get-answers or www.easya-z.com

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

get-answers or www.easya-z.com

Post by jonnieboy on Sun Dec 18, 2011 1:08 pm

Hi

When surfacing if I put something in the google toolbar and press search it takes me to get-answers or [You must be registered and logged in to see this link.] It as also took me to a couple of other sites but I can't remember which they are.

Regards jonnieboy Jon



jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sun Dec 18, 2011 4:24 pm

Having a problem with aswmbr cannot get it to open

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Sun Dec 18, 2011 6:37 pm

Hello, Welcome to GeekPolice!

I'm Houndmom and I will be helping you get your computer cleaned up. Right On!
Please note the following information about the malware forum:
* Only Tech Officers, Global Moderators, Administrators, Malware Advisors and Tech Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see [You must be registered and logged in to see this link.]

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Please stick with me in this topic until its close, and your computer is declared clean.

I am a student and need to get approval for each step. I appreciate your patience, and will return with the first step.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sun Dec 18, 2011 6:42 pm

didn't read post fully and understand sorry


Last edited by jonnieboy on Mon Dec 19, 2011 8:01 am; edited 1 time in total (Reason for editing : didn't read post fully and understand)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Mon Dec 19, 2011 11:25 pm

That's fine. We can begin now.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Second:

  • Download[You must be registered and logged in to see this link.] onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.






If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 8:14 am

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8401

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20/12/2011 08:08:23
mbam-log-2011-12-20 (08-08-23).txt

Scan type: Quick scan
Objects scanned: 185115
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 9:17 am

OTL logfile created on: 12/18/2011 3:21:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.14 Gb Available Physical Memory | 7.89% Memory free
3.49 Gb Paging File | 1.15 Gb Available in Paging File | 32.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.22 Gb Total Space | 174.58 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 2.22 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 15:21:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
PRC - [2011/12/13 17:36:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/11/06 22:49:56 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/21 14:57:14 | 007,120,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 22:19:07 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/13 22:18:27 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:18:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 22:17:59 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/13 22:17:59 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 22:17:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 22:17:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 22:17:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 22:17:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 22:16:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/15 18:29:59 | 000,098,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
MOD - [2011/09/15 18:29:58 | 000,073,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/20 13:21:42 | 000,016,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 18:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/16 05:14:10 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 18:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 19:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 14:51:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39917632-BF97-4E7D-97F2-CA9305ABBE63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F421CA39-9852-40BA-852C-A83496C9B819}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 9:18 am

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^Users^jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Microsoft Forefront Client Security Antimalware Service - hkey= - key= - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PC Optimizer Pro - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: FCSAM - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: FCSAM - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 9:19 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 15:20:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
[2011/12/18 15:04:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B06BFB5A-45F4-4303-A880-FBF76E191340}
[2011/12/18 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{5B94A995-C8FD-45EA-9C34-46F66D564772}
[2011/12/18 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{8F1F0BBE-FF2D-4DEB-B584-5B7D506EB8DA}
[2011/12/18 08:35:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{ADB3E98A-9002-4B44-A8AA-7C8DEB56D023}
[2011/12/17 19:58:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CDBEC91B-688B-4B7B-812D-CE1061A49306}
[2011/12/17 19:56:36 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A3206A43-EA54-4CED-A7AC-486487C707BF}
[2011/12/17 12:48:09 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\Malwarebytes
[2011/12/17 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 07:55:56 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{DD66D6BA-EE78-495A-B846-3561E2A739C4}
[2011/12/17 07:55:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CCA054FB-73B9-4001-B628-0FCF6D94DF71}
[2011/12/16 19:52:58 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{57345002-A66E-40EE-9E25-082790EB20FC}
[2011/12/16 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{EF2A0B93-D979-44F0-9438-609037D51312}
[2011/12/16 17:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/16 16:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 07:50:59 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{4BF2D94E-A6C3-40BF-AA8A-4BEB5B19FE41}
[2011/12/16 07:50:47 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{029ED588-8396-4882-B1CB-FE3B0CBC22DA}
[2011/12/15 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B0575C17-91E6-485E-8B38-F5C3FFC8613C}
[2011/12/15 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{87C49397-5A68-4B9F-A871-0A1209F3DCD2}
[2011/12/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/12/15 07:48:24 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{63B8CEE1-63C4-4E0F-9BDE-61AEFAFC9074}
[2011/12/15 07:48:00 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A49BFF0C-E205-45E4-A73A-B0A7397BC191}
[2011/12/13 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{863A8E29-4CB3-4F7C-9804-B249CD1184DC}
[2011/12/13 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0825CC4C-E3D8-472F-92B3-B9642F2DE7BD}
[2011/12/13 17:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/12/13 17:36:57 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/13 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/13 17:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/13 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0DF0F546-8D63-4F07-895C-1AF9036A71A9}
[2011/12/13 16:45:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{975BCD31-1200-45A8-B746-AD1AA63A4056}
[2011/12/12 23:39:54 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/12 16:50:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5C7A5847-B987-4BB7-A40B-534271E834F3}
[2011/12/12 16:50:11 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5A4BD468-5EC9-401F-BF2F-0120E4A852A6}
[2011/12/11 20:24:33 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C8382C8C-8568-4EA4-86D9-E357EC33CC2F}
[2011/12/11 20:24:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B10B48B4-9BAE-4C71-B97E-14B54F6A084F}
[2011/12/11 08:23:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{75EB5DC4-BE1F-467A-B7BD-E55FADB51268}
[2011/12/11 08:23:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{FDDFCB82-BEC1-47AE-B634-2C749002C76D}
[2011/12/10 16:56:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{14F3F221-3D92-428E-BA1F-B0023C906BA7}
[2011/12/10 16:56:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{83431C49-6187-414F-AB77-748CD006F219}
[2011/12/10 05:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/12/10 05:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/12/10 04:55:51 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7AFA70E0-5D41-4596-A55C-CEA9E83F3CF9}
[2011/12/10 04:55:40 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D5A6DB03-488C-4B35-AAFD-C9485007E623}
[2011/12/09 09:16:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{AF1971EB-F740-4478-B0BF-DBD6D2A3B6F3}
[2011/12/09 09:15:59 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4D34B021-9A0C-489E-AB92-6EE705249F83}
[2011/12/08 21:15:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{81D52494-31F6-4758-8C8E-D7CD35BA7131}
[2011/12/08 21:15:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E1D3D07A-CA90-48F9-BDC9-CD86F24E1862}
[2011/12/08 08:35:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{663E1277-0F31-44AD-A314-F54A41745436}
[2011/12/08 08:35:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06307C1D-EC05-44FD-A77D-03A273BBC6A2}
[2011/12/07 11:28:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06602827-1C33-489B-8816-7AD7683ABDE5}
[2011/12/07 11:28:06 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A58660D4-9090-483D-ACA7-B7402A9A6C44}
[2011/12/06 23:27:36 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D3D1E0EB-A3C9-47FA-AC73-200C9DF74235}
[2011/12/06 23:27:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{700C0E23-25E5-46A3-A689-78D07D366B9B}
[2011/12/06 10:31:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0583D135-6A92-4091-AD9C-DCA5989A35EE}
[2011/12/06 10:31:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B499EE98-808F-43E3-AF7B-C1D2CFB6639D}
[2011/12/05 20:43:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{270CB042-4B81-404A-BC5F-7AC3DF4ED80C}
[2011/12/05 20:40:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C841A4A0-A2F4-494D-87FE-84517733B929}
[2011/12/05 08:39:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{71F7BD62-F436-47D8-B893-9AA108F0CBB8}
[2011/12/05 08:39:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2FE2CEA2-521D-4C6D-91CF-DE15A4C415A9}
[2011/12/04 19:17:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{DF000240-B76B-4F83-9C36-65E227840326}
[2011/12/04 19:17:31 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C55B472-ABA7-488A-B6B3-AD2B45E1E2C1}
[2011/12/04 07:17:15 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30E538D8-CC73-4B43-BAA4-53EA593ABEEB}
[2011/12/04 07:17:04 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{40F329B5-533D-420C-B73D-AAF596DAE7EE}
[2011/12/03 20:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/12/03 18:51:55 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7ADA6AA7-1C8A-45E4-9159-4D3522E2ED8F}
[2011/12/03 18:51:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{8E075C16-C1CA-4F35-8977-1DA4BE7675DC}
[2011/12/03 06:51:12 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A383C437-011B-4141-9737-3DCC184857A5}
[2011/12/03 06:51:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{44ED1B6B-33E6-4144-BE02-AAF2C290D032}
[2011/12/02 15:33:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4B1CE9B2-3504-45B2-A94C-AB29B1D5D5FC}
[2011/12/02 15:33:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E6C97B38-5004-41B8-BC72-4097D8FEAAD5}
[2011/12/01 22:17:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30C32184-3002-4580-8510-B87E220EB843}
[2011/12/01 22:17:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6A9F7A1C-C5E1-4528-B151-01E8C924D863}
[2011/12/01 06:25:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{62CE2358-1465-4CC1-B331-5BB131A3C447}
[2011/12/01 06:25:24 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0BB0A185-B19A-4655-B734-0FF7C8B28B67}
[2011/11/30 18:09:03 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4C7A3F48-657A-40F4-8918-CDB98954EE6F}
[2011/11/30 18:08:52 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{67D06AF6-980D-4ED5-B2F1-7A49B5F95AA6}
[2011/11/30 06:08:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0872C0BF-7C70-4A77-8CDC-7A170800BB8D}
[2011/11/30 06:08:12 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C6FC555E-E04D-405F-9655-70DF7C7FE1DC}
[2011/11/29 16:48:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{047E836A-0554-4378-A0B9-D8E83CFE7176}
[2011/11/29 16:48:29 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E1F173E0-341A-498E-8375-E9F5315D8FD8}
[2011/11/28 21:54:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C7EC194A-247F-4747-BFA3-CCFBD22507B6}
[2011/11/28 21:54:07 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B15F3D61-B8B6-4290-A6DF-28C9304BE3A3}
[2011/11/28 21:23:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C7CD7E0-28D2-4AAA-975A-C541FF78A8E8}
[2011/11/28 20:45:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0E4A3E23-76BA-4611-A904-4903473CDF9F}
[2011/11/28 08:04:41 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{53CFB9D8-F5FD-4F56-8CFD-BBBFC73EB988}
[2011/11/28 08:04:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{17093D43-92A4-4AE4-BABC-9400DBA65AEC}
[2011/11/27 20:03:21 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{47596AA7-F38C-4085-8FBC-84B0667569D6}
[2011/11/27 20:03:09 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{9380C12A-A91A-45C9-BEBD-30A85422A71C}
[2011/11/27 08:02:38 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{93A69AA3-ABED-4B39-9FD6-71C17635BAB6}
[2011/11/27 08:02:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{BF5F641A-EE36-4621-9060-CC0B28C3247E}
[2011/11/26 20:01:58 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{973D6241-D68A-4A62-8E52-B5CD8C25FD2C}
[2011/11/26 20:01:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5FD9E031-620F-4703-85BB-54FA5892A239}
[2011/11/26 07:59:35 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{79667194-165B-43AD-93CA-5BCE56864419}
[2011/11/26 07:59:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{38BF0332-050D-4A7B-8EF5-F8F83EA62F87}
[2011/11/25 23:30:02 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\Sothink
[2011/11/25 23:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2011/11/25 19:58:53 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{432640B3-A922-4245-817A-52107A4E91DD}
[2011/11/25 19:58:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0653ABC7-99FC-4EF3-A3DA-4E7C38CD0E53}
[2011/11/25 07:58:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{CAE73EC7-8207-4102-9E4F-299DC0A3B64D}
[2011/11/25 07:58:15 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D94920ED-452B-401D-B8D3-E150D7440AB3}
[2011/11/24 20:30:56 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\PrimoPDF
[2011/11/24 20:30:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Roaming\Nitro PDF
[2011/11/24 20:30:17 | 000,028,976 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2011/11/24 20:30:17 | 000,017,200 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2011/11/24 20:30:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nitro PDF
[2011/11/24 20:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2011/11/24 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\OpenCandy
[2011/11/24 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/11/24 19:57:46 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{CFF4F793-A70F-46E4-819A-F52831239D17}
[2011/11/24 19:57:35 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A0F0B1EF-7DC8-47C9-A073-C8523B2AAD9D}
[2011/11/24 18:32:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{77D4D9A1-8524-4DAD-A900-E5ABA49D5C95}
[2011/11/24 06:31:24 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6C7B014B-21E0-467E-B8C0-8A35329CE8FD}
[2011/11/24 06:31:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E218A85C-D176-4FD3-BBE1-8FA6422F28A2}
[2011/11/23 18:30:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C532CE85-99E8-47EF-86A3-C0F51712DB00}
[2011/11/23 18:30:07 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4435BC3F-70C9-443B-A207-723AA9537AE8}
[2011/11/23 06:29:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C09468C2-62FA-4E1D-A59C-3A2971D73DE5}
[2011/11/23 06:29:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0530BA9D-C9B6-4FC1-927B-0B2E6664679A}
[2011/11/22 17:56:08 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B94049A1-37E7-4CA9-BF53-25B759B1955A}
[2011/11/22 17:55:56 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E2D6B859-44AC-41B3-8616-E00FBCBD7EFA}
[2011/11/22 05:55:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{99A81EFC-AEC2-4694-B318-5641E69AEC3A}
[2011/11/22 05:55:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{54C1C1B6-CDBB-4EE6-AAA2-0F13880F85EB}
[2011/11/21 16:56:40 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{60E23CA2-6671-4C33-8743-390F26FD29CE}
[2011/11/21 16:56:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{386EA2FC-A0D6-407F-AB6C-4A872216D931}
[2011/11/20 19:44:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{EE2964D6-8C7E-4114-944B-4E397058B15A}
[2011/11/20 19:44:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B4E0C470-101B-418A-9DDA-DF0A02FB7A2D}
[2011/11/20 07:43:34 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{57751E98-76EF-4CD7-823B-5EDD7BE6E14C}
[2011/11/20 07:43:23 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E2384603-6EC3-44B9-9B62-98D04AF6C815}
[2011/11/19 19:03:05 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{8E76B888-ADBB-4A64-86BA-8BE01A6EE32C}
[2011/11/19 19:02:54 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6DD9C1CF-BBC4-4302-AE85-0F7269D6B759}
[2011/11/19 07:02:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{22C7FEE8-34B6-4097-9237-20384D9CBE90}
[2011/11/19 07:02:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5F9079F0-1CF5-414F-BBC2-887CDD0A196E}
[2011/11/18 18:29:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{33B73D6A-B1AD-4DF6-8BB0-1DD0D8413604}
[2011/11/18 18:29:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C488C56-B967-438C-9788-703DFA03F903}

========== Files - Modified Within 30 Days ==========

[2011/12/18 15:21:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.com
[2011/12/18 15:13:41 | 000,000,476 | ---- | M] () -- C:\Users\jon\Desktop\Local Disk (C) - Shortcut.lnk
[2011/12/18 15:03:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 15:03:13 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 15:03:13 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 15:02:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:02:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:01:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 14:54:54 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 14:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 14:53:53 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 17:37:36 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/13 17:36:57 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/13 17:33:26 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/13 17:33:26 | 000,002,203 | ---- | M] () -- C:\Users\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/12 23:41:39 | 000,000,448 | -H-- | M] () -- C:\ProgramData\sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~sgSJjtJANLgitEr
[2011/12/10 19:37:23 | 000,000,494 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jon.job
[2011/12/10 06:02:33 | 000,033,983 | -H-- | M] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/10 05:59:58 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2011/12/10 05:58:52 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/12/10 05:58:44 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2011/12/03 20:28:43 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk
[2011/11/29 17:53:25 | 000,230,560 | -H-- | M] () -- C:\Users\jon\Documents\Sports Action Grant application form_tcm44-192242 rev 1.pdf
[2011/11/26 18:36:08 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjon.job
[2011/11/24 20:32:34 | 000,084,061 | -H-- | M] () -- C:\Users\jon\Documents\2010-2011.pdf

========== Files Created - No Company Name ==========

[2011/12/18 15:13:40 | 000,000,476 | ---- | C] () -- C:\Users\jon\Desktop\Local Disk (C) - Shortcut.lnk
[2011/12/13 17:37:36 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/13 17:33:26 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/13 17:33:26 | 000,002,203 | ---- | C] () -- C:\Users\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/12 23:39:55 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~sgSJjtJANLgitE
[2011/12/12 23:39:55 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~sgSJjtJANLgitEr
[2011/12/12 23:39:48 | 000,000,448 | -H-- | C] () -- C:\ProgramData\sgSJjtJANLgitE
[2011/12/10 06:02:19 | 000,033,983 | -H-- | C] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/10 05:59:58 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011/12/10 05:59:58 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2011/12/03 20:28:43 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Met Office Desktop Widget.lnk
[2011/12/03 20:28:43 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk
[2011/11/24 20:32:22 | 000,084,061 | -H-- | C] () -- C:\Users\jon\Documents\2010-2011.pdf
[2011/11/24 20:29:15 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/11/24 20:29:08 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2011/10/24 15:33:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/08/14 20:53:18 | 000,000,017 | -H-- | C] () -- C:\Users\jon\AppData\Local\resmon.resmoncfg
[2011/02/10 04:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/05 06:31:07 | 000,001,940 | ---- | C] () -- C:\Users\jon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/23 08:26:15 | 000,001,854 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\GhostObjGAFix.xml
[2010/02/13 21:39:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/13 21:39:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/13 21:39:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/13 21:39:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/13 21:39:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/13 21:39:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/13 21:39:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/13 21:39:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/13 21:39:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/13 21:39:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/13 21:39:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/13 21:39:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/13 21:39:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/13 21:39:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/02/13 21:39:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/13 21:28:25 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010/02/11 21:26:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/08 21:16:01 | 000,000,182 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\wklnhst.dat
[2009/10/25 21:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/10/20 08:48:06 | 000,002,868 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/22 11:39:34 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/08/22 09:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/09/03 11:25:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe
[2005/06/07 07:05:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 9:20 am


========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/01 06:35:26 | 001,923,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\jon\install_flash_player.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/12/03 20:28:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/10/20 08:25:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010/09/16 05:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2009/10/20 08:23:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/14 18:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/10/24 15:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chrome
[2010/07/02 10:48:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/12/18 14:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/02/11 09:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2009/10/20 08:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/09/25 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/11/06 13:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Docudesk
[2011/11/10 19:27:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Driving Test Success - All Tests 2011 Edition
[2010/09/22 18:26:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA SPORTS
[2010/02/13 21:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FoxTabFLVPlayer
[2011/12/18 14:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/12/18 14:51:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/09/15 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2011/10/28 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/10/05 18:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
[2011/09/15 18:36:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/18 14:52:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/06/18 05:55:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/02/11 09:58:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger Plus! Live
[2010/02/11 09:58:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger_Plus_Live_UK
[2011/12/03 20:28:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/10/16 15:52:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/04/15 21:43:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Forefront
[2011/12/18 14:40:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/08/22 10:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/10/30 19:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2011/10/13 22:00:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/20 08:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/12/15 08:49:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/30 19:46:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/25 22:29:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/10/20 08:51:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2011/12/18 14:51:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nitro PDF
[2010/04/20 05:59:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/12/18 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/10/20 08:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SopCast
[2011/04/19 17:18:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2009/07/14 04:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/10/09 21:03:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010/05/22 20:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veoh Networks
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/10/05 13:25:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/07/16 15:44:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/15 15:30:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 06:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 06:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/11 15:10:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/06/13 23:52:23 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/11 15:10:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/11 15:10:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 20, 2011 9:21 am

OTL Extras logfile created on: 12/18/2011 3:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.14 Gb Available Physical Memory | 7.89% Memory free
3.49 Gb Paging File | 1.15 Gb Available in Paging File | 32.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.22 Gb Total Space | 174.58 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 2.22 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}" = Microsoft Forefront Client Security Antimalware Service
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D12CCBE2-1EC9-41EE-ABF2-D149D05FCE53}" = Nitro PDF Reader 2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A5C7EED-1A45-C2B6-2E39-E58BD6955E1D}" = Met Office Desktop Widget
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2011 Edition
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_UK Toolbar" = Messenger_Plus_Live_UK Toolbar
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"uk.gov.meto.pws.air" = Met Office Desktop Widget
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 488
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
An attempt to create the file "C:\Users\jon\AppData\Local\Microsoft\Windows Live
Mail\Calendars\jon.storey@hotmail.co.uk\DBStore\WLCalendarStore.pat" failed with
system error 5 (0x00000005): "Access is denied. ". The create file operation will
fail with error -1032 (0xfffffbf8).

Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 217
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
Error (-1032) during backup of a database (file C:\Users\jon\AppData\Local\Microsoft\Windows
Live Mail\Calendars\jon.storey@hotmail.co.uk\DBStore\WLCalendarStore.edb). The
database will be unable to restore.

Error - 12/13/2011 12:49:15 PM | Computer Name = jon-PC | Source = ESENT | ID = 215
Description = wlmail (3164) C:\Users\jon\AppData\Local\Microsoft\Windows Live Mail\Calendars\jon.storey@hotmail.co.uk\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 488
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
An attempt to create the file "C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 217
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
Error (-1032) during backup of a database (file C:\Users\jon\AppData\Local\Microsoft\Windows
Live\Contacts\jon.storey@hotmail.co.uk\15.4\DBStore\contacts.edb). The database
will be unable to restore.

Error - 12/13/2011 12:49:38 PM | Computer Name = jon-PC | Source = ESENT | ID = 215
Description = wlcomm (2788) C:\Users\jon\AppData\Local\Microsoft\Windows Live\Contacts\jon.storey@hotmail.co.uk\15.4\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 12/15/2011 12:54:02 PM | Computer Name = jon-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleToolbarUser_32.exe, version: 7.2.2318.1946,
time stamp: 0x4ec6bd6a Faulting module name: GoogleToolbarDynamic_32_9F5D286_unloaded,
version: 0.0.0.0, time stamp: 0x4ec6b9ba Exception code: 0xc0000005 Fault offset:
0x635e33ca Faulting process id: 0x1188 Faulting application start time: 0x01ccbb487e225dc0
Faulting
application path: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
Faulting
module path: GoogleToolbarDynamic_32_9F5D286 Report Id: 6383fa7d-273d-11e1-abce-00269eaa85c2

Error - 12/16/2011 1:19:50 PM | Computer Name = jon-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 12/17/2011 3:36:54 PM | Computer Name = jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary szkg5. System Error: The system cannot find the file specified. .

Error - 12/18/2011 11:19:18 AM | Computer Name = jon-PC | Source = Application Hang | ID = 1002
Description = The program HPSF.exe version 6.0.5.4 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 5f8 Start Time:
01ccbd965e7baf67 Termination Time: 738 Application Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Report Id: 507ea7f8-298b-11e1-8234-964ce5464faa

[ Hewlett-Packard Events ]
Error - 7/14/2011 2:47:05 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071114074656.xml
File not created by asset agent

Error - 7/21/2011 3:18:43 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071121081835.xml
File not created by asset agent

Error - 8/11/2011 3:19:32 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081111081921.xml
File not created by asset agent

Error - 9/1/2011 2:44:53 PM | Computer Name = jon-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091101074442.xml
File not created by asset agent

Error - 9/22/2011 1:09:07 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/0040a9f1_59e0_488e_8177_40696fd4fdb4/efkmpryy9bru8ytwrlkm85rj_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1788 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 10/20/2011 1:06:27 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232828 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception has been thrown by the target of an invocation. StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: mscorlib InnerException.Message: Could not find file 'C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Translations\en-US\localize_en-US.xml'.

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1788 Ram Utilization: 60 TargetSite: System.Object
CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle
ByRef, Boolean ByRef)

Error - 12/8/2011 2:46:12 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/c71b7dad_8db5_4fb4_974b_2d32ff057455/ogicmspsnhmq6qri+e7ugoi__5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1788 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 12/15/2011 2:16:14 PM | Computer Name = jon-PC | Source = hpsa_service.exe | ID = 2000
Description =

Error - 12/15/2011 2:18:40 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/15/2011 2:18:40 PM | Computer Name = jon-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 11/21/2011 2:29:55 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:29:54 - Error connecting to the internet. 06:29:54 - Unable
to contact server..

Error - 11/21/2011 2:30:30 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:30:24 - Error connecting to the internet. 06:30:24 - Unable
to contact server..

Error - 11/21/2011 8:00:58 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 12:00:58 - Failed to retrieve Directory (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 11/21/2011 8:01:34 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 12:01:27 - Error connecting to the internet. 12:01:27 - Unable
to contact server..

Error - 11/30/2011 2:00:35 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:00:35 - Error connecting to the internet. 06:00:35 - Unable
to contact server..

Error - 11/30/2011 2:00:53 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 06:00:41 - Error connecting to the internet. 06:00:41 - Unable
to contact server..

Error - 12/6/2011 1:31:42 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 05:31:42 - Error connecting to the internet. 05:31:42 - Unable
to contact server..

Error - 12/6/2011 1:32:29 AM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 05:32:21 - Error connecting to the internet. 05:32:21 - Unable
to contact server..

Error - 12/8/2011 9:12:38 PM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 01:12:17 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/8/2011 9:12:46 PM | Computer Name = jon-PC | Source = MCUpdate | ID = 0
Description = 01:12:38 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ OSession Events ]
Error - 10/24/2011 1:28:46 PM | Computer Name = jon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2795
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/17/2011 5:53:20 AM | Computer Name = jon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:51:50 on ?17/?12/?2011 was unexpected.

Error - 12/17/2011 7:50:45 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7034
Description = The Easybits Shared Services for Windows service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/17/2011 8:11:18 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Support Assistant Service service to connect.

Error - 12/17/2011 8:11:18 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%1053

Error - 12/17/2011 8:33:07 AM | Computer Name = jon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the szserver service.

Error - 12/17/2011 3:36:46 PM | Computer Name = jon-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 4:26:28 AM | Computer Name = jon-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/18/2011 7:10:19 AM | Computer Name = jon-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/18/2011 7:10:26 AM | Computer Name = jon-PC | Source = bowser | ID = 8003
Description =

Error - 12/18/2011 10:54:32 AM | Computer Name = jon-PC | Source = FCSAM | ID = 2004
Description = %%830 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%826 Loading signature version: 1.117.1260.0;1.117.1260.0 Loading engine
version: 1.1.7903.0


< End of report >

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Thu Dec 22, 2011 6:33 pm

Sorry for the wait!!
Please run OTL.exe.


Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Code:
 :killall
    :otl
    O4 - HKLM..\Run: [] File not found
    :files
    C:\Program Files (x86)\Ask.com
    C:\Program Files (x86)\Free Offers from Freeze.com
    :commands
    [reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

Then:

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 22, 2011 7:40 pm

Error: Unable to interpret <:killall> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File boot] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12222011_193853

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 22, 2011 10:17 pm

ComboFix 11-12-22.04 - jon 22/12/2011 20:05:55.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.537 [GMT 0:00]
Running from: c:\users\jon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~sgSJjtJANLgitE
c:\programdata\~sgSJjtJANLgitEr
c:\programdata\sgSJjtJANLgitE
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2F3E1802-7078-4D9D-847E-F5D7CAE24E83}\Setup.exe
c:\users\jon\AppData\Local\assembly\tmp
c:\windows\Fonts\ftrabd__.ttf
c:\windows\Fonts\ftrabk__.ttf
c:\windows\Fonts\ftrabki_.ttf
c:\windows\Fonts\ftrahv__.ttf
c:\windows\Fonts\ftralt__.ttf
c:\windows\Fonts\ftramd__.ttf
c:\windows\system32\java.exe
c:\windows\SysWow64\csftxctl.ocx
c:\windows\SysWow64\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 20:58 . 2011-12-22 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 19:38 . 2011-12-22 19:38 -------- d-----w- C:\_OTL
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 09:19 . 2011-12-22 09:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-22 09:18 . 2011-12-22 09:19 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-20 07:55 . 2011-12-20 07:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 17:18 . 2011-12-18 11:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-16 16:27 . 2011-12-16 17:08 -------- d-----w- c:\programdata\PC Tools
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-25 23:30 . 2011-11-25 23:30 -------- d--h--w- c:\users\jon\AppData\Local\Sothink
2011-11-25 23:29 . 2011-11-25 23:31 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2011-11-24 20:30 . 2011-12-10 05:54 -------- d--h--w- c:\users\jon\AppData\Roaming\PrimoPDF
2011-11-24 20:30 . 2011-12-20 09:55 -------- d--h--w- c:\users\jon\AppData\Roaming\Nitro PDF
2011-11-24 20:30 . 2011-06-21 18:56 17200 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-11-24 20:30 . 2011-06-21 18:56 28976 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-11-24 20:30 . 2011-11-24 20:30 -------- d--h--w- c:\programdata\Nitro PDF
2011-11-24 20:29 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2011-11-24 20:29 . 2011-12-18 14:52 -------- d-----w- c:\users\jon\AppData\Roaming\OpenCandy
2011-11-24 20:29 . 2011-12-22 15:24 -------- d-----w- c:\program files (x86)\Nitro PDF
.
.
.

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 22, 2011 10:18 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 21:05 . 2011-12-22 09:20 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\offreg.dll
2011-12-22 09:37 . 2011-12-22 09:37 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\MpKslc4e98500.sys
2011-12-22 09:20 . 2011-12-22 09:21 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BB5735B-F8CA-42B5-8A1F-7932C81F9ECC}\gapaengine.dll
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-21 03:40 . 2011-12-22 09:20 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\mpengine.dll
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-08 22:55 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2009-12-31 11:53 2349080 ----a-w- c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 MpKslc4e98500;MpKslc4e98500;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B3C2C27-06E5-4679-AFC7-B15D81E22F9E}\MpKslc4e98500.sys [2011-12-22 35664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-11-26 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
WebBrowser-{77F40091-495B-4C46-9068-2B24C4133157} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 22, 2011 10:19 pm

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-12-22 21:37:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 21:37
.
Pre-Run: 187,295,875,072 bytes free
Post-Run: 188,834,516,992 bytes free
.
- - End Of File - - 97BF837EA8BAB1AB4A91BAA9103098E9

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Tue Dec 27, 2011 10:02 pm

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::
    Reglock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


How's your computer running?



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 27, 2011 10:22 pm

Hi its seems to getting worse

Killall::
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Tue Dec 27, 2011 10:25 pm

When i mixed the files that was the result

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed Dec 28, 2011 12:53 am

Hi

Downloaded combofix.exe again then followed instructions

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed Dec 28, 2011 11:35 am

Hi

Surfed for a good hour with no redirection. Then worked on Microsoft Word, after 10 minutes got a small pop up in chinese for Facebook. Cancelled it. 10 minutes later went back online to copy the work I done on Microsoft Word onto Sport England website and got redirected to [You must be registered and logged in to see this link.] Don;t know if this helps or hinders.

Jonnieboy

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Thu Dec 29, 2011 2:49 pm

Command switches used :: c:\users\jon\Desktop\CFScript.txt - Shortcut.lnk
When you ran Combofix, it was run from your downloads file. You need to open your downloads file and either copy/paste or save to desktop the Combofix file .
Using the shortcut.Ink will not allow the step to work. This is why the fix was not applied and the symptoms are getting worse.
After you get the above step completed we need to run it again.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::
    Reglock::
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)



  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 29, 2011 6:32 pm

ComboFix 11-12-29.04 - jon 29/12/2011 16:35:57.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.394 [GMT 0:00]
Running from: c:\users\jon\Desktop\Combofix.exe
Command switches used :: c:\users\jon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 17:25 . 2011-12-29 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 16:08 . 2011-12-29 16:08 -------- d-----w- C:\Commy
2011-12-29 15:39 . 2011-12-29 17:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D290CF2F-8303-470F-924D-3FFA03CB143F}\offreg.dll
2011-12-29 10:21 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D290CF2F-8303-470F-924D-3FFA03CB143F}\mpengine.dll
2011-12-28 10:49 . 2011-12-28 10:49 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-12-28 09:11 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-27 10:23 . 2011-11-15 14:29 222080 ------w- c:\windows\SysWow64\MpSigStub.exe
2011-12-27 09:07 . 2011-10-04 17:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A073D7A2-AFC5-424B-AB80-3FD54D201B3E}\gapaengine.dll
2011-12-27 09:04 . 2011-12-27 09:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\offreg.dll
2011-12-27 09:04 . 2011-11-30 02:21 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\mpengine.dll
2011-12-27 09:02 . 2011-12-27 09:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-27 09:01 . 2011-12-27 09:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 08:50 . 2011-12-27 08:50 -------- d--h--w- c:\programdata\Common Files
2011-12-27 08:49 . 2011-12-27 08:50 -------- d-----w- c:\programdata\MFAData
2011-12-26 11:42 . 2011-12-27 08:57 -------- dc----w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2011-12-24 08:06 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-24 08:06 . 2011-12-24 08:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-24 08:06 . 2011-12-24 08:06 -------- d-----w- c:\users\jon\AppData\Roaming\PC Tools
2011-12-24 07:54 . 2011-12-24 07:54 -------- d-----w- c:\users\jon\AppData\Roaming\TestApp
2011-12-22 19:38 . 2011-12-22 19:38 -------- d-----w- C:\_OTL
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 08:31 . 2011-12-22 08:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\offreg.dll
2011-12-21 08:32 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\mpengine.dll
2011-12-20 11:57 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Sky Broadband
2011-12-20 07:55 . 2011-12-20 07:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 17:18 . 2011-12-18 11:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-16 16:27 . 2011-12-24 08:06 -------- d-----w- c:\programdata\PC Tools
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-10 05:59 . 2011-12-24 08:50 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-12-10 05:59 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-12-03 20:28 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Met Office Desktop Widget
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-21 11:40 . 2011-04-16 06:57 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 14:29 . 2010-04-10 17:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 05:54 . 2010-12-24 21:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-27_23.52.09 )))))))))))))))))))))))))))))))))))))))))
.

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 29, 2011 6:33 pm

.
+ 1998-06-17 18:08 . 1998-06-17 18:08 53248 c:\windows\SysWOW64\MFC42ENU.DLL
+ 1998-03-26 00:00 . 1998-03-26 00:00 38160 c:\windows\SysWOW64\MAPISRVR.EXE
+ 2001-01-22 03:25 . 2001-01-22 03:25 32768 c:\windows\SysWOW64\ATHPRXY.DLL
+ 2009-08-22 09:34 . 2011-12-29 17:30 72724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-29 17:30 67538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 01:58 . 2011-12-29 17:30 18196 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587992434-3900482413-3266186353-1001_UserData.bin
- 2009-10-20 08:42 . 2011-12-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-20 08:42 . 2011-12-28 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-20 08:42 . 2011-12-27 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-20 08:42 . 2011-12-28 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-28 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-27 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-09 01:54 . 2011-12-29 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 01:54 . 2011-12-15 15:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 01:54 . 2011-12-29 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-09 01:54 . 2011-12-10 09:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-22 10:48 . 2011-12-29 11:31 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-07-14 05:38 . 2011-12-29 17:28 67584 c:\windows\bootstat(522).dat
- 2009-07-14 05:38 . 2011-12-27 23:49 67584 c:\windows\bootstat(522).dat
- 2011-12-27 23:50 . 2011-12-27 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 17:28 . 2011-12-29 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 17:28 . 2011-12-29 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-27 23:50 . 2011-12-27 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-28 10:49 . 2011-12-29 09:17 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-04-03 17:52 . 2000-04-03 17:52 151552 c:\windows\SysWOW64\RDOCURS.DLL
+ 1998-12-08 18:53 . 1998-12-08 18:53 212480 c:\windows\SysWOW64\PCDLIB32.DLL
+ 2000-05-11 13:06 . 2000-05-11 13:06 397312 c:\windows\SysWOW64\MSRDO20.DLL
+ 1998-10-01 12:00 . 1998-10-01 12:00 520128 c:\windows\SysWOW64\MAPI.DLL
+ 2010-02-09 15:56 . 2011-12-29 15:08 124446 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-29 16:20 632742 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-27 11:13 632742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 632742 c:\windows\system32\perfh009(7767).dat
- 2009-07-14 02:36 . 2011-12-27 11:13 632742 c:\windows\system32\perfh009(7767).dat
- 2009-07-14 02:36 . 2011-12-27 11:13 114702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 114702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-27 11:13 114702 c:\windows\system32\perfc009(7763).dat
+ 2009-07-14 02:36 . 2011-12-29 16:20 114702 c:\windows\system32\perfc009(7763).dat
+ 2009-07-14 04:45 . 2011-12-29 15:39 374264 c:\windows\system32\FNTCACHE.DAT
- 2010-03-08 20:29 . 2011-12-10 09:56 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-08 20:29 . 2011-12-29 08:49 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-12-29 17:27 325424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-08-22 10:48 . 2011-12-27 11:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 10:48 . 2011-12-27 11:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-12-28 10:49 . 2011-12-29 09:17 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-12-29 11:30 . 2011-12-29 11:30 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-12-27 10:58 . 2011-12-27 10:58 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-05-24 19:00 . 2011-12-28 22:26 2206192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3587992434-3900482413-3266186353-1001-12288.dat
+ 2001-03-01 23:38 . 2001-03-01 23:38 3485184 c:\windows\Installer\646d5c.msi
- 2009-08-22 10:48 . 2011-12-27 11:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-22 10:48 . 2011-12-29 11:31 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-10-22 21:20 . 2011-12-29 17:27 23979448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3587992434-3900482413-3266186353-1001-8192.dat
+ 2004-01-30 03:19 . 2004-01-30 03:19 56269996 c:\windows\Installer\9fb71.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Dec 29, 2011 6:33 pm

.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 02:15]
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-12-29 17:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 17:55
.
Pre-Run: 190,699,151,360 bytes free
Post-Run: 190,785,257,472 bytes free
.
- - End Of File - - FFDAD7CA52A83C9E68FC0FD086864EEE

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Fri Dec 30, 2011 12:26 am

ok that looks good.
Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri Dec 30, 2011 7:38 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Hi houndmom

Its still happening, when the Esetonlinescanner was running I was getting pop ups.

Regards Jonnieboy Jon

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Fri Dec 30, 2011 4:53 pm

Could you post the rest of the ESET log?

Please look here for the rest of the report:
[*]Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
[*]Copy and paste that log as a reply to this topic



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri Dec 30, 2011 5:01 pm

Hi

That was all the text. The first time I ran it it didn't leave a log.txt so I ran it again and that was yhe result.

Regards Jon

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri Dec 30, 2011 7:10 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

ran it again and got the above

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Sat Dec 31, 2011 1:29 am

Okay let's run another OTL scan:

Reopen OTL from your desktop

Close all windows and double click OTL.exe.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 8:25 am

OTL logfile created on: 12/31/2011 8:02:52 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.07% Memory free
3.49 Gb Paging File | 2.02 Gb Available in Paging File | 57.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.22 Gb Total Space | 176.29 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 2.22 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 07:42:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
PRC - [2011/12/13 17:36:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/11/06 22:49:56 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 22:18:27 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:18:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 22:17:59 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 22:17:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 22:17:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 22:17:03 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 22:16:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 18:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 18:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 19:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/27 08:57:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/30 00:16:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39917632-BF97-4E7D-97F2-CA9305ABBE63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F421CA39-9852-40BA-852C-A83496C9B819}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 8:27 am

MsConfig:64bit - StartUpFolder: C:^Users^jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Microsoft Forefront Client Security Antimalware Service - hkey= - key= - c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PC Optimizer Pro - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 8:28 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 07:41:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2011/12/30 21:49:03 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{173B9ECA-3F7A-4BCF-8C43-C18691AC944F}
[2011/12/30 21:48:51 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A9934F34-8E4A-4D65-A3E1-4D9C5DE7345E}
[2011/12/30 16:04:02 | 000,039,192 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/12/30 15:57:06 | 000,000,000 | ---D | C] -- C:\Users\jon\Documents\RegRun2
[2011/12/30 09:48:21 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{09FAE334-88C2-4AAC-9052-F1ADF2C9D8FB}
[2011/12/30 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{9953E2D4-03B3-4C5B-B8AD-00AF21CFCC2C}
[2011/12/30 07:33:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/30 00:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/30 00:43:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/29 23:13:38 | 000,000,000 | ---D | C] -- C:\Combofix
[2011/12/29 21:46:34 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{C4AD270C-A41F-4FAB-85EA-05009B3896F0}
[2011/12/29 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{70B92039-0184-4AA3-8E05-6331F5F31CAD}
[2011/12/29 16:21:29 | 000,000,000 | ---D | C] -- C:\Commy17984C
[2011/12/29 16:08:25 | 000,000,000 | ---D | C] -- C:\Commy
[2011/12/29 16:03:22 | 004,356,196 | R--- | C] (Swearware) -- C:\Users\jon\Desktop\Combofix.exe
[2011/12/29 09:22:37 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{45753510-642F-4982-8FF2-2D4B135EBA8B}
[2011/12/29 09:22:25 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{AECF180A-8B50-4840-8D1A-D11DB06C6630}
[2011/12/28 21:21:55 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{81B9F521-5C15-429F-861B-850A0FE3B7F4}
[2011/12/28 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{3CCB7F89-1D57-4DFA-8B62-B5BF83FD453E}
[2011/12/28 11:16:43 | 000,000,000 | --SD | C] -- C:\Users\jon\Documents\My Webs
[2011/12/28 10:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2011/12/28 10:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/12/28 09:21:11 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0723EFD9-4CB1-4A8D-A412-4D0DE893EF0F}
[2011/12/28 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{243EA0BB-DB47-47DB-8D24-330C33865886}
[2011/12/27 22:43:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/27 21:20:23 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{AB204D6D-34BC-430E-81A6-42A3455D35AA}
[2011/12/27 21:20:11 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{5CF64E0C-1574-490A-8DC0-0379DCB2C401}
[2011/12/27 10:42:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/27 10:42:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/27 10:42:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/27 10:23:39 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MpSigStub.exe
[2011/12/27 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{3EC913CD-41A8-4D66-A38A-F056879792B2}
[2011/12/27 09:19:13 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{66A5DFAD-52C0-4938-9705-4227917A9A75}
[2011/12/27 09:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/27 09:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/27 08:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/27 08:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/26 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{1A788D1E-6535-4ECB-A939-81D55CF5E3E8}
[2011/12/26 21:18:30 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{BD6B8F56-AE47-4CBC-B156-C7D5CF816EE3}
[2011/12/26 11:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2011/12/26 09:18:00 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{ED40A493-AE49-4851-A6C2-40886AAA55FF}
[2011/12/26 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{6CA4E4AF-A478-44C5-9502-F3867CBFF8C3}
[2011/12/25 20:13:58 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B8A9075B-52CE-4AAE-882A-5875D47FC30A}
[2011/12/25 20:13:48 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{495D16AD-B882-4059-A88C-060442E20D61}
[2011/12/25 08:13:19 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{59ECF213-A81C-4DAD-BCCF-8E836757AC51}
[2011/12/25 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{F23266EC-9AF2-4B09-BCFE-56F8E4E07B5C}
[2011/12/24 20:12:38 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{E5D6A73E-E5CC-487E-A9E9-F0352B4CBCFC}
[2011/12/24 20:12:21 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{80885FD4-0949-4F4C-8BC8-70089AC67204}
[2011/12/24 20:08:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/24 08:06:49 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\PC Tools
[2011/12/24 08:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 07:54:05 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\TestApp
[2011/12/23 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{501B2A4F-AEB0-4786-AEBC-B3A6E7A92312}
[2011/12/23 21:40:37 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{5CC98081-4556-4B4C-9B06-D608A840185F}
[2011/12/23 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{D64A9837-8CAC-4290-88C9-74EFCF61E7A1}
[2011/12/23 09:40:10 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{10265208-946B-41C7-9D8C-C3C592FDC807}
[2011/12/22 21:39:42 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{F95D379C-36B2-48EB-885B-B9EB58FD0505}
[2011/12/22 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{FFD847C2-0AC2-41FC-9AD3-AB1D831DC6F3}
[2011/12/22 19:56:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/22 19:56:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/22 19:49:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/22 19:47:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/22 19:38:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/22 15:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011/12/22 09:16:32 | 052,988,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/12/22 09:08:29 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{AF32E72F-FA79-4CB1-882D-08908D5E4B26}
[2011/12/22 09:08:17 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{82543FEC-9095-45D0-995B-97075205EB26}
[2011/12/21 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{30B4158F-3195-4636-8A4E-51E562D45F79}
[2011/12/21 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{07FA2C2D-D1F1-459F-9AB2-C591AA81850B}
[2011/12/21 09:06:47 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{642E22AC-55D9-4AD4-A8B6-038FAEB12A34}
[2011/12/21 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B8D7ABD2-3454-447C-9962-E1888DC2E36A}
[2011/12/20 21:05:55 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{E09C4150-4C04-43D8-90DB-85AC530F25D9}
[2011/12/20 21:05:40 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{65CBDF97-6D09-4043-9B4D-87CBC019CF22}
[2011/12/20 11:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sky Broadband
[2011/12/20 09:05:03 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{7B3E1710-81EB-495E-8E05-A4186EB4DBDD}
[2011/12/20 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{606FD4C9-FFC3-4B41-89C7-CA8FBC492223}
[2011/12/20 07:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 07:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/19 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{8C416A0E-4CA1-49D7-B2D0-5B85DDEDF747}
[2011/12/19 21:03:53 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{670A4657-3ACA-4BE1-AF69-4513CF3118A8}
[2011/12/19 07:41:24 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A12CB41E-3D61-4DF6-8212-FF25B748C0EC}
[2011/12/19 07:41:12 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{D323254C-83E5-4F7E-8506-70C2FC44F5D8}
[2011/12/18 22:23:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/18 22:23:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/18 22:23:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/18 22:23:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/18 22:23:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/18 22:23:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/18 22:23:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/18 22:23:31 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/18 22:23:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/18 22:23:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/18 22:23:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/18 15:40:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/18 15:38:21 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/18 15:38:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/18 15:04:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B06BFB5A-45F4-4303-A880-FBF76E191340}
[2011/12/18 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{5B94A995-C8FD-45EA-9C34-46F66D564772}
[2011/12/18 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{8F1F0BBE-FF2D-4DEB-B584-5B7D506EB8DA}
[2011/12/18 08:35:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{ADB3E98A-9002-4B44-A8AA-7C8DEB56D023}
[2011/12/17 19:58:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CDBEC91B-688B-4B7B-812D-CE1061A49306}
[2011/12/17 19:56:36 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A3206A43-EA54-4CED-A7AC-486487C707BF}
[2011/12/17 12:48:09 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\Malwarebytes
[2011/12/17 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 07:55:56 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{DD66D6BA-EE78-495A-B846-3561E2A739C4}
[2011/12/17 07:55:46 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{CCA054FB-73B9-4001-B628-0FCF6D94DF71}
[2011/12/16 19:52:58 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{57345002-A66E-40EE-9E25-082790EB20FC}
[2011/12/16 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{EF2A0B93-D979-44F0-9438-609037D51312}
[2011/12/16 07:50:59 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{4BF2D94E-A6C3-40BF-AA8A-4BEB5B19FE41}
[2011/12/16 07:50:47 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{029ED588-8396-4882-B1CB-FE3B0CBC22DA}
[2011/12/15 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{B0575C17-91E6-485E-8B38-F5C3FFC8613C}
[2011/12/15 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{87C49397-5A68-4B9F-A871-0A1209F3DCD2}
[2011/12/15 08:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/12/15 07:48:24 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{63B8CEE1-63C4-4E0F-9BDE-61AEFAFC9074}
[2011/12/15 07:48:00 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{A49BFF0C-E205-45E4-A73A-B0A7397BC191}
[2011/12/13 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{863A8E29-4CB3-4F7C-9804-B249CD1184DC}
[2011/12/13 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0825CC4C-E3D8-472F-92B3-B9642F2DE7BD}
[2011/12/13 17:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/12/13 17:36:57 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/13 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/13 16:45:13 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{0DF0F546-8D63-4F07-895C-1AF9036A71A9}
[2011/12/13 16:45:02 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Local\{975BCD31-1200-45A8-B746-AD1AA63A4056}
[2011/12/12 16:50:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5C7A5847-B987-4BB7-A40B-534271E834F3}
[2011/12/12 16:50:11 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{5A4BD468-5EC9-401F-BF2F-0120E4A852A6}
[2011/12/11 20:24:33 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C8382C8C-8568-4EA4-86D9-E357EC33CC2F}
[2011/12/11 20:24:22 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B10B48B4-9BAE-4C71-B97E-14B54F6A084F}
[2011/12/11 08:23:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{75EB5DC4-BE1F-467A-B7BD-E55FADB51268}
[2011/12/11 08:23:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{FDDFCB82-BEC1-47AE-B634-2C749002C76D}
[2011/12/10 16:56:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{14F3F221-3D92-428E-BA1F-B0023C906BA7}
[2011/12/10 16:56:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{83431C49-6187-414F-AB77-748CD006F219}
[2011/12/10 05:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/12/10 05:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/12/10 04:55:51 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7AFA70E0-5D41-4596-A55C-CEA9E83F3CF9}
[2011/12/10 04:55:40 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D5A6DB03-488C-4B35-AAFD-C9485007E623}
[2011/12/09 09:16:10 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{AF1971EB-F740-4478-B0BF-DBD6D2A3B6F3}
[2011/12/09 09:15:59 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4D34B021-9A0C-489E-AB92-6EE705249F83}
[2011/12/08 21:15:28 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{81D52494-31F6-4758-8C8E-D7CD35BA7131}
[2011/12/08 21:15:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E1D3D07A-CA90-48F9-BDC9-CD86F24E1862}
[2011/12/08 08:35:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{663E1277-0F31-44AD-A314-F54A41745436}
[2011/12/08 08:35:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06307C1D-EC05-44FD-A77D-03A273BBC6A2}
[2011/12/07 11:28:17 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{06602827-1C33-489B-8816-7AD7683ABDE5}
[2011/12/07 11:28:06 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A58660D4-9090-483D-ACA7-B7402A9A6C44}
[2011/12/06 23:27:36 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{D3D1E0EB-A3C9-47FA-AC73-200C9DF74235}
[2011/12/06 23:27:25 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{700C0E23-25E5-46A3-A689-78D07D366B9B}
[2011/12/06 10:31:27 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{0583D135-6A92-4091-AD9C-DCA5989A35EE}
[2011/12/06 10:31:16 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{B499EE98-808F-43E3-AF7B-C1D2CFB6639D}
[2011/12/05 20:43:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{270CB042-4B81-404A-BC5F-7AC3DF4ED80C}
[2011/12/05 20:40:19 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{C841A4A0-A2F4-494D-87FE-84517733B929}
[2011/12/05 08:39:49 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{71F7BD62-F436-47D8-B893-9AA108F0CBB8}
[2011/12/05 08:39:37 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2FE2CEA2-521D-4C6D-91CF-DE15A4C415A9}
[2011/12/04 19:17:42 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{DF000240-B76B-4F83-9C36-65E227840326}
[2011/12/04 19:17:31 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{2C55B472-ABA7-488A-B6B3-AD2B45E1E2C1}
[2011/12/04 07:17:15 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30E538D8-CC73-4B43-BAA4-53EA593ABEEB}
[2011/12/04 07:17:04 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{40F329B5-533D-420C-B73D-AAF596DAE7EE}
[2011/12/03 20:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/12/03 18:51:55 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{7ADA6AA7-1C8A-45E4-9159-4D3522E2ED8F}
[2011/12/03 18:51:43 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{8E075C16-C1CA-4F35-8977-1DA4BE7675DC}
[2011/12/03 06:51:12 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{A383C437-011B-4141-9737-3DCC184857A5}
[2011/12/03 06:51:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{44ED1B6B-33E6-4144-BE02-AAF2C290D032}
[2011/12/02 15:33:26 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{4B1CE9B2-3504-45B2-A94C-AB29B1D5D5FC}
[2011/12/02 15:33:14 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{E6C97B38-5004-41B8-BC72-4097D8FEAAD5}
[2011/12/01 22:17:13 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{30C32184-3002-4580-8510-B87E220EB843}
[2011/12/01 22:17:01 | 000,000,000 | -H-D | C] -- C:\Users\jon\AppData\Local\{6A9F7A1C-C5E1-4528-B151-01E8C924D863}

========== Files - Modified Within 30 Days ==========

[2011/12/31 08:01:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 07:42:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2011/12/31 07:41:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 07:41:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 07:34:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 07:34:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(9577).DAT
[2011/12/31 07:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/31 07:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(522).dat
[2011/12/31 07:34:20 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 00:14:13 | 000,735,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/31 00:14:13 | 000,632,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/31 00:14:13 | 000,632,742 | ---- | M] () -- C:\Windows\SysNative\perfh009(7767).dat
[2011/12/31 00:14:13 | 000,114,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/31 00:14:13 | 000,114,702 | ---- | M] () -- C:\Windows\SysNative\perfc009(7763).dat
[2011/12/30 16:10:11 | 000,000,440 | ---- | M] () -- C:\Windows\SysWow64\PARTLOGN.EXE
[2011/12/30 16:09:09 | 000,000,111 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2011/12/30 16:04:02 | 000,039,192 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/12/30 15:57:08 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/12/30 15:57:08 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/12/30 15:57:08 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/12/30 00:16:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 23:11:41 | 004,356,196 | R--- | M] (Swearware) -- C:\Users\jon\Desktop\Combofix.exe
[2011/12/29 15:39:07 | 000,374,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/29 12:32:20 | 000,011,776 | ---- | M] () -- C:\Users\jon\Documents\adp1.adp
[2011/12/28 10:52:00 | 000,000,162 | -H-- | M] () -- C:\Users\jon\Documents\~$feguarding Children Policy.rtf
[2011/12/28 10:50:50 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/12/28 10:49:17 | 000,001,959 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/27 12:36:15 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjon.job
[2011/12/27 09:02:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/24 20:08:33 | 144,129,606 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/20 07:55:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/13 17:36:57 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/12/13 17:36:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/12/13 17:36:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/12/13 17:36:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/10 06:02:33 | 000,033,983 | -H-- | M] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/07 11:44:28 | 052,988,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/12/03 20:28:43 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk

========== Files Created - No Company Name ==========

[2011/12/30 16:05:42 | 000,000,440 | ---- | C] () -- C:\Windows\SysWow64\PARTLOGN.EXE
[2011/12/30 16:03:10 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2011/12/30 15:57:08 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/12/30 15:57:08 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/12/30 15:57:08 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/12/28 22:24:44 | 000,011,776 | ---- | C] () -- C:\Users\jon\Documents\adp1.adp
[2011/12/28 10:52:00 | 000,000,162 | -H-- | C] () -- C:\Users\jon\Documents\~$feguarding Children Policy.rtf
[2011/12/28 10:50:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/28 10:49:17 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2011/12/28 10:49:17 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2011/12/28 10:49:17 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2011/12/28 10:49:17 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/12/28 10:49:17 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2011/12/28 10:49:17 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/12/28 10:49:17 | 000,001,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/27 22:43:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/27 22:43:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/27 22:43:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/27 22:43:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/27 22:43:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/27 09:02:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/27 09:02:08 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/24 20:08:33 | 144,129,606 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/20 07:55:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 17:37:36 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/10 06:02:19 | 000,033,983 | -H-- | C] () -- C:\Users\jon\Documents\club rules.pdf
[2011/12/03 20:28:43 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Met Office Desktop Widget.lnk
[2011/12/03 20:28:43 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Met Office Desktop Widget.lnk
[2011/10/24 15:33:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/08/14 20:53:18 | 000,000,017 | -H-- | C] () -- C:\Users\jon\AppData\Local\resmon.resmoncfg
[2011/01/05 06:31:07 | 000,001,940 | ---- | C] () -- C:\Users\jon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/23 08:26:15 | 000,001,854 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\GhostObjGAFix.xml
[2010/02/13 21:39:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/13 21:39:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/13 21:39:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/13 21:39:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/13 21:39:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/13 21:39:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/13 21:39:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/13 21:39:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/13 21:39:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/13 21:39:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/13 21:39:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/13 21:39:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/13 21:39:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/13 21:39:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/13 21:39:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/13 21:39:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/02/13 21:39:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/13 21:28:25 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010/02/11 21:26:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/08 21:16:01 | 000,000,182 | -H-- | C] () -- C:\Users\jon\AppData\Roaming\wklnhst.dat
[2009/10/25 21:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/10/20 08:48:06 | 000,002,868 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/22 11:39:34 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/08/22 09:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat(522).dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE(9138).DAT
[2009/07/14 02:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap(2306).ini
[2009/07/14 02:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system(2358).ini
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec(8617).dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib(2234).bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang(9019).dat
[2009/05/29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/09/03 11:25:06 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ddcvt.exe

========== Custom Scans ==========

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 8:28 am


< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/11 15:15:35 | 000,000,221 | -HS- | M] () -- C:\Users\jon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/29 23:11:41 | 004,356,196 | R--- | M] (Swearware) -- C:\Users\jon\Desktop\Combofix.exe
[2011/12/31 07:42:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/01 06:35:26 | 001,923,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\jon\install_flash_player.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT(499).ecf
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/15 15:37:23 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/06/15 15:37:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/06/15 15:37:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/06/15 15:37:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/06/15 15:37:23 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/06/15 15:37:23 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/15 15:41:48 | 000,000,402 | -HS- | M] () -- C:\Users\jon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/08/13 16:25:57 | 000,002,868 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/04/15 16:52:14 | 000,000,021 | -H-- | M] () -- C:\ProgramData\hpqp.txt
[2011/08/13 16:25:51 | 000,000,177 | -H-- | M] () -- C:\ProgramData\HPWALog.txt
[2011/12/26 23:47:15 | 000,000,189 | ---- | M] () -- C:\ProgramData\REGSVR32.EXE-x.txt
[2009/10/20 08:50:02 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/22 11:28:57 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/10/20 08:49:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/22 11:24:29 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/10/20 08:48:38 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/10/20 08:49:45 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/22 11:22:56 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/22 11:28:25 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/10/20 08:50:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/12/30 00:42:36 | 000,017,846 | ---- | M] () -- C:\ComboFix.txt
[2011/12/31 07:34:20 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 07:34:21 | 1875,062,784 | -HS- | M] () -- C:\pagefile.sys
[2011/04/16 05:15:33 | 000,000,084 | ---- | M] () -- C:\SYNTPAD.LOG

< %PROGRAMFILES%\*. >
[2011/12/03 20:28:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/10/20 08:25:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2010/09/16 05:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2009/10/20 08:23:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/14 18:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/10/24 15:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chrome
[2010/07/02 10:48:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/12/29 23:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/10/20 08:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/09/25 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/11/06 13:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Docudesk
[2011/12/24 08:49:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Driving Test Success - All Tests 2011 Edition
[2010/09/22 18:26:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA SPORTS
[2010/02/13 21:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2011/12/30 00:48:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FoxTabFLVPlayer
[2011/12/30 16:21:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/09/15 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2011/10/28 17:23:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/12/27 08:57:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
[2011/09/15 18:36:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/19 07:37:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/12/27 10:42:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/12/20 07:55:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/11 09:58:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger Plus! Live
[2011/12/24 08:49:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Met Office Desktop Widget
[2011/10/16 15:52:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/12/28 10:49:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/12/24 08:49:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Forefront
[2011/12/28 10:48:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/08/22 10:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/10/30 19:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2011/12/27 09:02:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/13 22:00:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/10/20 08:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/12/15 08:49:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/30 19:46:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/12/18 14:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/25 22:29:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/10/20 08:51:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2010/04/20 05:59:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/12/18 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/10/20 08:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/12/24 08:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sky Broadband
[2011/09/10 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SopCast
[2011/04/19 17:18:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/10/09 21:03:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010/05/22 20:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veoh Networks
[2011/12/24 09:03:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/10/05 13:25:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/07/16 15:44:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/12/24 09:03:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/12/24 09:02:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/15 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/12/24 09:02:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2011/06/09 10:58:27 | 000,001,854 | -H-- | M] () -- C:\Users\jon\AppData\Roaming\GhostObjGAFix.xml
[2010/04/17 07:21:55 | 000,000,182 | -H-- | M] () -- C:\Users\jon\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/18 04:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 13:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 06:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 06:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 06:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 06:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 06:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 01:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 06:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 06:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 01:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 12:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 12:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 12:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 13:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 13:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 13:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 00:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS
[2011/03/11 04:21:50 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=36106AC439EDFBB7B8BDBF99079C7590 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS
[2011/03/11 04:29:51 | 000,091,136 | ---- | M] (Microsoft Corporation) MD5=3A6CB8C3B8904F01E73D10081B7D0EC7 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.20921_none_a541c506ca74a675\USBSTOR.SYS
[2010/11/20 10:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\USBSTOR.SYS
[2010/11/20 10:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS
[2011/03/11 04:31:17 | 000,091,136 | ---- | M] (Microsoft Corporation) MD5=F39983647BC1F3E6100778DDFE9DCE29 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16778_none_a48918bfb179469a\USBSTOR.SYS
[2011/03/11 04:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2011/03/11 04:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS
[2011/03/11 04:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 9:04 am

Hi Houndmom

Ran OTL 4 times, didn't get the Extras.txt on any run.

Have not had any redirection since yesterday but keep getting pop-ups from blinkx.com and twitter.com.

Regards Jonnieboy Jon

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Sat Dec 31, 2011 1:51 pm

Hi Houndmom

Left laptop alone for a couple of hours. Then started using it again and got redirected straight away.

Regards Jonnieboy Jon

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Mon Jan 02, 2012 7:40 pm

Please refrain from running any removal programs unless directed to do so by removal staff. Programs that are found on the internet can be misleading, we have approved malware free programs that we use here on GeekPolice.net and are trained to use them correctly, as was stated before we began.
Please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.


Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review



Please read carefully and follow these steps.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 8:17 pm

Hi Houndmom

Happy new year. Could not run TDSSkiller.

Regards Jon

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-02 19:45:12
-----------------------------
19:45:12.798 OS Version: Windows x64 6.1.7601 Service Pack 1
19:45:12.798 Number of processors: 1 586 0x602
19:45:12.798 ComputerName: JON-PC UserName: jon
19:45:14.162 Initialize success
19:45:51.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:45:51.035 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
19:45:51.059 Disk 0 MBR read successfully
19:45:51.062 Disk 0 MBR scan
19:45:51.064 Disk 0 unknown MBR code
19:45:51.067 Disk 0 MBR hidden
19:45:51.094 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:45:51.103 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224481 MB offset 409600
19:45:51.126 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13690 MB offset 460146688
19:45:51.136 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
19:45:51.146 Service scanning
19:45:53.088 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:45:55.118 Modules scanning
19:45:55.122 Disk 0 trace - called modules:
19:45:55.522 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80024e0334]<<
19:45:55.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024c5060]
19:45:55.552 3 CLASSPNP.SYS[fffff8800103c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800247d680]
19:45:55.564 \Driver\atapi[0xfffffa8001f46e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80024e0334
19:45:55.570 Scan finished successfully
19:46:20.704 Disk 0 MBR has been saved successfully to "C:\Users\jon\Desktop\MBR.dat"
19:46:20.918 The log file has been saved successfully to "C:\Users\jon\Desktop\aswMBR.txt"



jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 11:00 pm

:37.0086 4364 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:13:37.0646 4364 ============================================================
22:13:37.0646 4364 Current date / time: 2012/01/02 22:13:37.0646
22:13:37.0646 4364 SystemInfo:
22:13:37.0646 4364
22:13:37.0646 4364 OS Version: 6.1.7601 ServicePack: 1.0
22:13:37.0646 4364 Product type: Workstation
22:13:37.0646 4364 ComputerName: JON-PC
22:13:37.0646 4364 UserName: jon
22:13:37.0646 4364 Windows directory: C:\Windows
22:13:37.0646 4364 System windows directory: C:\Windows
22:13:37.0646 4364 Running under WOW64
22:13:37.0646 4364 Processor architecture: Intel x64
22:13:37.0646 4364 Number of processors: 1
22:13:37.0646 4364 Page size: 0x1000
22:13:37.0646 4364 Boot type: Normal boot
22:13:37.0646 4364 ============================================================
22:13:39.0706 4364 Initialize success
22:14:20.0083 2948 ============================================================
22:14:20.0083 2948 Scan started
22:14:20.0083 2948 Mode: Manual;
22:14:20.0083 2948 ============================================================
22:14:20.0493 2948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:14:20.0503 2948 1394ohci - ok
22:14:20.0673 2948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:14:20.0683 2948 ACPI - ok
22:14:20.0833 2948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:14:20.0833 2948 AcpiPmi - ok
22:14:21.0013 2948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:14:21.0023 2948 adp94xx - ok
22:14:21.0163 2948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:14:21.0173 2948 adpahci - ok
22:14:21.0323 2948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:14:21.0333 2948 adpu320 - ok
22:14:21.0543 2948 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:14:21.0563 2948 AFD - ok
22:14:21.0693 2948 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:14:21.0713 2948 AgereSoftModem - ok
22:14:21.0843 2948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:14:21.0843 2948 agp440 - ok
22:14:22.0013 2948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:14:22.0023 2948 aliide - ok
22:14:22.0183 2948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:14:22.0183 2948 amdide - ok
22:14:22.0313 2948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:14:22.0323 2948 AmdK8 - ok
22:14:22.0463 2948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:14:22.0463 2948 AmdPPM - ok
22:14:22.0623 2948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:14:22.0623 2948 amdsata - ok
22:14:22.0793 2948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:14:22.0793 2948 amdsbs - ok
22:14:22.0943 2948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:14:22.0943 2948 amdxata - ok
22:14:23.0073 2948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:14:23.0083 2948 AppID - ok
22:14:23.0273 2948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:14:23.0273 2948 arc - ok
22:14:23.0423 2948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:14:23.0433 2948 arcsas - ok
22:14:23.0583 2948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:14:23.0583 2948 AsyncMac - ok
22:14:23.0723 2948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:14:23.0723 2948 atapi - ok
22:14:23.0933 2948 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
22:14:24.0003 2948 athr - ok
22:14:24.0163 2948 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
22:14:24.0163 2948 AtiHdmiService - ok
22:14:24.0453 2948 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
22:14:24.0613 2948 atikmdag - ok
22:14:24.0743 2948 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:14:24.0743 2948 AtiPcie - ok
22:14:24.0933 2948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:14:24.0943 2948 b06bdrv - ok
22:14:25.0083 2948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:14:25.0093 2948 b57nd60a - ok
22:14:25.0243 2948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:14:25.0253 2948 Beep - ok
22:14:25.0433 2948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:14:25.0433 2948 blbdrive - ok
22:14:25.0633 2948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:14:25.0633 2948 bowser - ok
22:14:25.0743 2948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:14:25.0743 2948 BrFiltLo - ok
22:14:25.0863 2948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:14:25.0863 2948 BrFiltUp - ok
22:14:26.0003 2948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:14:26.0013 2948 Brserid - ok
22:14:26.0143 2948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:14:26.0143 2948 BrSerWdm - ok
22:14:26.0263 2948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:14:26.0263 2948 BrUsbMdm - ok
22:14:26.0373 2948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:14:26.0373 2948 BrUsbSer - ok
22:14:26.0493 2948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:14:26.0493 2948 BTHMODEM - ok
22:14:26.0683 2948 catchme - ok
22:14:26.0853 2948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:14:26.0863 2948 cdfs - ok
22:14:27.0013 2948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:14:27.0023 2948 cdrom - ok
22:14:27.0153 2948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:14:27.0153 2948 circlass - ok
22:14:27.0313 2948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:14:27.0343 2948 CLFS - ok
22:14:27.0543 2948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:14:27.0543 2948 CmBatt - ok
22:14:27.0693 2948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:14:27.0693 2948 cmdide - ok
22:14:27.0873 2948 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:14:27.0883 2948 CNG - ok
22:14:28.0023 2948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:14:28.0023 2948 Compbatt - ok
22:14:28.0193 2948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:14:28.0193 2948 CompositeBus - ok
22:14:28.0333 2948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:14:28.0343 2948 crcdisk - ok
22:14:28.0523 2948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:14:28.0533 2948 DfsC - ok
22:14:28.0693 2948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:14:28.0693 2948 discache - ok
22:14:28.0833 2948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:14:28.0833 2948 Disk - ok
22:14:28.0983 2948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:14:28.0983 2948 drmkaud - ok
22:14:29.0173 2948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:14:29.0193 2948 DXGKrnl - ok
22:14:29.0413 2948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:14:29.0513 2948 ebdrv - ok
22:14:29.0643 2948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:14:29.0653 2948 elxstor - ok
22:14:29.0823 2948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:14:29.0823 2948 ErrDev - ok
22:14:29.0983 2948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:14:29.0993 2948 exfat - ok
22:14:30.0183 2948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:14:30.0193 2948 fastfat - ok
22:14:30.0333 2948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:14:30.0333 2948 fdc - ok
22:14:30.0513 2948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:14:30.0513 2948 FileInfo - ok
22:14:30.0673 2948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:14:30.0683 2948 Filetrace - ok
22:14:30.0803 2948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:14:30.0803 2948 flpydisk - ok
22:14:30.0973 2948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:14:30.0973 2948 FltMgr - ok
22:14:31.0113 2948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:14:31.0113 2948 FsDepends - ok
22:14:31.0293 2948 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
22:14:31.0303 2948 fssfltr - ok
22:14:31.0483 2948 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:14:31.0483 2948 Fs_Rec - ok
22:14:31.0623 2948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:14:31.0633 2948 fvevol - ok
22:14:31.0753 2948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:14:31.0753 2948 gagp30kx - ok
22:14:31.0973 2948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:14:31.0973 2948 hcw85cir - ok
22:14:32.0103 2948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:14:32.0113 2948 HdAudAddService - ok
22:14:32.0283 2948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:14:32.0283 2948 HDAudBus - ok
22:14:32.0403 2948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:14:32.0403 2948 HidBatt - ok
22:14:32.0503 2948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:14:32.0513 2948 HidBth - ok
22:14:32.0663 2948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:14:32.0663 2948 HidIr - ok
22:14:32.0803 2948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:14:32.0803 2948 HidUsb - ok
22:14:33.0043 2948 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:14:33.0043 2948 HpqKbFiltr - ok
22:14:33.0233 2948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:14:33.0233 2948 HpSAMD - ok
22:14:33.0403 2948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:14:33.0423 2948 HTTP - ok
22:14:33.0563 2948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:14:33.0563 2948 hwpolicy - ok
22:14:33.0703 2948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:14:33.0713 2948 i8042prt - ok
22:14:33.0873 2948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:14:33.0883 2948 iaStorV - ok
22:14:34.0153 2948 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:14:34.0333 2948 igfx - ok
22:14:34.0433 2948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:14:34.0453 2948 iirsp - ok
22:14:34.0573 2948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:14:34.0583 2948 intelide - ok
22:14:34.0723 2948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:14:34.0723 2948 intelppm - ok
22:14:34.0853 2948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:14:34.0863 2948 IpFilterDriver - ok
22:14:35.0013 2948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:14:35.0013 2948 IPMIDRV - ok
22:14:35.0143 2948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:14:35.0153 2948 IPNAT - ok
22:14:35.0273 2948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:14:35.0283 2948 IRENUM - ok
22:14:35.0423 2948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:14:35.0433 2948 isapnp - ok
22:14:35.0573 2948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:14:35.0583 2948 iScsiPrt - ok
22:14:35.0743 2948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:14:35.0753 2948 kbdclass - ok
22:14:35.0883 2948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:14:35.0883 2948 kbdhid - ok
22:14:36.0043 2948 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:14:36.0053 2948 KSecDD - ok
22:14:36.0193 2948 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:14:36.0213 2948 KSecPkg - ok
22:14:36.0383 2948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:14:36.0383 2948 ksthunk - ok
22:14:36.0553 2948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:14:36.0563 2948 lltdio - ok
22:14:36.0733 2948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:14:36.0733 2948 LSI_FC - ok
22:14:36.0873 2948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:14:36.0873 2948 LSI_SAS - ok
22:14:37.0003 2948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:14:37.0013 2948 LSI_SAS2 - ok
22:14:37.0143 2948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:14:37.0143 2948 LSI_SCSI - ok
22:14:37.0283 2948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:14:37.0293 2948 luafv - ok
22:14:37.0413 2948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:14:37.0413 2948 megasas - ok
22:14:37.0553 2948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:14:37.0563 2948 MegaSR - ok
22:14:37.0703 2948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:14:37.0713 2948 Modem - ok
22:14:37.0893 2948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:14:37.0893 2948 monitor - ok
22:14:38.0053 2948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:14:38.0053 2948 mouclass - ok
22:14:38.0173 2948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:14:38.0173 2948 mouhid - ok
22:14:38.0293 2948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:14:38.0303 2948 mountmgr - ok
22:14:38.0443 2948 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:14:38.0453 2948 MpFilter - ok
22:14:38.0613 2948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:14:38.0613 2948 mpio - ok
22:14:38.0773 2948 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:14:38.0773 2948 MpNWMon - ok
22:14:38.0893 2948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:14:38.0903 2948 mpsdrv - ok
22:14:39.0073 2948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:14:39.0073 2948 MRxDAV - ok
22:14:39.0243 2948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:14:39.0253 2948 mrxsmb - ok
22:14:39.0403 2948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:14:39.0403 2948 mrxsmb10 - ok
22:14:39.0543 2948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:14:39.0543 2948 mrxsmb20 - ok
22:14:39.0663 2948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:14:39.0663 2948 msahci - ok
22:14:39.0843 2948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:14:39.0853 2948 msdsm - ok
22:14:40.0023 2948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:14:40.0023 2948 Msfs - ok
22:14:40.0143 2948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:14:40.0143 2948 mshidkmdf - ok
22:14:40.0293 2948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:14:40.0293 2948 msisadrv - ok
22:14:40.0443 2948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:14:40.0443 2948 MSKSSRV - ok
22:14:40.0613 2948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:14:40.0613 2948 MSPCLOCK - ok
22:14:40.0753 2948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:14:40.0753 2948 MSPQM - ok
22:14:40.0943 2948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:14:40.0953 2948 MsRPC - ok
22:14:41.0093 2948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:14:41.0093 2948 mssmbios - ok
22:14:41.0263 2948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:14:41.0263 2948 MSTEE - ok
22:14:41.0383 2948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:14:41.0393 2948 MTConfig - ok
22:14:41.0523 2948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:14:41.0523 2948 Mup - ok
22:14:41.0693 2948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:14:41.0703 2948 NativeWifiP - ok
22:14:41.0853 2948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:14:41.0873 2948 NDIS - ok
22:14:41.0973 2948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:14:41.0983 2948 NdisCap - ok
22:14:42.0123 2948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:14:42.0133 2948 NdisTapi - ok
22:14:42.0293 2948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:14:42.0303 2948 Ndisuio - ok
22:14:42.0433 2948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:14:42.0443 2948 NdisWan - ok
22:14:42.0593 2948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:14:42.0593 2948 NDProxy - ok
22:14:42.0783 2948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:14:42.0783 2948 NetBIOS - ok
22:14:42.0943 2948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:14:42.0953 2948 NetBT - ok
22:14:43.0223 2948 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:14:43.0393 2948 netw5v64 - ok
22:14:43.0543 2948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:14:43.0543 2948 nfrd960 - ok
22:14:43.0683 2948 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:14:43.0693 2948 NisDrv - ok
22:14:43.0843 2948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:14:43.0843 2948 Npfs - ok
22:14:44.0003 2948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:14:44.0003 2948 nsiproxy - ok
22:14:44.0183 2948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:14:44.0213 2948 Ntfs - ok
22:14:44.0333 2948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:14:44.0333 2948 Null - ok
22:14:44.0463 2948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:14:44.0463 2948 nvraid - ok
22:14:44.0593 2948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:14:44.0603 2948 nvstor - ok
22:14:44.0763 2948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:14:44.0763 2948 nv_agp - ok
22:14:44.0903 2948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:14:44.0903 2948 ohci1394 - ok
22:14:45.0053 2948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:14:45.0053 2948 Parport - ok
22:14:45.0163 2948 Partizan - ok
22:14:45.0313 2948 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:14:45.0323 2948 partmgr - ok
22:14:45.0483 2948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:14:45.0483 2948 pci - ok
22:14:45.0633 2948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:14:45.0643 2948 pciide - ok
22:14:45.0773 2948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:14:45.0773 2948 pcmcia - ok
22:14:45.0913 2948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:14:45.0913 2948 pcw - ok
22:14:46.0053 2948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:14:46.0063 2948 PEAUTH - ok
22:14:46.0253 2948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:14:46.0263 2948 PptpMiniport - ok
22:14:46.0383 2948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:14:46.0383 2948 Processor - ok
22:14:46.0543 2948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:14:46.0553 2948 Psched - ok

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 11:00 pm

22:14:46.0743 2948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:14:46.0763 2948 ql2300 - ok
22:14:46.0893 2948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:14:46.0903 2948 ql40xx - ok
22:14:47.0023 2948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:14:47.0043 2948 QWAVEdrv - ok
22:14:47.0173 2948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:14:47.0173 2948 RasAcd - ok
22:14:47.0303 2948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:14:47.0303 2948 RasAgileVpn - ok
22:14:47.0453 2948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:14:47.0463 2948 Rasl2tp - ok
22:14:47.0613 2948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:14:47.0623 2948 RasPppoe - ok
22:14:47.0753 2948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:14:47.0763 2948 RasSstp - ok
22:14:47.0913 2948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:14:47.0913 2948 rdbss - ok
22:14:48.0043 2948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:14:48.0043 2948 rdpbus - ok
22:14:48.0173 2948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:14:48.0183 2948 RDPCDD - ok
22:14:48.0313 2948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:14:48.0313 2948 RDPENCDD - ok
22:14:48.0413 2948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:14:48.0413 2948 RDPREFMP - ok
22:14:48.0573 2948 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:14:48.0573 2948 RDPWD - ok
22:14:48.0733 2948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:14:48.0743 2948 rdyboost - ok
22:14:48.0953 2948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:14:48.0953 2948 rspndr - ok
22:14:49.0123 2948 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
22:14:49.0123 2948 RSUSBSTOR - ok
22:14:49.0263 2948 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:14:49.0263 2948 RTL8167 - ok
22:14:49.0383 2948 RtsUIR - ok
22:14:49.0523 2948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:14:49.0543 2948 sbp2port - ok
22:14:49.0703 2948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:14:49.0703 2948 scfilter - ok
22:14:49.0853 2948 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:14:49.0853 2948 sdbus - ok
22:14:49.0963 2948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:14:49.0963 2948 secdrv - ok
22:14:50.0103 2948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:14:50.0103 2948 Serenum - ok
22:14:50.0213 2948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:14:50.0213 2948 Serial - ok
22:14:50.0343 2948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:14:50.0343 2948 sermouse - ok
22:14:50.0483 2948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:14:50.0483 2948 sffdisk - ok
22:14:50.0633 2948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:14:50.0633 2948 sffp_mmc - ok
22:14:50.0793 2948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:14:50.0793 2948 sffp_sd - ok
22:14:50.0933 2948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:14:50.0933 2948 sfloppy - ok
22:14:51.0123 2948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:14:51.0123 2948 SiSRaid2 - ok
22:14:51.0263 2948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:14:51.0263 2948 SiSRaid4 - ok
22:14:51.0433 2948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:14:51.0433 2948 Smb - ok
22:14:51.0583 2948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:14:51.0593 2948 spldr - ok
22:14:51.0763 2948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:14:51.0783 2948 srv - ok
22:14:51.0933 2948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:14:51.0943 2948 srv2 - ok
22:14:52.0083 2948 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:14:52.0083 2948 SrvHsfHDA - ok
22:14:52.0233 2948 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:14:52.0253 2948 SrvHsfV92 - ok
22:14:52.0383 2948 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:14:52.0403 2948 SrvHsfWinac - ok
22:14:52.0553 2948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:14:52.0553 2948 srvnet - ok
22:14:52.0743 2948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:14:52.0753 2948 stexstor - ok
22:14:52.0913 2948 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
22:14:52.0923 2948 STHDA - ok
22:14:53.0073 2948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:14:53.0073 2948 swenum - ok
22:14:53.0203 2948 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:14:53.0213 2948 SynTP - ok
22:14:53.0423 2948 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:14:53.0473 2948 Tcpip - ok
22:14:53.0633 2948 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:14:53.0643 2948 TCPIP6 - ok
22:14:53.0793 2948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:14:53.0803 2948 tcpipreg - ok
22:14:53.0943 2948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:14:53.0943 2948 TDPIPE - ok
22:14:54.0073 2948 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:14:54.0073 2948 TDTCP - ok
22:14:54.0223 2948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:14:54.0223 2948 tdx - ok
22:14:54.0373 2948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:14:54.0383 2948 TermDD - ok
22:14:54.0563 2948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:14:54.0563 2948 tssecsrv - ok
22:14:54.0743 2948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:14:54.0753 2948 TsUsbFlt - ok
22:14:54.0873 2948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:14:54.0883 2948 tunnel - ok
22:14:55.0003 2948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:14:55.0003 2948 uagp35 - ok
22:14:55.0163 2948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:14:55.0173 2948 udfs - ok
22:14:55.0313 2948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:14:55.0313 2948 uliagpkx - ok
22:14:55.0443 2948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:14:55.0443 2948 umbus - ok
22:14:55.0563 2948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:14:55.0573 2948 UmPass - ok
22:14:55.0703 2948 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
22:14:55.0743 2948 USBAAPL64 - ok
22:14:55.0883 2948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:14:55.0883 2948 usbccgp - ok
22:14:55.0993 2948 USBCCID - ok
22:14:56.0133 2948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:14:56.0133 2948 usbcir - ok
22:14:56.0293 2948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:14:56.0293 2948 usbehci - ok
22:14:56.0413 2948 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
22:14:56.0423 2948 usbfilter - ok
22:14:56.0573 2948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:14:56.0573 2948 usbhub - ok
22:14:56.0733 2948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:14:56.0743 2948 usbohci - ok
22:14:56.0843 2948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:14:56.0843 2948 usbprint - ok
22:14:57.0003 2948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:14:57.0003 2948 usbscan - ok
22:14:57.0133 2948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:14:57.0133 2948 USBSTOR - ok
22:14:57.0293 2948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:14:57.0293 2948 usbuhci - ok
22:14:57.0433 2948 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:14:57.0463 2948 usbvideo - ok
22:14:57.0633 2948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:14:57.0643 2948 vdrvroot - ok
22:14:57.0783 2948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:14:57.0783 2948 vga - ok
22:14:57.0903 2948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:14:57.0913 2948 VgaSave - ok
22:14:58.0053 2948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:14:58.0053 2948 vhdmp - ok
22:14:58.0183 2948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:14:58.0183 2948 viaide - ok
22:14:58.0313 2948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:14:58.0323 2948 volmgr - ok
22:14:58.0483 2948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:14:58.0493 2948 volmgrx - ok
22:14:58.0633 2948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:14:58.0643 2948 volsnap - ok
22:14:58.0783 2948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:14:58.0783 2948 vsmraid - ok
22:14:58.0943 2948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:14:58.0953 2948 vwifibus - ok
22:14:59.0103 2948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:14:59.0103 2948 vwififlt - ok
22:14:59.0223 2948 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:14:59.0233 2948 vwifimp - ok
22:14:59.0383 2948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:14:59.0383 2948 WacomPen - ok
22:14:59.0533 2948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:59.0533 2948 WANARP - ok
22:14:59.0553 2948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:59.0563 2948 Wanarpv6 - ok
22:14:59.0723 2948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:14:59.0723 2948 Wd - ok
22:14:59.0893 2948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:14:59.0903 2948 Wdf01000 - ok
22:15:00.0083 2948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:15:00.0093 2948 WfpLwf - ok
22:15:00.0203 2948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:15:00.0203 2948 WIMMount - ok
22:15:00.0383 2948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:15:00.0393 2948 WinUsb - ok
22:15:00.0553 2948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:15:00.0553 2948 WmiAcpi - ok
22:15:00.0733 2948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:15:00.0733 2948 ws2ifsl - ok
22:15:00.0893 2948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:15:00.0893 2948 WudfPf - ok
22:15:01.0033 2948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:15:01.0033 2948 WUDFRd - ok
22:15:01.0173 2948 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:15:01.0173 2948 yukonw7 - ok
22:15:01.0213 2948 MBR (0x1B8) (f927b6eeefbdcb14b37de3b678323e67) \Device\Harddisk0\DR0
22:15:01.0243 2948 \Device\Harddisk0\DR0 - ok
22:15:01.0253 2948 MBR (0x1B8) (17e1d13d492dda22073dd385f815ef98) \Device\Harddisk1\DR2
22:15:03.0523 2948 \Device\Harddisk1\DR2 - ok
22:15:03.0563 2948 Boot (0x1200) (953dfe94bc286f3c3707f9f30a741a06) \Device\Harddisk0\DR0\Partition0
22:15:03.0563 2948 \Device\Harddisk0\DR0\Partition0 - ok
22:15:03.0593 2948 Boot (0x1200) (0ba500a69cbcfc2249db0bbcfcf8f28d) \Device\Harddisk0\DR0\Partition1
22:15:03.0593 2948 \Device\Harddisk0\DR0\Partition1 - ok
22:15:03.0633 2948 Boot (0x1200) (5312f7ea800ac7aa4775b657fddade38) \Device\Harddisk0\DR0\Partition2
22:15:03.0633 2948 \Device\Harddisk0\DR0\Partition2 - ok
22:15:03.0653 2948 Boot (0x1200) (cdc4064a3d9b88c3b20dc1a426a72797) \Device\Harddisk0\DR0\Partition3
22:15:03.0653 2948 \Device\Harddisk0\DR0\Partition3 - ok
22:15:03.0663 2948 ============================================================
22:15:03.0663 2948 Scan finished
22:15:03.0663 2948 ============================================================
22:15:03.0673 2672 Detected object count: 0
22:15:03.0673 2672 Actual detected object count: 0
22:20:49.0953 4120 ============================================================
22:20:49.0953 4120 Scan started
22:20:49.0953 4120 Mode: Manual; SigCheck; TDLFS;
22:20:49.0953 4120 ============================================================
22:20:50.0693 4120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:20:51.0273 4120 1394ohci - ok
22:20:51.0393 4120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:20:51.0433 4120 ACPI - ok
22:20:51.0563 4120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:20:51.0663 4120 AcpiPmi - ok
22:20:51.0803 4120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:20:51.0843 4120 adp94xx - ok
22:20:51.0993 4120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:20:52.0023 4120 adpahci - ok
22:20:52.0123 4120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:20:52.0153 4120 adpu320 - ok
22:20:52.0313 4120 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:20:52.0383 4120 AFD - ok
22:20:52.0523 4120 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:20:52.0593 4120 AgereSoftModem - ok
22:20:52.0733 4120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:20:52.0773 4120 agp440 - ok
22:20:52.0913 4120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:20:52.0943 4120 aliide - ok
22:20:53.0063 4120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:20:53.0103 4120 amdide - ok
22:20:53.0223 4120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:20:53.0303 4120 AmdK8 - ok
22:20:53.0413 4120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:20:53.0483 4120 AmdPPM - ok
22:20:53.0603 4120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:20:53.0643 4120 amdsata - ok
22:20:53.0793 4120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:20:53.0823 4120 amdsbs - ok
22:20:53.0973 4120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:20:54.0023 4120 amdxata - ok
22:20:54.0143 4120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:20:54.0333 4120 AppID - ok
22:20:54.0453 4120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:20:54.0503 4120 arc - ok
22:20:54.0613 4120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:20:54.0653 4120 arcsas - ok
22:20:54.0763 4120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:54.0843 4120 AsyncMac - ok
22:20:54.0983 4120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:20:55.0023 4120 atapi - ok
22:20:55.0173 4120 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
22:20:55.0313 4120 athr - ok
22:20:55.0423 4120 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
22:20:55.0543 4120 AtiHdmiService - ok
22:20:55.0803 4120 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
22:20:55.0983 4120 atikmdag - ok
22:20:56.0083 4120 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:20:56.0123 4120 AtiPcie - ok
22:20:56.0243 4120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:20:56.0303 4120 b06bdrv - ok
22:20:56.0433 4120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:20:56.0513 4120 b57nd60a - ok
22:20:56.0633 4120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:20:56.0683 4120 Beep - ok
22:20:56.0803 4120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:20:56.0873 4120 blbdrive - ok
22:20:57.0003 4120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:20:57.0083 4120 bowser - ok
22:20:57.0183 4120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:20:57.0293 4120 BrFiltLo - ok
22:20:57.0403 4120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:20:57.0423 4120 BrFiltUp - ok
22:20:57.0553 4120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:20:57.0613 4120 Brserid - ok
22:20:57.0743 4120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:20:57.0803 4120 BrSerWdm - ok
22:20:57.0943 4120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:20:58.0013 4120 BrUsbMdm - ok
22:20:58.0113 4120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:20:58.0153 4120 BrUsbSer - ok
22:20:58.0263 4120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:20:58.0313 4120 BTHMODEM - ok
22:20:58.0463 4120 catchme - ok
22:20:58.0603 4120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:20:58.0703 4120 cdfs - ok
22:20:59.0003 4120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:20:59.0133 4120 cdrom - ok
22:20:59.0263 4120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:20:59.0313 4120 circlass - ok
22:20:59.0423 4120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:20:59.0463 4120 CLFS - ok
22:20:59.0593 4120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:20:59.0623 4120 CmBatt - ok
22:20:59.0763 4120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:20:59.0813 4120 cmdide - ok
22:20:59.0973 4120 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:21:00.0053 4120 CNG - ok
22:21:00.0183 4120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:00.0233 4120 Compbatt - ok
22:21:00.0353 4120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:21:00.0393 4120 CompositeBus - ok
22:21:00.0523 4120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:00.0563 4120 crcdisk - ok
22:21:00.0733 4120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:21:00.0803 4120 DfsC - ok
22:21:00.0953 4120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:21:01.0043 4120 discache - ok
22:21:01.0153 4120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:21:01.0173 4120 Disk - ok
22:21:01.0283 4120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:21:01.0353 4120 drmkaud - ok
22:21:01.0503 4120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:01.0553 4120 DXGKrnl - ok
22:21:01.0763 4120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:21:01.0883 4120 ebdrv - ok
22:21:02.0023 4120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:21:02.0053 4120 elxstor - ok
22:21:02.0183 4120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:21:02.0243 4120 ErrDev - ok
22:21:02.0383 4120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:21:02.0463 4120 exfat - ok
22:21:02.0593 4120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:21:02.0673 4120 fastfat - ok
22:21:02.0793 4120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:21:02.0873 4120 fdc - ok
22:21:03.0023 4120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:21:03.0063 4120 FileInfo - ok
22:21:03.0163 4120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:21:03.0243 4120 Filetrace - ok
22:21:03.0353 4120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:03.0383 4120 flpydisk - ok
22:21:03.0513 4120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:21:03.0543 4120 FltMgr - ok

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 11:01 pm

22:21:03.0663 4120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:21:03.0733 4120 FsDepends - ok
22:21:03.0833 4120 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
22:21:03.0863 4120 fssfltr - ok
22:21:03.0963 4120 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:03.0993 4120 Fs_Rec - ok
22:21:04.0123 4120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:21:04.0163 4120 fvevol - ok
22:21:04.0253 4120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:04.0293 4120 gagp30kx - ok
22:21:04.0413 4120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:21:04.0463 4120 hcw85cir - ok
22:21:04.0593 4120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:21:04.0653 4120 HdAudAddService - ok
22:21:04.0793 4120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:21:04.0853 4120 HDAudBus - ok
22:21:04.0973 4120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:05.0033 4120 HidBatt - ok
22:21:05.0133 4120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:21:05.0183 4120 HidBth - ok
22:21:05.0293 4120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:21:05.0343 4120 HidIr - ok
22:21:05.0473 4120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:21:05.0543 4120 HidUsb - ok
22:21:05.0683 4120 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:21:05.0783 4120 HpqKbFiltr - ok
22:21:05.0913 4120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:21:05.0943 4120 HpSAMD - ok
22:21:06.0103 4120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:21:06.0203 4120 HTTP - ok
22:21:06.0323 4120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:21:06.0353 4120 hwpolicy - ok
22:21:06.0483 4120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:21:06.0513 4120 i8042prt - ok
22:21:06.0643 4120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:21:06.0693 4120 iaStorV - ok
22:21:06.0993 4120 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:07.0333 4120 igfx - ok
22:21:07.0453 4120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:21:07.0473 4120 iirsp - ok
22:21:07.0603 4120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:21:07.0643 4120 intelide - ok
22:21:07.0753 4120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:07.0793 4120 intelppm - ok
22:21:07.0913 4120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:07.0983 4120 IpFilterDriver - ok
22:21:08.0123 4120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:21:08.0183 4120 IPMIDRV - ok
22:21:08.0303 4120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:21:08.0373 4120 IPNAT - ok
22:21:08.0503 4120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:21:08.0573 4120 IRENUM - ok
22:21:08.0703 4120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:21:08.0733 4120 isapnp - ok
22:21:08.0863 4120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:21:08.0903 4120 iScsiPrt - ok
22:21:09.0033 4120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:21:09.0063 4120 kbdclass - ok
22:21:09.0403 4120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:21:09.0473 4120 kbdhid - ok
22:21:09.0613 4120 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:21:09.0653 4120 KSecDD - ok
22:21:09.0783 4120 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:21:09.0813 4120 KSecPkg - ok
22:21:09.0933 4120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:21:10.0013 4120 ksthunk - ok
22:21:10.0173 4120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:10.0273 4120 lltdio - ok
22:21:10.0393 4120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:10.0413 4120 LSI_FC - ok
22:21:10.0533 4120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:10.0563 4120 LSI_SAS - ok
22:21:10.0683 4120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:10.0713 4120 LSI_SAS2 - ok
22:21:10.0813 4120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:10.0853 4120 LSI_SCSI - ok
22:21:10.0963 4120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:21:11.0043 4120 luafv - ok
22:21:11.0173 4120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:21:11.0213 4120 megasas - ok
22:21:11.0333 4120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:11.0373 4120 MegaSR - ok
22:21:11.0503 4120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:21:11.0573 4120 Modem - ok
22:21:11.0673 4120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:21:11.0733 4120 monitor - ok
22:21:11.0883 4120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:21:11.0913 4120 mouclass - ok
22:21:12.0023 4120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:12.0083 4120 mouhid - ok
22:21:12.0203 4120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:21:12.0243 4120 mountmgr - ok
22:21:12.0363 4120 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:21:12.0403 4120 MpFilter - ok
22:21:12.0533 4120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:21:12.0573 4120 mpio - ok
22:21:12.0693 4120 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:21:12.0723 4120 MpNWMon - ok
22:21:12.0833 4120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:21:12.0953 4120 mpsdrv - ok
22:21:13.0083 4120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:21:13.0163 4120 MRxDAV - ok
22:21:13.0303 4120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:13.0373 4120 mrxsmb - ok
22:21:13.0493 4120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:13.0543 4120 mrxsmb10 - ok
22:21:13.0673 4120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:13.0743 4120 mrxsmb20 - ok
22:21:13.0853 4120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:21:13.0893 4120 msahci - ok
22:21:14.0043 4120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:21:14.0073 4120 msdsm - ok
22:21:14.0193 4120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:21:14.0253 4120 Msfs - ok
22:21:14.0403 4120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:21:14.0513 4120 mshidkmdf - ok
22:21:14.0633 4120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:21:14.0663 4120 msisadrv - ok
22:21:14.0793 4120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:14.0873 4120 MSKSSRV - ok
22:21:14.0983 4120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:15.0063 4120 MSPCLOCK - ok
22:21:15.0183 4120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:21:15.0273 4120 MSPQM - ok
22:21:15.0393 4120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:21:15.0433 4120 MsRPC - ok
22:21:15.0543 4120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:21:15.0563 4120 mssmbios - ok
22:21:15.0673 4120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:21:15.0773 4120 MSTEE - ok
22:21:15.0883 4120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:15.0953 4120 MTConfig - ok
22:21:16.0063 4120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:21:16.0103 4120 Mup - ok
22:21:16.0233 4120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:16.0293 4120 NativeWifiP - ok
22:21:16.0453 4120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:21:16.0503 4120 NDIS - ok
22:21:16.0603 4120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:16.0673 4120 NdisCap - ok
22:21:16.0793 4120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:16.0883 4120 NdisTapi - ok
22:21:17.0003 4120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:17.0063 4120 Ndisuio - ok
22:21:17.0183 4120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:17.0273 4120 NdisWan - ok
22:21:17.0393 4120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:21:17.0483 4120 NDProxy - ok
22:21:17.0603 4120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:21:17.0683 4120 NetBIOS - ok
22:21:17.0833 4120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:21:17.0923 4120 NetBT - ok
22:21:18.0203 4120 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:21:18.0423 4120 netw5v64 - ok
22:21:18.0553 4120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:18.0573 4120 nfrd960 - ok
22:21:18.0673 4120 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:21:18.0693 4120 NisDrv - ok
22:21:18.0813 4120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:21:18.0913 4120 Npfs - ok
22:21:19.0033 4120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:21:19.0093 4120 nsiproxy - ok
22:21:19.0243 4120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:21:19.0303 4120 Ntfs - ok
22:21:19.0673 4120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:21:19.0753 4120 Null - ok
22:21:19.0873 4120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:21:19.0923 4120 nvraid - ok
22:21:20.0043 4120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:21:20.0093 4120 nvstor - ok
22:21:20.0213 4120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:21:20.0253 4120 nv_agp - ok
22:21:20.0383 4120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:21:20.0433 4120 ohci1394 - ok
22:21:20.0563 4120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:21:20.0613 4120 Parport - ok
22:21:20.0693 4120 Partizan - ok
22:21:20.0753 4120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:21:20.0783 4120 partmgr - ok
22:21:20.0913 4120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:21:20.0943 4120 pci - ok
22:21:21.0083 4120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:21:21.0113 4120 pciide - ok
22:21:21.0233 4120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:21.0283 4120 pcmcia - ok
22:21:21.0393 4120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:21:21.0423 4120 pcw - ok
22:21:21.0573 4120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:21:21.0663 4120 PEAUTH - ok
22:21:21.0843 4120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:21.0923 4120 PptpMiniport - ok
22:21:22.0033 4120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:21:22.0083 4120 Processor - ok
22:21:22.0233 4120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:21:22.0293 4120 Psched - ok
22:21:22.0453 4120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:21:22.0513 4120 ql2300 - ok
22:21:22.0613 4120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:22.0653 4120 ql40xx - ok
22:21:22.0783 4120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:21:22.0863 4120 QWAVEdrv - ok
22:21:22.0993 4120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:23.0093 4120 RasAcd - ok
22:21:23.0183 4120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:23.0253 4120 RasAgileVpn - ok
22:21:23.0373 4120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:23.0453 4120 Rasl2tp - ok
22:21:23.0573 4120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:23.0633 4120 RasPppoe - ok
22:21:23.0743 4120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:23.0843 4120 RasSstp - ok
22:21:23.0973 4120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:24.0043 4120 rdbss - ok
22:21:24.0153 4120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:24.0233 4120 rdpbus - ok
22:21:24.0313 4120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:24.0393 4120 RDPCDD - ok
22:21:24.0513 4120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:21:24.0593 4120 RDPENCDD - ok
22:21:25.0053 4120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:21:25.0113 4120 RDPREFMP - ok
22:21:25.0233 4120 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:21:25.0313 4120 RDPWD - ok
22:21:25.0433 4120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:21:25.0473 4120 rdyboost - ok
22:21:25.0613 4120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:25.0683 4120 rspndr - ok
22:21:25.0823 4120 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
22:21:25.0863 4120 RSUSBSTOR - ok
22:21:25.0993 4120 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:26.0063 4120 RTL8167 - ok
22:21:26.0143 4120 RtsUIR - ok
22:21:26.0203 4120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:21:26.0223 4120 sbp2port - ok
22:21:26.0343 4120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:21:26.0413 4120 scfilter - ok
22:21:26.0553 4120 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:21:26.0613 4120 sdbus - ok
22:21:26.0743 4120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:21:26.0833 4120 secdrv - ok
22:21:26.0973 4120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:21:27.0023 4120 Serenum - ok
22:21:27.0143 4120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:21:27.0183 4120 Serial - ok
22:21:27.0313 4120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:21:27.0373 4120 sermouse - ok
22:21:27.0523 4120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:21:27.0573 4120 sffdisk - ok
22:21:27.0703 4120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:27.0773 4120 sffp_mmc - ok
22:21:27.0893 4120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:21:27.0943 4120 sffp_sd - ok
22:21:28.0063 4120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:28.0133 4120 sfloppy - ok

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 11:02 pm

22:21:28.0263 4120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:28.0313 4120 SiSRaid2 - ok
22:21:28.0413 4120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:28.0433 4120 SiSRaid4 - ok
22:21:28.0573 4120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:21:28.0683 4120 Smb - ok
22:21:28.0793 4120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:21:28.0833 4120 spldr - ok
22:21:28.0973 4120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:21:29.0073 4120 srv - ok
22:21:29.0233 4120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:21:29.0303 4120 srv2 - ok
22:21:29.0423 4120 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:21:29.0463 4120 SrvHsfHDA - ok
22:21:29.0613 4120 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:21:29.0683 4120 SrvHsfV92 - ok
22:21:29.0813 4120 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:21:29.0863 4120 SrvHsfWinac - ok
22:21:29.0993 4120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:30.0063 4120 srvnet - ok
22:21:30.0183 4120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:21:30.0213 4120 stexstor - ok
22:21:30.0333 4120 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
22:21:30.0383 4120 STHDA - ok
22:21:30.0523 4120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:21:30.0563 4120 swenum - ok
22:21:30.0683 4120 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:21:30.0703 4120 SynTP - ok
22:21:30.0903 4120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:21:30.0973 4120 Tcpip - ok
22:21:31.0143 4120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:31.0213 4120 TCPIP6 - ok
22:21:31.0343 4120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:21:31.0423 4120 tcpipreg - ok
22:21:31.0543 4120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:21:31.0613 4120 TDPIPE - ok
22:21:31.0783 4120 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:21:31.0853 4120 TDTCP - ok
22:21:31.0983 4120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:21:32.0033 4120 tdx - ok
22:21:32.0173 4120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:21:32.0213 4120 TermDD - ok
22:21:32.0363 4120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:32.0453 4120 tssecsrv - ok
22:21:32.0573 4120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:21:32.0663 4120 TsUsbFlt - ok
22:21:32.0783 4120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:32.0843 4120 tunnel - ok
22:21:32.0943 4120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:21:32.0993 4120 uagp35 - ok
22:21:33.0163 4120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:21:33.0243 4120 udfs - ok
22:21:33.0383 4120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:21:33.0413 4120 uliagpkx - ok
22:21:33.0543 4120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:21:33.0613 4120 umbus - ok
22:21:33.0743 4120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:21:33.0773 4120 UmPass - ok
22:21:33.0883 4120 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
22:21:33.0903 4120 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:21:33.0903 4120 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:21:34.0023 4120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:34.0053 4120 usbccgp - ok
22:21:34.0143 4120 USBCCID - ok
22:21:34.0283 4120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:21:34.0353 4120 usbcir - ok
22:21:34.0483 4120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:34.0523 4120 usbehci - ok
22:21:34.0623 4120 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
22:21:34.0653 4120 usbfilter - ok
22:21:34.0793 4120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:34.0843 4120 usbhub - ok
22:21:34.0993 4120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:21:35.0033 4120 usbohci - ok
22:21:35.0163 4120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:35.0223 4120 usbprint - ok
22:21:35.0353 4120 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:21:35.0423 4120 usbscan - ok
22:21:35.0523 4120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:35.0603 4120 USBSTOR - ok
22:21:35.0723 4120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:21:35.0773 4120 usbuhci - ok
22:21:35.0893 4120 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:21:35.0923 4120 usbvideo - ok
22:21:36.0053 4120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:21:36.0093 4120 vdrvroot - ok
22:21:36.0193 4120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:36.0223 4120 vga - ok
22:21:36.0343 4120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:21:36.0433 4120 VgaSave - ok
22:21:36.0583 4120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:21:36.0633 4120 vhdmp - ok
22:21:36.0763 4120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:21:36.0803 4120 viaide - ok
22:21:36.0933 4120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:21:36.0983 4120 volmgr - ok
22:21:37.0123 4120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:21:37.0173 4120 volmgrx - ok
22:21:37.0283 4120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:21:37.0323 4120 volsnap - ok
22:21:37.0433 4120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:21:37.0473 4120 vsmraid - ok
22:21:37.0643 4120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:37.0703 4120 vwifibus - ok
22:21:37.0843 4120 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:37.0913 4120 vwififlt - ok
22:21:38.0033 4120 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:21:38.0073 4120 vwifimp - ok
22:21:38.0213 4120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:21:38.0263 4120 WacomPen - ok
22:21:38.0403 4120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:38.0483 4120 WANARP - ok
22:21:38.0493 4120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:38.0553 4120 Wanarpv6 - ok
22:21:38.0693 4120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:21:38.0733 4120 Wd - ok
22:21:38.0863 4120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:21:38.0923 4120 Wdf01000 - ok
22:21:39.0053 4120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:39.0113 4120 WfpLwf - ok
22:21:39.0223 4120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:21:39.0263 4120 WIMMount - ok
22:21:39.0443 4120 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:39.0513 4120 WinUsb - ok
22:21:39.0643 4120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:21:39.0763 4120 WmiAcpi - ok
22:21:39.0893 4120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:39.0953 4120 ws2ifsl - ok
22:21:40.0103 4120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:21:40.0163 4120 WudfPf - ok
22:21:40.0293 4120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:40.0363 4120 WUDFRd - ok
22:21:40.0523 4120 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:21:40.0573 4120 yukonw7 - ok
22:21:40.0613 4120 MBR (0x1B8) (f927b6eeefbdcb14b37de3b678323e67) \Device\Harddisk0\DR0
22:21:41.0433 4120 \Device\Harddisk0\DR0 - ok
22:21:41.0453 4120 MBR (0x1B8) (17e1d13d492dda22073dd385f815ef98) \Device\Harddisk1\DR2
22:22:44.0784 4120 \Device\Harddisk1\DR2 - ok
22:22:44.0834 4120 Boot (0x1200) (953dfe94bc286f3c3707f9f30a741a06) \Device\Harddisk0\DR0\Partition0
22:22:44.0834 4120 \Device\Harddisk0\DR0\Partition0 - ok
22:22:44.0854 4120 Boot (0x1200) (0ba500a69cbcfc2249db0bbcfcf8f28d) \Device\Harddisk0\DR0\Partition1
22:22:44.0854 4120 \Device\Harddisk0\DR0\Partition1 - ok
22:22:44.0884 4120 Boot (0x1200) (5312f7ea800ac7aa4775b657fddade38) \Device\Harddisk0\DR0\Partition2
22:22:44.0884 4120 \Device\Harddisk0\DR0\Partition2 - ok
22:22:44.0904 4120 Boot (0x1200) (cdc4064a3d9b88c3b20dc1a426a72797) \Device\Harddisk0\DR0\Partition3
22:22:44.0914 4120 \Device\Harddisk0\DR0\Partition3 - ok
22:22:44.0914 4120 ============================================================
22:22:44.0914 4120 Scan finished
22:22:44.0914 4120 ============================================================
22:22:44.0924 3972 Detected object count: 1
22:22:44.0924 3972 Actual detected object count: 1
22:23:23.0524 3972 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:23.0524 3972 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:49.0524 4924 ============================================================
22:26:49.0524 4924 Scan started
22:26:49.0524 4924 Mode: Manual; SigCheck; TDLFS;
22:26:49.0524 4924 ============================================================
22:26:49.0844 4924 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:26:49.0904 4924 1394ohci - ok
22:26:50.0044 4924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:26:50.0074 4924 ACPI - ok
22:26:50.0204 4924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:26:50.0224 4924 AcpiPmi - ok
22:26:50.0364 4924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:26:50.0404 4924 adp94xx - ok
22:26:50.0544 4924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:26:50.0574 4924 adpahci - ok
22:26:50.0674 4924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:26:50.0704 4924 adpu320 - ok
22:26:50.0864 4924 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:26:50.0914 4924 AFD - ok
22:26:51.0054 4924 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:26:51.0094 4924 AgereSoftModem - ok
22:26:51.0224 4924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:26:51.0264 4924 agp440 - ok
22:26:51.0394 4924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:26:51.0434 4924 aliide - ok
22:26:51.0544 4924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:26:51.0574 4924 amdide - ok
22:26:51.0694 4924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:26:51.0724 4924 AmdK8 - ok
22:26:51.0844 4924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:26:51.0874 4924 AmdPPM - ok
22:26:51.0994 4924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:26:52.0024 4924 amdsata - ok
22:26:52.0124 4924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:26:52.0174 4924 amdsbs - ok
22:26:52.0294 4924 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:26:52.0324 4924 amdxata - ok
22:26:52.0434 4924 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:26:52.0494 4924 AppID - ok
22:26:52.0614 4924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:26:52.0634 4924 arc - ok
22:26:52.0764 4924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:26:52.0804 4924 arcsas - ok
22:26:52.0954 4924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:26:53.0004 4924 AsyncMac - ok
22:26:53.0134 4924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:26:53.0184 4924 atapi - ok
22:26:53.0324 4924 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
22:26:53.0364 4924 athr - ok
22:26:53.0464 4924 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
22:26:53.0494 4924 AtiHdmiService - ok
22:26:53.0764 4924 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
22:26:53.0874 4924 atikmdag - ok
22:26:53.0974 4924 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:26:54.0004 4924 AtiPcie - ok
22:26:54.0144 4924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:26:54.0204 4924 b06bdrv - ok
22:26:54.0324 4924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:26:54.0364 4924 b57nd60a - ok
22:26:54.0494 4924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:26:54.0554 4924 Beep - ok
22:26:54.0674 4924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:26:54.0724 4924 blbdrive - ok
22:26:54.0834 4924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:26:54.0864 4924 bowser - ok
22:26:54.0974 4924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:26:55.0014 4924 BrFiltLo - ok
22:26:55.0124 4924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:26:55.0164 4924 BrFiltUp - ok
22:26:55.0284 4924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:26:55.0324 4924 Brserid - ok
22:26:55.0444 4924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:26:55.0474 4924 BrSerWdm - ok
22:26:55.0574 4924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:26:55.0604 4924 BrUsbMdm - ok
22:26:55.0714 4924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:26:55.0744 4924 BrUsbSer - ok
22:26:55.0874 4924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:26:55.0924 4924 BTHMODEM - ok
22:26:56.0064 4924 catchme - ok
22:26:56.0194 4924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:26:56.0254 4924 cdfs - ok
22:26:56.0374 4924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:26:56.0404 4924 cdrom - ok
22:26:56.0524 4924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:26:56.0554 4924 circlass - ok
22:26:56.0704 4924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:26:56.0734 4924 CLFS - ok
22:26:56.0854 4924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:26:56.0884 4924 CmBatt - ok
22:26:57.0024 4924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:26:57.0064 4924 cmdide - ok
22:26:57.0194 4924 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:26:57.0254 4924 CNG - ok
22:26:57.0394 4924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:26:57.0414 4924 Compbatt - ok
22:26:57.0534 4924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:26:57.0574 4924 CompositeBus - ok
22:26:57.0684 4924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:26:57.0714 4924 crcdisk - ok
22:26:57.0864 4924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:26:57.0924 4924 DfsC - ok
22:26:58.0034 4924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:26:58.0114 4924 discache - ok
22:26:58.0214 4924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:26:58.0254 4924 Disk - ok
22:26:58.0394 4924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:26:58.0414 4924 drmkaud - ok
22:26:58.0554 4924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:26:58.0614 4924 DXGKrnl - ok
22:26:58.0824 4924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:26:58.0944 4924 ebdrv - ok
22:26:59.0064 4924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:26:59.0114 4924 elxstor - ok
22:26:59.0234 4924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:26:59.0274 4924 ErrDev - ok
22:26:59.0414 4924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:26:59.0484 4924 exfat - ok
22:26:59.0624 4924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:26:59.0684 4924 fastfat - ok
22:26:59.0804 4924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:26:59.0824 4924 fdc - ok
22:26:59.0944 4924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:26:59.0974 4924 FileInfo - ok
22:27:00.0084 4924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:27:00.0154 4924 Filetrace - ok
22:27:00.0244 4924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:00.0274 4924 flpydisk - ok

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Mon Jan 02, 2012 11:03 pm

22:27:00.0414 4924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:27:00.0454 4924 FltMgr - ok
22:27:00.0574 4924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:27:00.0604 4924 FsDepends - ok
22:27:00.0724 4924 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
22:27:00.0774 4924 fssfltr - ok
22:27:00.0874 4924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:27:00.0904 4924 Fs_Rec - ok
22:27:01.0044 4924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:27:01.0084 4924 fvevol - ok
22:27:01.0194 4924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:27:01.0234 4924 gagp30kx - ok
22:27:01.0354 4924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:27:01.0384 4924 hcw85cir - ok
22:27:01.0524 4924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:27:01.0564 4924 HdAudAddService - ok
22:27:01.0724 4924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:27:01.0774 4924 HDAudBus - ok
22:27:01.0854 4924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:27:01.0894 4924 HidBatt - ok
22:27:02.0004 4924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:27:02.0044 4924 HidBth - ok
22:27:02.0164 4924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:27:02.0204 4924 HidIr - ok
22:27:02.0344 4924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:27:02.0374 4924 HidUsb - ok
22:27:02.0504 4924 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:27:02.0544 4924 HpqKbFiltr - ok
22:27:02.0674 4924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:27:02.0694 4924 HpSAMD - ok
22:27:02.0844 4924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:27:02.0924 4924 HTTP - ok
22:27:03.0054 4924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:27:03.0084 4924 hwpolicy - ok
22:27:03.0214 4924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:27:03.0264 4924 i8042prt - ok
22:27:03.0394 4924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:27:03.0434 4924 iaStorV - ok
22:27:03.0704 4924 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:27:04.0024 4924 igfx - ok
22:27:04.0154 4924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:27:04.0174 4924 iirsp - ok
22:27:04.0304 4924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:27:04.0344 4924 intelide - ok
22:27:04.0464 4924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:27:04.0504 4924 intelppm - ok
22:27:04.0614 4924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:04.0674 4924 IpFilterDriver - ok
22:27:04.0794 4924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:27:04.0834 4924 IPMIDRV - ok
22:27:04.0954 4924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:27:05.0014 4924 IPNAT - ok
22:27:05.0114 4924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:27:05.0164 4924 IRENUM - ok
22:27:05.0284 4924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:27:05.0324 4924 isapnp - ok
22:27:05.0464 4924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:27:05.0514 4924 iScsiPrt - ok
22:27:05.0644 4924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:27:05.0674 4924 kbdclass - ok
22:27:05.0784 4924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:27:05.0824 4924 kbdhid - ok
22:27:05.0964 4924 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:27:05.0984 4924 KSecDD - ok
22:27:06.0124 4924 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:27:06.0174 4924 KSecPkg - ok
22:27:06.0284 4924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:27:06.0334 4924 ksthunk - ok
22:27:06.0474 4924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:27:06.0534 4924 lltdio - ok
22:27:06.0694 4924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:27:06.0724 4924 LSI_FC - ok
22:27:06.0844 4924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:27:06.0874 4924 LSI_SAS - ok
22:27:06.0974 4924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:27:07.0014 4924 LSI_SAS2 - ok
22:27:07.0124 4924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:27:07.0164 4924 LSI_SCSI - ok
22:27:07.0284 4924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:27:07.0354 4924 luafv - ok
22:27:07.0474 4924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:27:07.0504 4924 megasas - ok
22:27:07.0614 4924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:27:07.0654 4924 MegaSR - ok
22:27:07.0784 4924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:27:07.0854 4924 Modem - ok
22:27:07.0964 4924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:27:07.0994 4924 monitor - ok
22:27:08.0134 4924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:27:08.0164 4924 mouclass - ok
22:27:08.0264 4924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:27:08.0314 4924 mouhid - ok
22:27:08.0434 4924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:27:08.0464 4924 mountmgr - ok
22:27:08.0574 4924 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:27:08.0614 4924 MpFilter - ok
22:27:08.0754 4924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:27:08.0794 4924 mpio - ok
22:27:08.0904 4924 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:27:08.0944 4924 MpNWMon - ok
22:27:09.0054 4924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:27:09.0114 4924 mpsdrv - ok
22:27:09.0254 4924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:27:09.0304 4924 MRxDAV - ok
22:27:09.0444 4924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:09.0494 4924 mrxsmb - ok
22:27:09.0604 4924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:09.0634 4924 mrxsmb10 - ok
22:27:09.0744 4924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:09.0784 4924 mrxsmb20 - ok
22:27:09.0884 4924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:27:09.0924 4924 msahci - ok
22:27:10.0084 4924 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:27:10.0114 4924 msdsm - ok
22:27:10.0234 4924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:27:10.0294 4924 Msfs - ok
22:27:10.0404 4924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:27:10.0464 4924 mshidkmdf - ok
22:27:10.0584 4924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:27:10.0624 4924 msisadrv - ok
22:27:10.0744 4924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:27:10.0794 4924 MSKSSRV - ok
22:27:10.0904 4924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:10.0944 4924 MSPCLOCK - ok
22:27:11.0044 4924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:27:11.0094 4924 MSPQM - ok
22:27:11.0224 4924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:27:11.0264 4924 MsRPC - ok
22:27:11.0394 4924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:27:11.0434 4924 mssmbios - ok
22:27:11.0534 4924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:27:11.0594 4924 MSTEE - ok
22:27:11.0714 4924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:11.0744 4924 MTConfig - ok
22:27:11.0864 4924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:27:11.0904 4924 Mup - ok
22:27:12.0034 4924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:27:12.0074 4924 NativeWifiP - ok
22:27:12.0234 4924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:27:12.0274 4924 NDIS - ok
22:27:12.0384 4924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:12.0424 4924 NdisCap - ok
22:27:12.0534 4924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:12.0594 4924 NdisTapi - ok
22:27:12.0724 4924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:12.0784 4924 Ndisuio - ok
22:27:12.0914 4924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:12.0994 4924 NdisWan - ok
22:27:13.0124 4924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:27:13.0194 4924 NDProxy - ok
22:27:13.0304 4924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:27:13.0374 4924 NetBIOS - ok
22:27:13.0504 4924 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:27:13.0554 4924 NetBT - ok
22:27:13.0834 4924 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:27:14.0024 4924 netw5v64 - ok
22:27:14.0134 4924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:27:14.0164 4924 nfrd960 - ok
22:27:14.0254 4924 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:27:14.0284 4924 NisDrv - ok
22:27:14.0414 4924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:27:14.0484 4924 Npfs - ok
22:27:14.0604 4924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:27:14.0664 4924 nsiproxy - ok
22:27:14.0814 4924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:27:14.0864 4924 Ntfs - ok
22:27:15.0054 4924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:27:15.0114 4924 Null - ok
22:27:15.0244 4924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:27:15.0284 4924 nvraid - ok
22:27:15.0404 4924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:27:15.0444 4924 nvstor - ok
22:27:15.0564 4924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:27:15.0604 4924 nv_agp - ok
22:27:15.0734 4924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:27:15.0784 4924 ohci1394 - ok
22:27:15.0914 4924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:27:15.0964 4924 Parport - ok
22:27:16.0054 4924 Partizan - ok
22:27:16.0184 4924 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:27:16.0224 4924 partmgr - ok
22:27:16.0384 4924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:27:16.0434 4924 pci - ok
22:27:16.0564 4924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:27:16.0574 4924 pciide - ok
22:27:16.0684 4924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:16.0734 4924 pcmcia - ok
22:27:16.0844 4924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:27:16.0884 4924 pcw - ok
22:27:17.0014 4924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:27:17.0084 4924 PEAUTH - ok
22:27:17.0274 4924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:27:17.0344 4924 PptpMiniport - ok
22:27:17.0444 4924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:27:17.0484 4924 Processor - ok
22:27:17.0614 4924 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:27:17.0694 4924 Psched - ok
22:27:17.0844 4924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:27:17.0894 4924 ql2300 - ok
22:27:18.0004 4924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:18.0034 4924 ql40xx - ok
22:27:18.0164 4924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:27:18.0214 4924 QWAVEdrv - ok
22:27:18.0344 4924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:27:18.0414 4924 RasAcd - ok
22:27:18.0504 4924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:18.0604 4924 RasAgileVpn - ok
22:27:18.0734 4924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:18.0814 4924 Rasl2tp - ok
22:27:18.0944 4924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:19.0014 4924 RasPppoe - ok
22:27:19.0124 4924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:27:19.0194 4924 RasSstp - ok
22:27:19.0324 4924 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:27:19.0374 4924 rdbss - ok
22:27:19.0474 4924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:19.0514 4924 rdpbus - ok
22:27:19.0594 4924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:19.0644 4924 RDPCDD - ok
22:27:19.0754 4924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:27:19.0824 4924 RDPENCDD - ok
22:27:19.0924 4924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:27:19.0974 4924 RDPREFMP - ok
22:27:20.0094 4924 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:27:20.0154 4924 RDPWD - ok
22:27:20.0274 4924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:27:20.0314 4924 rdyboost - ok
22:27:20.0474 4924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:27:20.0544 4924 rspndr - ok
22:27:20.0704 4924 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
22:27:20.0754 4924 RSUSBSTOR - ok
22:27:20.0874 4924 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:27:20.0964 4924 RTL8167 - ok
22:27:21.0054 4924 RtsUIR - ok
22:27:21.0134 4924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:27:21.0154 4924 sbp2port - ok
22:27:21.0294 4924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:27:21.0354 4924 scfilter - ok
22:27:21.0674 4924 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:27:21.0724 4924 sdbus - ok
22:27:21.0854 4924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:27:21.0924 4924 secdrv - ok
22:27:22.0064 4924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:27:22.0114 4924 Serenum - ok
22:27:22.0214 4924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:27:22.0264 4924 Serial - ok
22:27:22.0384 4924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:27:22.0404 4924 sermouse - ok
22:27:22.0544 4924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:27:22.0584 4924 sffdisk - ok
22:27:22.0744 4924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:27:22.0794 4924 sffp_mmc - ok
22:27:22.0914 4924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:27:22.0954 4924 sffp_sd - ok
22:27:23.0064 4924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:23.0104 4924 sfloppy - ok
22:27:23.0234 4924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:27:23.0274 4924 SiSRaid2 - ok
22:27:23.0384 4924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:27:23.0424 4924 SiSRaid4 - ok
22:27:23.0534 4924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:27:23.0614 4924 Smb - ok
22:27:23.0744 4924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:27:23.0784 4924 spldr - ok
22:27:23.0914 4924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:27:23.0944 4924 srv - ok
22:27:24.0074 4924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:27:24.0124 4924 srv2 - ok
22:27:24.0254 4924 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:27:24.0304 4924 SrvHsfHDA - ok
22:27:24.0464 4924 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:27:24.0514 4924 SrvHsfV92 - ok
22:27:24.0664 4924 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:27:24.0704 4924 SrvHsfWinac - ok
22:27:24.0824 4924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:27:24.0874 4924 srvnet - ok
22:27:25.0004 4924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:27:25.0044 4924 stexstor - ok
22:27:25.0164 4924 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
22:27:25.0214 4924 STHDA - ok
22:27:25.0354 4924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:27:25.0384 4924 swenum - ok
22:27:25.0524 4924 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:27:25.0564 4924 SynTP - ok
22:27:25.0754 4924 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:27:25.0814 4924 Tcpip - ok
22:27:25.0984 4924 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:27:26.0054 4924 TCPIP6 - ok
22:27:26.0174 4924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:27:26.0244 4924 tcpipreg - ok
22:27:26.0364 4924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:27:26.0434 4924 TDPIPE - ok
22:27:26.0544 4924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:27:26.0614 4924 TDTCP - ok
22:27:27.0044 4924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:27:27.0114 4924 tdx - ok
22:27:27.0244 4924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:27:27.0274 4924 TermDD - ok
22:27:27.0454 4924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:27.0504 4924 tssecsrv - ok
22:27:27.0624 4924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:27:27.0674 4924 TsUsbFlt - ok
22:27:27.0794 4924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:27:27.0864 4924 tunnel - ok
22:27:27.0964 4924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:27:27.0994 4924 uagp35 - ok
22:27:28.0144 4924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:27:28.0204 4924 udfs - ok
22:27:28.0354 4924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:27:28.0384 4924 uliagpkx - ok
22:27:28.0524 4924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:27:28.0564 4924 umbus - ok
22:27:28.0674 4924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:27:28.0714 4924 UmPass - ok
22:27:28.0834 4924 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
22:27:28.0864 4924 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:27:28.0864 4924 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:27:28.0974 4924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:29.0014 4924 usbccgp - ok
22:27:29.0084 4924 USBCCID - ok
22:27:29.0164 4924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:27:29.0194 4924 usbcir - ok
22:27:29.0324 4924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:27:29.0364 4924 usbehci - ok
22:27:29.0464 4924 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
22:27:29.0494 4924 usbfilter - ok
22:27:29.0634 4924 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:27:29.0684 4924 usbhub - ok
22:27:29.0824 4924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:27:29.0854 4924 usbohci - ok
22:27:29.0954 4924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:27:30.0004 4924 usbprint - ok
22:27:30.0104 4924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:27:30.0154 4924 usbscan - ok
22:27:30.0254 4924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:30.0304 4924 USBSTOR - ok
22:27:30.0454 4924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:27:30.0484 4924 usbuhci - ok
22:27:30.0594 4924 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:27:30.0644 4924 usbvideo - ok
22:27:30.0784 4924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:27:30.0834 4924 vdrvroot - ok
22:27:30.0944 4924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:30.0974 4924 vga - ok
22:27:31.0104 4924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:27:31.0164 4924 VgaSave - ok
22:27:31.0294 4924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:27:31.0324 4924 vhdmp - ok
22:27:31.0474 4924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:27:31.0514 4924 viaide - ok
22:27:31.0644 4924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:27:31.0684 4924 volmgr - ok
22:27:31.0824 4924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:27:31.0864 4924 volmgrx - ok
22:27:32.0024 4924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:27:32.0074 4924 volsnap - ok
22:27:32.0184 4924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:27:32.0224 4924 vsmraid - ok
22:27:32.0384 4924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:27:32.0434 4924 vwifibus - ok
22:27:32.0534 4924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:27:32.0584 4924 vwififlt - ok
22:27:32.0704 4924 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:27:32.0734 4924 vwifimp - ok
22:27:32.0864 4924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:27:32.0904 4924 WacomPen - ok
22:27:33.0034 4924 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:27:33.0114 4924 WANARP - ok
22:27:33.0124 4924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:27:33.0174 4924 Wanarpv6 - ok
22:27:33.0304 4924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:27:33.0334 4924 Wd - ok
22:27:33.0454 4924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:27:33.0484 4924 Wdf01000 - ok
22:27:33.0624 4924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:33.0684 4924 WfpLwf - ok
22:27:33.0794 4924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:27:33.0834 4924 WIMMount - ok
22:27:34.0014 4924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:27:34.0054 4924 WinUsb - ok
22:27:34.0174 4924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:27:34.0214 4924 WmiAcpi - ok
22:27:34.0354 4924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:27:34.0414 4924 ws2ifsl - ok
22:27:34.0554 4924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:27:34.0614 4924 WudfPf - ok
22:27:34.0754 4924 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:34.0824 4924 WUDFRd - ok
22:27:34.0964 4924 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:27:34.0994 4924 yukonw7 - ok
22:27:35.0024 4924 MBR (0x1B8) (f927b6eeefbdcb14b37de3b678323e67) \Device\Harddisk0\DR0
22:27:35.0854 4924 \Device\Harddisk0\DR0 - ok
22:27:35.0864 4924 MBR (0x1B8) (17e1d13d492dda22073dd385f815ef98) \Device\Harddisk1\DR2
22:27:38.0324 4924 \Device\Harddisk1\DR2 - ok
22:27:38.0364 4924 Boot (0x1200) (953dfe94bc286f3c3707f9f30a741a06) \Device\Harddisk0\DR0\Partition0
22:27:38.0364 4924 \Device\Harddisk0\DR0\Partition0 - ok
22:27:38.0394 4924 Boot (0x1200) (0ba500a69cbcfc2249db0bbcfcf8f28d) \Device\Harddisk0\DR0\Partition1
22:27:38.0394 4924 \Device\Harddisk0\DR0\Partition1 - ok
22:27:38.0424 4924 Boot (0x1200) (5312f7ea800ac7aa4775b657fddade38) \Device\Harddisk0\DR0\Partition2
22:27:38.0424 4924 \Device\Harddisk0\DR0\Partition2 - ok
22:27:38.0444 4924 Boot (0x1200) (cdc4064a3d9b88c3b20dc1a426a72797) \Device\Harddisk0\DR0\Partition3
22:27:38.0444 4924 \Device\Harddisk0\DR0\Partition3 - ok
22:27:38.0454 4924 ============================================================
22:27:38.0454 4924 Scan finished
22:27:38.0454 4924 ============================================================
22:27:38.0464 4752 Detected object count: 1
22:27:38.0464 4752 Actual detected object count: 1
22:27:54.0364 4752 HKLM\SYSTEM\ControlSet001\services\USBAAPL64 - will be deleted on reboot
22:27:54.0394 4752 HKLM\SYSTEM\ControlSet002\services\USBAAPL64 - will be deleted on reboot
22:27:54.0444 4752 HKLM\SYSTEM\ControlSet003\services\USBAAPL64 - will be deleted on reboot
22:27:54.0504 4752 C:\Windows\system32\Drivers\usbaapl64.sys - will be deleted on reboot
22:27:54.0504 4752 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:28:16.0564 2796 Deinitialize success

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Wed Jan 04, 2012 12:14 am

Please run Combofix again

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Wed Jan 04, 2012 6:00 pm

ComboFix 12-01-04.02 - jon 04/01/2012 16:33:00.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.568 [GMT 0:00]
Running from: c:\users\jon\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jon\ComboFix.exe
c:\users\jon\EULA.txt
c:\windows\system32\fxsst.dll . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 17:29 . 2012-01-04 17:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0275E4B-9A2B-467A-B1B1-378EB1479EC0}\offreg.dll
2012-01-04 17:26 . 2012-01-04 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 23:00 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0275E4B-9A2B-467A-B1B1-378EB1479EC0}\mpengine.dll
2012-01-02 09:28 . 2012-01-02 09:28 -------- d-----w- c:\programdata\Premium
2012-01-02 09:28 . 2012-01-02 09:29 -------- d-----w- c:\programdata\InstallMate
2011-12-30 16:04 . 2011-12-30 16:04 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-12-30 15:57 . 2011-12-30 15:57 2 --shatr- c:\windows\winstart.bat
2011-12-30 00:48 . 2011-12-30 00:48 -------- d-----w- c:\program files (x86)\ESET
2011-12-29 16:08 . 2012-01-02 21:02 -------- d-----w- C:\Commy
2011-12-28 10:49 . 2011-12-28 10:49 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-12-28 09:11 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-27 10:23 . 2011-11-15 14:29 222080 ------w- c:\windows\SysWow64\MpSigStub.exe
2011-12-27 09:07 . 2011-10-04 17:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A073D7A2-AFC5-424B-AB80-3FD54D201B3E}\gapaengine.dll
2011-12-27 09:02 . 2011-12-27 09:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-27 09:01 . 2011-12-27 09:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 08:50 . 2011-12-27 08:50 -------- d--h--w- c:\programdata\Common Files
2011-12-27 08:49 . 2011-12-27 08:50 -------- d-----w- c:\programdata\MFAData
2011-12-26 11:42 . 2011-12-27 08:57 -------- dc----w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2011-12-24 08:06 . 2011-12-24 08:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-24 08:06 . 2011-12-24 08:06 -------- d-----w- c:\users\jon\AppData\Roaming\PC Tools
2011-12-24 07:54 . 2011-12-24 07:54 -------- d-----w- c:\users\jon\AppData\Roaming\TestApp
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 08:31 . 2011-12-22 08:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\offreg.dll
2011-12-21 08:32 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\mpengine.dll
2011-12-20 11:57 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Sky Broadband
2011-12-20 07:55 . 2011-12-31 09:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-10 05:59 . 2011-12-24 08:50 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-12-10 05:59 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-30 02:21 . 2011-12-27 09:04 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\mpengine.dll
2011-11-21 11:40 . 2011-04-16 06:57 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 14:29 . 2010-04-10 17:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 05:54 . 2010-12-24 21:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-01_12.00.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 09:34 . 2012-01-04 17:31 74162 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-04 17:31 68076 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 01:58 . 2012-01-04 17:31 18464 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587992434-3900482413-3266186353-1001_UserData.bin
+ 2009-10-20 08:42 . 2012-01-03 19:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-20 08:42 . 2011-12-31 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-20 08:42 . 2012-01-03 19:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-20 08:42 . 2011-12-31 14:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-31 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-03 19:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:38 . 2012-01-01 11:58 67584 c:\windows\bootstat(522).dat
+ 2009-07-14 05:38 . 2012-01-04 17:29 67584 c:\windows\bootstat(522).dat
- 2012-01-01 11:58 . 2012-01-01 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 17:29 . 2012-01-04 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 17:29 . 2012-01-04 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-01 11:58 . 2012-01-01 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-09 15:56 . 2012-01-04 07:38 240444 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-31 00:14 632742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-02 22:12 632742 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-31 00:14 632742 c:\windows\system32\perfh009(7767).dat
+ 2009-07-14 02:36 . 2012-01-02 22:12 632742 c:\windows\system32\perfh009(7767).dat
+ 2009-07-14 02:36 . 2012-01-02 22:12 114702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-31 00:14 114702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-31 00:14 114702 c:\windows\system32\perfc009(7763).dat
+ 2009-07-14 02:36 . 2012-01-02 22:12 114702 c:\windows\system32\perfc009(7763).dat
- 2009-07-14 05:01 . 2012-01-01 11:57 325424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-04 17:28 325424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-22 21:20 . 2012-01-04 17:28 25096236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3587992434-3900482413-3266186353-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14727042.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-01-04 17:56:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 17:56
ComboFix2.txt 2012-01-01 12:26
.
Pre-Run: 187,025,715,200 bytes free
Post-Run: 186,781,007,872 bytes free
.
- - End Of File - - AB7D0D25968B3345045F5BC6F3BEC5BF

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Thu Jan 05, 2012 4:02 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::
    File::
    c:\windows\system32\Partizan.exe
    Folder::
    c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.




If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Thu Jan 05, 2012 6:25 pm

ComboFix 12-01-05.01 - jon 05/01/2012 17:01:40.7.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.567 [GMT 0:00]
Running from: c:\users\jon\Desktop\Commy.exe
Command switches used :: c:\users\jon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Partizan.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\instance.dat
c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\mia.lib
c:\windows\system32\Partizan.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:50 . 2012-01-05 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 22:37 . 2012-01-05 17:54 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F2905DA-FED0-46D8-9C9E-B265A15D43F4}\offreg.dll
2012-01-04 22:37 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F2905DA-FED0-46D8-9C9E-B265A15D43F4}\mpengine.dll
2012-01-02 09:28 . 2012-01-02 09:28 -------- d-----w- c:\programdata\Premium
2012-01-02 09:28 . 2012-01-02 09:29 -------- d-----w- c:\programdata\InstallMate
2011-12-30 15:57 . 2011-12-30 15:57 2 --shatr- c:\windows\winstart.bat
2011-12-28 10:49 . 2011-12-28 10:49 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-12-28 09:11 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-27 10:23 . 2011-11-15 14:29 222080 ------w- c:\windows\SysWow64\MpSigStub.exe
2011-12-27 09:07 . 2011-10-04 17:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A073D7A2-AFC5-424B-AB80-3FD54D201B3E}\gapaengine.dll
2011-12-27 09:02 . 2011-12-27 09:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-27 09:01 . 2011-12-27 09:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 08:50 . 2011-12-27 08:50 -------- d--h--w- c:\programdata\Common Files
2011-12-27 08:49 . 2011-12-27 08:50 -------- d-----w- c:\programdata\MFAData
2011-12-24 08:06 . 2011-12-24 08:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-24 08:06 . 2011-12-24 08:06 -------- d-----w- c:\users\jon\AppData\Roaming\PC Tools
2011-12-24 07:54 . 2011-12-24 07:54 -------- d-----w- c:\users\jon\AppData\Roaming\TestApp
2011-12-22 15:26 . 2011-12-22 15:26 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-22 08:31 . 2011-12-22 08:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\offreg.dll
2011-12-21 08:32 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A9E6196A-885A-4FFA-923F-BC6DD39B1FB2}\mpengine.dll
2011-12-20 11:57 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Sky Broadband
2011-12-20 07:55 . 2012-01-04 18:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-18 15:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 15:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 15:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 15:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-18 15:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 15:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 12:48 . 2011-12-17 12:48 -------- d-----w- c:\users\jon\AppData\Roaming\Malwarebytes
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 08:49 . 2011-12-15 08:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-13 17:37 . 2011-12-18 14:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-13 17:36 . 2011-12-13 17:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 17:36 . 2011-12-13 17:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-10 05:59 . 2011-12-24 08:50 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-12-10 05:59 . 2011-12-24 08:49 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 07:03 . 2011-10-13 16:41 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-09 07:03 . 2011-10-13 16:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:33 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-06 06:33 . 2011-11-21 13:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-06 06:33 . 2010-02-09 02:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 07:15 . 2011-10-13 16:40 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-30 02:21 . 2011-12-27 09:04 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FEE13CF-3F18-4747-B7E9-D80D37F6C9D3}\mpengine.dll
2011-11-21 11:40 . 2011-04-16 06:57 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 14:29 . 2010-04-10 17:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-15 06:16 . 2011-08-13 05:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 05:54 . 2010-12-24 21:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 12:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForjon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
.
**************************************************************************
.
Completion time: 2012-01-05 18:20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 18:20
ComboFix2.txt 2012-01-04 17:57
.
Pre-Run: 186,415,214,592 bytes free
Post-Run: 186,562,678,784 bytes free
.
- - End Of File - - 1DC3AFF900FDA3AC03DD2DE1B95E6006

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by houndmom on Fri Jan 06, 2012 2:55 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



How's your computer running?



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

Re: get-answers or www.easya-z.com

Post by jonnieboy on Fri Jan 06, 2012 5:25 pm

Hi Houndmom

The laptop was running ok till yesterday evening with no redirection for over a day. Then when I got in from work I was redirected as soon as I started surfing. My son had been on the laptop earlier (probably visiting dodgy sites).

Also I cannot aceess some of my files in the library folder, cannot llink in emails and one or two other minor things.

That was all the information in the log.

Regards Jon


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

jonnieboy
Novice
Novice

Status :
Online
Offline

Posts : 42
Joined : 2011-12-18
OS : 7

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum