 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:55:18.0358 1172 HKLM\SYSTEM\ControlSet002\services\EuGdiDrv - will be deleted on reboot
23:55:18.0358 1172 HKLM\SYSTEM\ControlSet003\services\EuGdiDrv - will be deleted on reboot
23:55:18.0358 1172 C:\Windows\system32\EuGdiDrv.sys - will be deleted on reboot
23:55:18.0358 1172 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:55:32.0866 1424 Deinitialize success
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Log 4

Unread postby Robinski123 » December 14th, 2011, 12:16 pm

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Robin [Admin rights]
Mode: Scan -- Date : 12/14/2011 07:33:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Log 5

Unread postby Robinski123 » December 14th, 2011, 12:17 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\cakewalk content\audio library\loops\loopmasters\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\cakewalk content\audio library\loops\sample magic\breakbusters\breaks_synthloop_130_digicrackler_f.rx2
c:\cakewalk content\audio library\loops\sample magic\nu-rave\nr_syn130_crackline2_gb.rx2
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\waves\plug-ins\xcrackle.dll
c:\program files (x86)\waves\plug-ins\documents\xcrackle.pdf
c:\program files (x86)\waves\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\.thumbnails\for tammy\.01-vso convertxtodvd 3.5.3.139+keygen\vso convertxtodvd 3.5.3.139.nfo
c:\users\robin\.thumbnails\for tammy\.01-vso convertxtodvd 3.5.3.139+keygen\vso-xtodvd-serial+install steps.txt
c:\users\robin\.thumbnails\for tammy\.01-vso convertxtodvd 3.5.3.139+keygen\vsoconvertxtodvd3_setup_3.5.3.139.exe
c:\users\robin\.thumbnails\for tammy\.01-vso convertxtodvd 3.5.3.139+keygen\keygen\keygen.exe.vir
c:\users\robin\appdata\local\virtualstore\program files (x86)\cakewalk\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\appdata\local\virtualstore\program files (x86)\waves\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\blu-ray disc-info\powerdvd ultra v9+cracked by sirvazquez.rar
c:\users\robin\blu-ray disc-info\powerdvd ultra v9+cracked by sirvazquez\readme.txt
c:\users\robin\blu-ray disc-info\powerdvd ultra v9+cracked by sirvazquez\serial.txt
c:\users\robin\blu-ray disc-info\powerdvd ultra v9+cracked by sirvazquez\setup(sirvazquez).exe
c:\users\robin\blu-ray disc-info\powerdvd ultra v9+cracked by sirvazquez\crack\powerdvd9.sim
c:\users\robin\documents\torrents-various\torrenting-help\tcpz-faster seeding\virtualdevice\removewatermarkx64.exe
c:\users\robin\documents\torrents-various\torrents-finished\[isohunt] izotope.ozone.vst.dx.rtas.htdm.v4.01.incl.keygen.rar.torrent
c:\users\robin\documents\torrents-various\torrents-finished\[isohunt]_cyberlink_power_director_ultra_v7.00.1628___keygen(jan2009).zip.torrent
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\battery\groove monkee free midi\twisted\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\battery\groove monkee free midi\twisted\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\dfh\twisted samples dfh\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\dfh\twisted samples dfh\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\fl studio freepak\groove monkee fpc midi samples\twisted samples fpc\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\fl studio freepak\groove monkee fpc midi samples\twisted samples fpc\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\multi-track\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\multi-track\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track type 0\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track type 0\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\groove agent\twisted samples ga\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\groove agent\twisted samples ga\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\imap\twisted samples imap\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\imap\twisted samples imap\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\larry seyers\twisted samples ls ext\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\larry seyers\twisted samples ls ext\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\live sd\twisted samples live sd\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\live sd\twisted samples live sd\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\drum kits refill\twisted samples samples dkr\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\drum kits refill\twisted samples samples dkr\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\nnxt kits\twisted samples nnxt\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\nnxt kits\twisted samples nnxt\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\session drummer\twisted samples session drummer\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\session drummer\twisted samples session drummer\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\steven slate drums\twisted samples ssd\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\steven slate drums\twisted samples ssd\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\superior\twisted samples superior\02@rnb grooves\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\superior\twisted samples superior\02@rnb grooves\110 cracky 01.mid
c:\users\robin\favorites\cakewalk\01-cakewalk sonar producer 8.3 crack serial keygen torrent free full version warez download rapidshare.url
c:\users\robin\favorites\from internet explorer\cakewalk\01-cakewalk sonar producer 8.3 crack serial keygen torrent free full version warez download rapidshare.url
c:\users\robin\favorites\from internet explorer\home recording shtuff\sony cd architect v5 2c [eng] [keygen] [www.torrenty.org] software windows - other - mininova.url
c:\users\robin\favorites\home recording shtuff\sony cd architect v5 2c [eng] [keygen] [www.torrenty.org] software windows - other - mininova.url
c:\users\robin\guitar technique bookpack (12)\1-jpg to pdf converter-full\crack\sound.dll
c:\users\robin\programs-audio\toontrack music ezdrummer dfh drumkit from hell pack\readme 1st installation steps & how to use the keygen guide.txt
c:\users\robin\programs-audio\toontrack-install info\readme 1st installation steps & how to use the keygen guide.txt
c:\users\robin\programs-computer maintanance\advanced systemcare 3.3.2 pro-use this-pharoahs-not good\fix - pharoahs\keygen.patch.pharaohs.6.22.09.htm
c:\users\robin\programs-cool stuff\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt
c:\users\robin\programs-cool stuff\adobe photoshop cs5 extended\crack\adbe_crack - 32bit\amtlib.dll
c:\users\robin\programs-cool stuff\adobe photoshop cs5 extended\crack\adbe_crack - 64bit\amtlib.dll
c:\users\robin\programs-video\001-magix video pro x3 v10.0.10.2\3.crack\!instructions!.txt
c:\users\robin\programs-video\001-magix video pro x3 v10.0.10.2\3.crack\video_pro_x.exe
c:\users\robin\programs-video\001-pinnacle sudio 12 ultimate by mick\crack\crack.rar
c:\users\robin\programs-video\001-pinnacle sudio 12 ultimate by mick\crack\crack\1dv.ru.url
c:\users\robin\programs-video\001-pinnacle sudio 12 ultimate by mick\crack\crack\pinnacle.pixie.activation.exe
c:\users\robin\programs-video\001-pinnacle sudio 12 ultimate by mick\crack\crack\videoediting.ru.url
c:\users\robin\programs-video\001-pinnacle sudio 12 ultimate by mick\crack\crack\vr.nfo
c:\users\robin\programs-video\dvdfab passkey v8.0.4.0 final + patch\patch and crack\dvdfab.products.v8.x.x.x.multi.patch.v1.0-bbb\bbb.nfo
c:\users\robin\programs-video\dvdfab passkey v8.0.4.0 final + patch\patch and crack\dvdfab.products.v8.x.x.x.multi.patch.v1.0-bbb\file_id.diz
c:\users\robin\programs-video\dvdfab passkey v8.0.4.0 final + patch\patch and crack\dvdfab.products.v8.x.x.x.multi.patch.v1.0-bbb\nfo viewer.exe
c:\users\robin\programs-video\dvdfab passkey v8.0.4.0 final + patch\patch and crack\dvdfab.products.v8.x.x.x.multi.patch.v1.0-bbb\patch.exe
c:\users\robin\programs-video\dvdfab passkey v8.0.4.0 final + patch\patch and crack\or crack\msvcr90.dll
c:\users\robin\programs-video\dvdfab-blu-ray to dvd v1.2.0.14\keygen.exe
c:\users\robin\programs-video\flash video editor software - moyea flv editor pro v3.1.14.0 retail + crack [h33t] [mahasonaz]\link to download more free softwares and apps.url
c:\users\robin\programs-video\flash video editor software - moyea flv editor pro v3.1.14.0 retail + crack [h33t] [mahasonaz]\your software here\setup.exe
c:\users\robin\programs-video\flash video editor software - moyea flv editor pro v3.1.14.0 retail + crack [h33t] [mahasonaz]\your software here\crack\flveditor.dll
c:\users\robin\programs-video\flash video editor software - moyea flv editor pro v3.1.14.0 retail + crack [h33t] [mahasonaz]\your software here\crack\flveditorpro.exe
c:\users\robin\programs-video\screen capture apps\bandicam v1.6.1.113\crack + serial\bdcam.exe
c:\users\robin\programs-video\screen capture apps\bandicam v1.6.1.113\crack + serial\serial.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\convert x to dvd-how to.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\convert x to dvd-subtitles-info.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vso convertxtodvd 3.5.3.139-long.nfo
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vso convertxtodvd 3.5.3.139.nfo
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vso-xtodvd-serial+install steps.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vso-xtodvd-serial+install stepss.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vso-xtodvd-serial.txt
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\vsoconvertxtodvd3_setup_3.5.3.139.exe
c:\users\robin\programs-video\vso convertxtodvd 3.5.3.139+keygen\keygen\keygen.exe.vir
c:\users\robin\sonar x1-info\sonar_x1_x64_code_1_crack.6044977.tpb.torrent
c:\users\robin\sonar x1-info\thepiratebay.org-torrent-6044977-sonar_x1_x64_code_1_crack.pdf
c:\users\robin\sonar x1-info\sonar x1 x64 code=1 crack\reg-x164.reg
c:\users\robin\torrents-to do\1-torrents donezzz\[isohunt] bandicam v1.6.1.113 + crack + serial.torrent
c:\users\robin\torrents-to do\apps\magix_video_pro_x3_v10.0.10.2___crack_[rh].6401435.tpb.torrent
c:\users\robin\torrents-to do\apps\recover.keys.v3.0.0.35.winall.cracked-ypogeios(murlok).5068449.tpb.torrent
c:\users\robin\torrents-to do\apps\done\vso.software.blu-ray.to.dvd.converter.v1.2.0.14.incl.keygen-lz0.6376864.tpb.torrent
c:\users\robin\torrents-to do\apps\done\[isohunt]_corel_videostudio_pro_x3_multilang_incl.keygen.torrent
c:\users\robin\torrents-to do\windows xp pro\done-windows_xp_pro_keygen___serial_number_list_-_all_valid.4987867.tpb.torrent
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital finis vst rtas v1.0\crack\readme.txt
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital finis vst rtas v1.0\crack\rtas\finis rtas.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital finis vst rtas v1.0\crack\vst\finis 1ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital finis vst rtas v1.0\crack\vst\finis 2ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital frequal-izer vst rtas v1.0\crack\readme.txt
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital frequal-izer vst rtas v1.0\crack\rtas\frequal-izer rtas.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital frequal-izer vst rtas v1.0\crack\vst\frequal-izer 1ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital frequal-izer vst rtas v1.0\crack\vst\frequal-izer 2ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\readme.txt
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl clip statistics.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl level meter(h).dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl level meter.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl multimeter.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl spectrum analyzer.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\rtas\ixl stereo analyzer.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\vst\ixl clip statistics 1ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\vst\ixl clip statistics 2ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital inspectorxl vst rtas v1.0\crack\vst\ixl level meter 1ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital uniquel-izer vst rtas v1.0\crack\readme.txt
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital uniquel-izer vst rtas v1.0\crack\rtas\uniquel-izer rtas.dpm
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital uniquel-izer vst rtas v1.0\crack\vst\uniquel-izer 1ch.dll
c:\users\robin\vst plugins\roger nichols digital vst rtas 6 pack\roger nichols digital uniquel-izer vst rtas v1.0\crack\vst\uniquel-izer 2ch.dll
scanner sequence 3.ZZ.11.UWNAQG
----- EOF -----
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

And the final log...Log 6

Unread postby Robinski123 » December 14th, 2011, 12:18 pm

ComboFix 11-12-13.03 - Robin 12/14/11 8:26.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.5745 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 14:39 . 2011-12-14 14:39 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11F15ED6-C5B0-47AA-8857-87DB72D4DE5F}\offreg.dll
2011-12-14 14:37 . 2011-12-14 14:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-14 14:37 . 2011-12-14 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 14:37 . 2011-12-14 14:37 -------- d-----w- c:\users\Da Hood\AppData\Local\temp
2011-12-14 14:04 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11F15ED6-C5B0-47AA-8857-87DB72D4DE5F}\mpengine.dll
2011-12-12 08:42 . 2011-12-12 08:42 0 ----a-w- c:\windows\system32\windbg.exe
2011-12-12 08:27 . 2011-12-12 08:27 -------- d-----w- C:\WinDDK
2011-12-12 08:03 . 2011-12-12 08:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-12 07:09 . 2011-12-12 07:09 -------- d-----w- c:\users\Robin\AppData\Local\ElevatedDiagnostics
2011-12-12 06:16 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-12 06:16 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-12 06:16 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-12 06:16 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-12 06:16 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-12 06:16 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-12 06:07 . 2011-12-12 06:52 -------- d-----w- c:\users\Robin\AppData\Local\NVIDIA Corporation
2011-12-12 05:04 . 2011-12-12 05:04 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-12 04:35 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-12-12 04:35 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-12-11 09:14 . 2011-12-11 09:14 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-09 11:22 . 2011-12-09 11:22 -------- d-----w- C:\41f7dcba618342895cab
2011-12-09 02:06 . 2011-12-09 02:07 -------- d-----w- c:\program files\7-Zip
2011-12-09 00:13 . 2011-12-09 05:20 -------- d-----w- c:\users\TEMP
2011-12-08 06:35 . 2011-12-08 06:38 -------- d-----w- c:\users\Robin\AppData\Roaming\DeepBurner Pro
2011-12-08 04:34 . 2011-12-14 14:43 5326 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-08 04:29 . 2011-12-14 14:39 -------- d-----w- c:\programdata\NVIDIA
2011-12-08 03:47 . 2011-12-08 03:47 -------- d-----w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34 . 2011-12-08 00:34 -------- d-----w- c:\program files (x86)\ESET
2011-12-07 09:33 . 2011-12-07 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-07 06:06 . 2011-12-07 06:11 -------- d-----w- c:\programdata\IObit
2011-12-07 05:49 . 2011-12-07 05:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 23:15 . 2011-11-28 23:15 -------- d-----w- c:\users\Public\CyberLink
2011-11-28 23:15 . 2011-11-28 23:15 -------- d-----w- c:\users\Robin\CyberLink
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\program files (x86)\zoomintoIE
2011-11-28 22:17 . 2011-12-11 05:26 -------- d-----r- c:\users\Robin\pentadactyl
2011-11-28 15:45 . 2011-11-28 15:45 0 ----a-w- c:\users\Robin\AppData\Local\BIT4A86.tmp
2011-11-18 08:49 . 2011-11-23 01:32 -------- d-----w- c:\users\Robin\.gimp-2.6
2011-11-18 06:10 . 2011-11-18 06:10 -------- d-----w- c:\users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-18 04:02 . 2011-11-18 04:02 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-11-18 03:59 . 2011-11-18 04:02 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-18 03:58 . 2011-11-18 03:58 -------- d-----w- c:\program files (x86)\Adobe Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 04:49 . 2010-02-22 17:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-12 08:03 . 2010-01-25 05:16 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-12 08:03 . 2010-01-25 05:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-29 16:53 . 2011-05-19 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2010-12-20 22:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 02:43 . 2010-01-31 03:06 82816 ----a-w- c:\users\Robin\AppData\Roaming\pcouffin.sys
2011-11-02 00:00 . 2010-07-16 22:19 5018 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 06:54 . 2011-10-15 06:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-11 18:56 . 2011-10-11 18:56 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A64552E0-5EFC-4868-944A-ECE595E015ED}\gapaengine.dll
2011-09-29 16:29 . 2011-11-09 06:24 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 06:24 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-21 02:52 . 2010-10-15 19:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6C.tmp
2011-09-18 06:19 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2006-03-26 20:24 . 2009-10-12 01:26 557056 ----a-w- c:\program files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23 . 2009-10-12 01:26 442368 ----a-w- c:\program files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15 . 2009-10-12 01:26 98304 ----a-w- c:\program files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26 . 2009-10-12 01:26 417792 ----a-w- c:\program files (x86)\WaveShell-VST 5.2.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-08_04.30.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-12 06:12 . 2011-10-15 08:53 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2010-01-24 23:07 . 2011-12-12 15:48 70112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-13 21:16 52352 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-24 22:18 . 2011-12-13 21:16 20270 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-488319240-1603442040-3962435957-1000_UserData.bin
+ 2011-12-12 06:12 . 2011-10-15 08:53 68928 c:\windows\system32\OpenCL.dll
+ 2011-12-12 06:12 . 2011-07-07 23:21 29288 c:\windows\system32\nvhdap64.dll
- 2011-10-06 00:03 . 2011-01-25 15:28 29288 c:\windows\system32\nvhdap64.dll
+ 2009-07-14 05:30 . 2011-12-12 06:16 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-11-09 06:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-12 06:12 . 2011-07-07 23:21 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhdap64.dll
+ 2011-12-12 06:12 . 2011-07-07 23:21 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvapo64v.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\OpenCL64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\OpenCL.dll
+ 2010-01-24 20:27 . 2011-12-13 21:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 20:27 . 2011-12-07 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 20:27 . 2011-12-07 23:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-24 20:27 . 2011-12-13 21:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-13 21:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-07 23:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2011-12-07 16:40 96912 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-12-08 05:09 96912 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-01-06 21:51 . 2009-01-06 21:51 40480 c:\windows\nvoclk64.sys
+ 2009-01-07 22:20 . 2009-01-07 22:20 40992 c:\windows\nvflsh64.sys
- 2011-09-13 22:43 . 2011-09-13 22:43 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-12-09 08:48 . 2011-12-09 08:48 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-12-12 06:07 . 2011-12-12 06:07 25214 c:\windows\Installer\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\ARPPRODUCTICON.exe
+ 2011-12-12 06:08 . 2011-12-12 06:08 65536 c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\NewShortcut2_E672BE07733D4BEAB9E299A384DAADCA.exe
+ 2011-12-12 06:08 . 2011-12-12 06:08 65536 c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\NewShortcut1_04EEAF2A61AD45CDA04D1C7806FD164B.exe
+ 2011-12-12 06:08 . 2011-12-12 06:08 25214 c:\windows\Installer\{6F69C969-2942-4E7B-B594-75B37664B8BA}\ARPPRODUCTICON.exe
- 2010-01-25 06:08 . 2011-10-30 09:13 2256 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-01-25 06:08 . 2011-12-12 03:51 2256 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-12-08 04:29 . 2011-12-08 04:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-14 14:39 . 2011-12-14 14:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-08 04:29 . 2011-12-08 04:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-14 14:39 . 2011-12-14 14:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-20 05:41 . 2011-12-09 21:35 246926 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:30 . 2011-12-12 06:16 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-09 06:30 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-12 06:16 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-09 06:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-12-12 06:12 . 2011-10-15 10:48 291648 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_e97e78e4785516ec\nvstusb64.sys
+ 2011-12-12 06:12 . 2011-07-07 23:21 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64v.sys
+ 2011-12-12 06:12 . 2011-07-07 23:21 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64.sys
+ 2011-12-12 06:12 . 2011-10-15 08:53 283456 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvml.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 200512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvidia-smi.exe
+ 2011-12-12 06:12 . 2011-10-15 08:53 316496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvdrsdb.bin
+ 2011-12-12 06:12 . 2011-10-15 08:53 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\dbInstaller.exe
+ 2011-12-12 06:12 . 2011-07-07 23:21 174184 c:\windows\system32\drivers\nvhda64v.sys
- 2009-07-14 05:12 . 2011-12-07 23:23 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-12-12 07:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-13 23:35 . 2009-07-14 01:39 194048 c:\windows\servicing\TrustedInstaller.exe
- 2011-02-23 16:49 . 2010-11-20 13:25 194048 c:\windows\servicing\TrustedInstaller.exe
+ 2009-07-14 05:01 . 2011-12-14 14:38 492868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-12 06:08 . 2011-12-12 06:08 406998 c:\windows\Installer\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\ARPPRODUCTICON.exe
+ 2008-06-04 16:15 . 2008-06-04 16:15 388640 c:\windows\Help\nvcpl-nv25402\nvExpBar.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 7041856 c:\windows\SysWOW64\nvwgf2um.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2401088 c:\windows\SysWOW64\nvcuvid.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2099520 c:\windows\SysWOW64\nvcuvenc.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 5578560 c:\windows\SysWOW64\nvcuda.dll
+ 2009-01-07 14:47 . 2009-01-07 14:47 1097248 c:\windows\SysWOW64\nvcplUIR.dll
+ 2009-01-07 14:47 . 2009-01-07 14:47 2113056 c:\windows\SysWOW64\nvCplUI.exe
+ 2011-12-12 06:12 . 2011-10-15 08:53 2458432 c:\windows\SysWOW64\nvapi.dll
+ 2009-07-14 00:36 . 2009-07-14 01:41 2418176 c:\windows\system32\wuaueng.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 8791360 c:\windows\system32\nvwgf2umx.dll
+ 2011-12-12 06:12 . 2011-07-07 23:21 1452648 c:\windows\system32\nvhdagenco6420102.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2542912 c:\windows\system32\nvcuvid.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2232128 c:\windows\system32\nvcuvenc.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 7581504 c:\windows\system32\nvcuda.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2808128 c:\windows\system32\nvapi64.dll
+ 2009-07-14 04:45 . 2011-12-12 23:25 5075296 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-12 06:12 . 2011-10-15 10:48 1454400 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_e97e78e4785516ec\nvgenco64.dll
+ 2011-12-12 06:12 . 2011-07-07 23:21 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvgenco64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 8791360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvwgf2umx.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 7041856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvwgf2um.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 1454400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvgenco64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 1533248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvdispco64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2401088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvid32.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2542912 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvid.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2232128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvenc64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2099520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuvenc.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 5578560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuda32.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 7581504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcuda.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2808128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvapi64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 2458432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvapi.dll
- 2009-07-14 04:45 . 2011-12-07 10:25 7051623 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-12-08 04:51 7051623 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-10-20 06:08 . 2011-12-14 14:38 9504172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-488319240-1603442040-3962435957-1000-8192.dat
+ 2011-04-09 06:00 . 2011-12-12 12:11 4197156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-488319240-1603442040-3962435957-1000-12288.dat
+ 2011-12-12 06:08 . 2011-12-12 06:08 7958184 c:\windows\Installer\e9d56.msi
+ 2011-12-12 06:07 . 2011-12-12 06:07 8728644 c:\windows\Installer\e9d51.msi
+ 2011-12-09 00:46 . 2011-12-09 00:46 1376768 c:\windows\Installer\6a59c7.msi
+ 2010-11-01 23:13 . 2010-11-01 23:13 1221632 c:\windows\Installer\1f34a.msi
+ 2011-04-29 18:28 . 2011-04-29 18:28 1995264 c:\windows\Installer\15a9ee.msp
+ 2008-06-04 16:15 . 2008-06-04 16:15 1071648 c:\windows\Help\nvcpl-nv25402\nvcplUIR.dll
+ 2008-06-04 16:15 . 2008-06-04 16:15 2088992 c:\windows\Help\nvcpl-nv25402\nvCplUI.exe
+ 2011-12-12 06:12 . 2011-10-15 08:53 18871616 c:\windows\SysWOW64\nvoglv32.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 13205312 c:\windows\SysWOW64\nvd3dum.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 17248576 c:\windows\SysWOW64\nvcompiler.dll
- 2009-07-14 02:34 . 2011-11-10 22:14 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-12-08 07:28 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-12 06:12 . 2011-10-15 08:53 24742720 c:\windows\system32\nvoglv64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 15693120 c:\windows\system32\nvd3dumx.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 24796992 c:\windows\system32\nvcompiler.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 24742720 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvoglv64.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 18871616 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvoglv32.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 12971840 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvlddmkm.sys
+ 2011-12-12 06:12 . 2011-10-15 08:53 15693120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvd3dumx.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 13205312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvd3dum.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 17248576 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcompiler32.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 24796992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a28ee7c3523ba145\nvcompiler.dll
+ 2011-12-12 06:12 . 2011-10-15 08:53 12971840 c:\windows\system32\drivers\nvlddmkm.sys
+ 2011-04-06 23:26 . 2011-12-14 14:38 24112672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-488319240-1603442040-3962435957-1000-4096.dat
+ 2011-12-12 06:06 . 2011-12-12 06:06 25999552 c:\windows\Installer\e9d4c.msi
+ 2010-02-09 06:40 . 2010-02-09 06:40 17527296 c:\windows\Installer\6c7b11.msi
+ 2011-07-04 02:04 . 2011-07-04 02:04 26916352 c:\windows\Installer\2a201a.msi
+ 2011-09-16 00:37 . 2011-09-16 00:37 37148160 c:\windows\Installer\27665a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ACDF77A9-9EDA-407f-969F-B3BCBE3217D0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 576232]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RAVCpl64.exe - Shortcut.lnk - c:\program files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe [2009-3-3 6564384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FKFAP;FKFAP;c:\program files (x86)\Perfect Uninstaller\FKFAP.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 343856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tcpz-x64;Tcpz-x64;c:\users\Robin\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiA
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - TfFsMon
*Deregistered* - TfNetMon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Zoom Into - c:\program files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files (x86)\Ant.com\IE add-on\Download.dll
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b6526ae ... g=en-GB&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
AddRemove-{33691AFF-9ABF-4278-BDB6-902EE07D9237} - c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}\Guitar Rig 3 Setup.exe
AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2E924F4F-67F0-4BD8-9560-49F468E843D2}"=hex:51,66,7a,6c,4c,1d,38,12,21,4c,81,
2a,c2,29,b6,0e,ea,76,0a,b4,6d,b6,07,c6
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}"=hex:51,66,7a,6c,4c,1d,38,12,5f,dd,7c,
30,cb,91,e4,04,ef,de,f9,71,d9,c1,b6,fb
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ACDF77A9-9EDA-407F-969F-B3BCBE3217D0}"=hex:51,66,7a,6c,4c,1d,38,12,c7,74,cc,
a8,e8,d0,11,05,e9,89,f0,fc,bb,6c,53,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,5d,5b,3b,23,ae,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-12-14 08:54:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 14:54
ComboFix2.txt 2011-12-08 04:44
.
Pre-Run: 225,218,998,272 bytes free
Post-Run: 224,658,763,776 bytes free
.
- - End Of File - - 7638623B29FD72CE6991FFB3545DF877
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Thought You Might Need these most recent Logs (2)=ComboFix+Q

Unread postby Robinski123 » December 14th, 2011, 12:58 pm

ComboFix 11-12-06.02 - Robin 12/07/11 22:22:45.1.3 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.7021 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robin\AppData\Roaming\inst.exe
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event
c:\users\Robin\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\tcpip.copy
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 04:29 . 2011-12-08 04:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C677301A-185E-44C0-ACA4-6A05FF909BD6}\offreg.dll
2011-12-08 04:29 . 2011-12-08 04:29 -------- d-----w- c:\programdata\NVIDIA
2011-12-08 03:47 . 2011-12-08 03:47 -------- d-----w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 00:34 . 2011-12-08 00:34 -------- d-----w- c:\program files (x86)\ESET
2011-12-07 23:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C677301A-185E-44C0-ACA4-6A05FF909BD6}\mpengine.dll
2011-12-07 09:33 . 2011-12-07 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-07 06:06 . 2011-12-07 06:11 -------- d-----w- c:\programdata\IObit
2011-12-07 05:49 . 2011-12-07 05:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 23:15 . 2011-11-28 23:15 -------- d--h--w- c:\users\Public\CyberLink
2011-11-28 23:15 . 2011-11-28 23:15 -------- d--h--w- c:\users\Robin\CyberLink
2011-11-28 23:12 . 2011-11-28 23:12 -------- d--h--w- c:\users\Robin\AppData\Roaming\zoominto
2011-11-28 23:12 . 2011-11-28 23:12 -------- d-----w- c:\program files (x86)\zoomintoIE
2011-11-28 22:17 . 2011-11-28 22:17 -------- d--h--w- c:\users\Robin\pentadactyl
2011-11-28 15:45 . 2011-11-28 15:45 0 ----a-w- c:\users\Robin\AppData\Local\BIT4A86.tmp
2011-11-18 08:49 . 2011-11-23 01:32 -------- d-----w- c:\users\Robin\.gimp-2.6
2011-11-18 06:10 . 2011-11-18 06:10 -------- d--h--w- c:\users\Robin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-18 04:02 . 2011-11-18 04:02 -------- d--h--w- c:\programdata\regid.1986-12.com.adobe
2011-11-18 03:59 . 2011-11-18 04:02 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-18 03:58 . 2011-11-18 03:58 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-11-14 03:29 . 2011-08-15 20:51 79232 ----a-w- c:\windows\system32\drivers\dvdfab.sys
2011-11-14 03:29 . 2011-12-07 10:50 -------- d-----w- c:\program files (x86)\DVDFab Passkey
2011-11-14 02:52 . 2011-11-14 02:52 -------- d-----w- c:\program files (x86)\SlySoft
2011-11-11 08:29 . 2011-12-06 09:21 -------- d-----w- c:\users\Robin\.1-www.alibaba.com-PP
2011-11-09 06:30 . 2011-11-09 06:30 -------- d--h--w- c:\programdata\NVIDIA Corporation
2011-11-09 06:24 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 06:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 06:24 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:24 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 16:53 . 2011-05-19 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2010-12-20 22:36 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 02:43 . 2010-01-31 03:06 82816 ----a-w- c:\users\Robin\AppData\Roaming\pcouffin.sys
2011-11-02 00:00 . 2010-07-16 22:19 5018 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-11 18:56 . 2011-10-11 18:56 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A64552E0-5EFC-4868-944A-ECE595E015ED}\gapaengine.dll
2011-09-21 02:52 . 2010-10-15 19:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6E.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6D.tmp
2011-09-21 02:50 . 2011-09-21 02:50 0 ----a-w- c:\windows\SysWow64\REN1B6C.tmp
2011-09-18 06:19 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-10 00:23 . 2011-10-09 23:27 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2006-03-26 20:24 . 2009-10-12 01:26 557056 ----a-w- c:\program files (x86)\WaveShell-VST 5.7.dll
2006-03-26 20:23 . 2009-10-12 01:26 442368 ----a-w- c:\program files (x86)\WaveShell-DX 5.7.dll
2006-01-01 21:15 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\WaveShell-VST 5.5.dll
2005-12-21 17:41 . 2009-10-12 01:26 405504 ----a-w- c:\program files (x86)\Vocal_WaveShell-VST 1.1.dll
2005-09-07 22:15 . 2009-10-12 01:26 98304 ----a-w- c:\program files (x86)\WaveShell-VST 5.0.dll
2005-07-17 20:26 . 2009-10-12 01:26 417792 ----a-w- c:\program files (x86)\WaveShell-VST 5.2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ACDF77A9-9EDA-407f-969F-B3BCBE3217D0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 576232]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RAVCpl64.exe - Shortcut.lnk - c:\program files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe [2009-3-3 6564384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:41;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FKFAP;FKFAP;c:\program files (x86)\Perfect Uninstaller\FKFAP.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 343856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tcpz-x64;Tcpz-x64;c:\users\Robin\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ASRservice;ASRservice;c:\program files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2009-12-10 697104]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiA
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - TfFsMon
*Deregistered* - TfNetMon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 19:49]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
- c:\users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-27 03:55]
.
2011-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Zoom Into - c:\program files (x86)\zoomintoIE\image.htm
IE: Zoom Into\Contexts - 2 (0x2)
IE: Zoom Into\Flags - 1 (0x1)
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files (x86)\Ant.com\IE add-on\Download.dll
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b6526ae ... g=en-GB&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60989253.sys
WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)
AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2E924F4F-67F0-4BD8-9560-49F468E843D2}"=hex:51,66,7a,6c,4c,1d,38,12,21,4c,81,
2a,c2,29,b6,0e,ea,76,0a,b4,6d,b6,07,c6
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}"=hex:51,66,7a,6c,4c,1d,38,12,5f,dd,7c,
30,cb,91,e4,04,ef,de,f9,71,d9,c1,b6,fb
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{ACDF77A9-9EDA-407F-969F-B3BCBE3217D0}"=hex:51,66,7a,6c,4c,1d,38,12,c7,74,cc,
a8,e8,d0,11,05,e9,89,f0,fc,bb,6c,53,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,5d,5b,3b,23,ae,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-12-07 22:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 04:44
.
Pre-Run: 248,549,744,640 bytes free
Post-Run: 248,381,444,096 bytes free
.
- - End Of File - - A3D5FC26B2C2716C0A7AFA83D2DEEB4E
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Quarantined

Unread postby Robinski123 » December 14th, 2011, 1:00 pm

2011-12-14 14:53:00 . 2011-12-14 14:53:00 520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}.reg.dat
2011-12-14 14:53:00 . 2011-12-14 14:53:00 514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{33691AFF-9ABF-4278-BDB6-902EE07D9237}.reg.dat
2011-12-14 14:53:00 . 2011-12-14 14:53:00 518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}.reg.dat
2011-12-14 14:53:00 . 2011-12-14 14:53:00 524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80}.reg.dat
2011-12-08 04:35:11 . 2011-12-08 04:35:11 1,974 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Roger Nichols Digital FREQUAL-IZER VST RTAS_is1.reg.dat
2011-12-08 04:34:53 . 2011-12-14 14:52:22 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}.reg.dat
2011-12-08 04:34:46 . 2011-12-08 04:34:46 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-60989253.sys.reg.dat
2011-12-08 04:26:47 . 2011-12-14 14:32:48 4,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-08 04:20:57 . 2011-12-14 14:25:18 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-18 04:32:35 . 2011-11-18 04:32:36 366,516 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.txt.vir
2010-07-16 04:30:22 . 2010-07-16 04:30:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\Microsoft\Windows\Recent\Recent.event.vir
2010-02-11 07:11:20 . 2009-07-14 01:45:55 1,898,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\tcpip.copy.vir
2010-01-31 03:08:09 . 2011-10-27 01:00:59 668 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\vso_ts_preview.xml.vir
2010-01-31 03:06:32 . 2011-11-14 02:43:25 99,384 ----a-w- C:\Qoobox\Quarantine\C\Users\Robin\AppData\Roaming\inst.exe.vir
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware