Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Win7Ult.BadlyInfected Last Resort Before Reformat

  1. #1
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default Win7Ult.BadlyInfected Last Resort Before Reformat

    Alright, First symptoms were slow running p/c, popups on Firefox etc. Hours later I was constantly being redirected and could not run any .exe files. On a restart, very long bootup time, booted into windows with all icons gone, start list empty and all other folders were empty (did research, files are still here, just have all been changed to be hidden), also a fake cleaner claiming RAM and HDD errors popped up. Ran and updated Spybot, Mbam and SAS and restarted pc. The fake cleaner is gone now, but symptoms have just gotten worse. Mbam no longer runs. Cannot reinstall any programs (access denied) even as administrator and in safe mode, and even after running rkill. Also, before running dds, I tried to disable teatimer, but again access is denied. I am on the verge of reformatting as usually I can fix these problems myself, but I would really prefer not to. I know I am horribly infected and any help or suggestions would be absolutely welcome. Thanks~

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Brandon at 21:22:17 on 2012-01-31
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1700 [GMT -8:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [TeamSpeak Update] rundll32
    uRun: [DirectxBackupUpdate] rundll32.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
    dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 75.75.75.75 75.75.76.76
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
    TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun-x64: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111009&q=
    FF - prefs.js: network.proxy.ftp - :
    FF - prefs.js: network.proxy.http - :
    FF - prefs.js: network.proxy.socks - :
    FF - prefs.js: network.proxy.ssl - :
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 5016928c000000000000e0cb4e602de6
    FF - user.js: extensions.BabylonToolbar_i.hardId - 5016928c000000000000e0cb4e602de6
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:27:58
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
    FF - user.js: extensions.funmoods_i.id - 5016928c000000000000e0cb4e602de6
    FF - user.js: extensions.funmoods_i.instlDay - 15368
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.12:32:00
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - ironto
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-01 05:10:31 20480 ----a-w- C:\Windows\svchost.exe
    2012-02-01 05:10:03 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-02-01 04:56:43 -------- d-----w- C:\brandon.exe
    2012-02-01 00:52:27 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-01 00:52:23 -------- d-----w- C:\ProgramData\!SASCORE
    2012-02-01 00:52:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-02-01 00:41:35 98816 ----a-w- C:\Windows\sed.exe
    2012-02-01 00:41:35 518144 ----a-w- C:\Windows\SWREG.exe
    2012-02-01 00:41:35 256000 ----a-w- C:\Windows\PEV.exe
    2012-02-01 00:41:35 208896 ----a-w- C:\Windows\MBR.exe
    2012-01-31 23:46:59 -------- d--h--w- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
    2012-01-31 07:35:30 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
    2012-01-31 07:35:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
    2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C156.tmp
    2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C155.tmp
    2012-01-30 18:11:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
    2012-01-30 18:11:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
    2012-01-30 05:10:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
    2012-01-30 05:10:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
    2012-01-29 18:57:32 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
    2012-01-29 10:38:25 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
    2012-01-29 10:38:25 497664 ---ha-w- C:\Windows\SysWow64\ac3filter.acm
    2012-01-29 10:38:25 -------- d--h--w- C:\Program Files (x86)\AC3Filter
    2012-01-29 10:27:54 -------- d--h--w- C:\Users\Brandon\AppData\Local\Babylon
    2012-01-29 10:27:51 -------- d--h--w- C:\Users\Brandon\AppData\Roaming\Babylon
    2012-01-29 10:27:51 -------- d--h--w- C:\ProgramData\Babylon
    2012-01-28 19:43:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
    2012-01-28 19:43:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
    2012-01-28 06:32:34 -------- d--h--w- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
    2012-01-28 06:32:24 -------- d--h--w- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
    2012-01-26 19:21:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
    2012-01-26 19:20:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
    2012-01-26 05:38:10 -------- d--h--w- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
    2012-01-26 05:38:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
    2012-01-25 23:21:20 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
    2012-01-25 07:55:30 -------- d--h--w- C:\Users\Brandon\riotsGamesLogs
    2012-01-24 23:57:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
    2012-01-24 23:57:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
    2012-01-23 21:48:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
    2012-01-23 21:47:56 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
    2012-01-23 04:06:43 -------- d--h--w- C:\Program Files (x86)\MSECache
    2012-01-23 01:50:21 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
    2012-01-22 01:13:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
    2012-01-22 01:13:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
    2012-01-19 21:25:40 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
    2012-01-19 21:17:48 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
    2012-01-19 20:29:57 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
    2012-01-18 17:44:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
    2012-01-18 17:44:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
    2012-01-17 15:27:56 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{073D1B73-1554-47FD-8235-A630DA92A708}\mpengine.dll
    2012-01-16 17:12:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
    2012-01-16 17:12:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
    2012-01-15 18:05:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
    2012-01-15 18:05:41 -------- d--h--w- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
    2012-01-14 19:05:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
    2012-01-14 19:04:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
    2012-01-14 04:47:11 -------- d--h--w- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
    2012-01-14 04:47:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
    2012-01-13 02:58:31 -------- d-----w- C:\Windows\System32\appmgmt
    2012-01-13 01:56:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
    2012-01-13 01:55:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
    2012-01-12 13:02:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
    2012-01-12 13:01:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
    2012-01-11 21:42:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
    2012-01-11 21:42:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
    2012-01-11 05:09:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 05:09:24 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 05:09:24 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 05:09:24 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 05:09:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-11 05:09:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 05:09:20 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 05:09:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 05:04:39 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
    2012-01-11 05:04:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
    2012-01-09 08:10:01 626688 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-09 08:10:01 548864 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-09 08:10:01 479232 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-09 08:10:01 43992 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-09 07:13:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
    2012-01-09 07:13:04 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
    2012-01-08 01:01:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
    2012-01-08 01:01:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
    2012-01-06 23:47:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
    2012-01-06 23:47:43 -------- d--h--w- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
    2012-01-05 23:06:50 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8FDA20A3-EB9E-4E71-AF26-792F5C621314}
    2012-01-05 23:06:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A84B1332-E094-417E-BBB4-A62D4DD0CB97}
    2012-01-04 20:02:16 -------- d--h--w- C:\Users\Brandon\AppData\Local\{CE0C63B0-C87E-4061-A89B-B3AF35AC49F0}
    2012-01-04 20:02:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F3AF0FC6-C962-4FFD-9D32-A3433B217F29}
    2012-01-04 00:05:58 -------- d--h--w- C:\Users\Brandon\AppData\Local\{B1B03262-B741-4A85-9F51-D0CACFF54217}
    2012-01-04 00:05:47 -------- d--h--w- C:\Users\Brandon\AppData\Local\{9B7879EE-6CBC-4CEE-A8E0-08E59D4A0DFE}
    2012-01-02 18:50:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1DE8E51-2AB0-4767-B961-7C184C8D8DFE}
    2012-01-02 18:50:08 -------- d--h--w- C:\Users\Brandon\AppData\Local\{165FB7F3-502B-493F-AD63-3CD2F82D52E4}
    .
    ==================== Find3M ====================
    .
    2011-12-27 12:36:36 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-12-13 12:18:55 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-12 19:18:20 24576 ----a-w- C:\Windows\System32\drivers\FlyUsb.sys
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:24:40.31 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi pallmall,

    Firstly, welcome to the Safer-Networking Malware Removal Forum.
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.
    If you no longer require help I would be grateful if you would let me know.

    Please note the following important guidelines before proceeding:
    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

    Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    Windows 7 Advice:
    Please Note: The programs I ask you to use will need to be run in Administrator Mode.
    In order to do this Right-click on the program file and select the Run as Administrator option.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    If prompted, please click on the Allow button.
    Reference: User Account Control (UAC) and Running as Administrator

    Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.



    If you follow these guidelines, things should proceed smoothly.
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
    Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi pallmall,

    Thank you again for your patience.

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    Disable Spybot S&D Teatimer

    From the log(s) you have provided I can see that Spybot S&D Teatimer is active. This might interfere with any fixes we attempt to run so we need to disable it.

    1. Right-click on the Spybot S&D desktop icon and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Select Mode > Advanced Mode.
    3. In the Warning pop-up window click on the Yes button to continue.
    4. Towards the bottom of the left-hand pane, click on the Tools option.
    5. Then click on the Resident option under the expanded Tools sub-menu.
    6. If you receive a firewall alert message, click on theOK button to continue.
    7. Under the main Resident protection status frame, Uncheck the Resident "TeaTimer"(Protection of over-all system settings) active checkbox.
    8. Click on the OK button to accept the change to the setting.
    9. Then select File > Exit to quit the Spybot S&D program.
    10. Reboot the computer to apply the changes.

    Step 2:
    DeFogger

    We need to disable the active CD Emulation drivers as they will almost certainly interfere with the cleanup process.

    1. Please download DeFogger by jpshortstuff and save it to your Desktop.
    2. Right-click on DeFogger.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. When the application window appears click on the Disable button to disable your CD Emulation drivers.
    4. Click on the Yes button to continue.
    5. When the Finished! message appears click on the OK button.
    6. Then click on the OK button when DeFogger asks to reboot the machine.

    Please do not re-enable these drivers until otherwise instructed.
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.

    Step 3:
    OTL - Scan

    1. Please download OTL by Old Timer. Save it to your Desktop.
    2. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Under Output, ensure that the Standard Output option is selected.
    4. Under the Extra Registry section, select the Use SafeList option.
    5. Click the Scan All Users checkbox.
    6. Tick the LOP Check and Purity Check checkboxes.
    7. Also make sure the Include 64bit Scans checkbox is ticked.
      Note: Please leave the remaining selections on the default settings.
    8. Click on the Run Scan button in the top left-hand corner of the program window.
    9. When done, two Notepad files will automatically open:
      • OTL.txt <-- Will be opened, maximized.
      • Extras.txt <-- Will be minimized on task bar.
    10. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

    Step 4:
    TDSSKiller - Scan

    1. Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-- Important!!!
    2. Right-click on TDSSKiller.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
      If TDSSKiller does not run, try renaming the program file. Right-click on TDSSKiller.exe, select the Rename option and give the program a random name with the .com file extension (i.e. ektfhtw.com).
      If you cannot see file extensions, please refer to: How to change the file extension.
    3. Click the Start Scan button. Do not use the computer during the scan!
    4. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    5. Now click on Report to open the log file created by TDSSKiller.
    6. The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
    7. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

    PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. OTL.exe.
    3. Extras.txt.
    4. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
    5. Do you have the original Windows installation media for your PC?

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #4
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default

    Scolabar, thank you for the hasty reply. This machine is still in need of care. I am glad you will be assisting me in (hopefully) getting this resolved! Thanks so much!

    1. No problems with any of the instructions. (see Error when disabling TeaTimer)
    2. Think your post means. OTL.txt, not OTL.exe ^_^. <a href="#otl.txt">OTL.txt</a> is below.
    3. <a href="#extras.txt">Extras.txt</a> is below.
    4. <a href="#tdsskiller.txt">TDSSKiller.txt</a>
    5. I do have the Windows disks.



    Followed your directions to disable TeaTimer
    recieved the following Error
    Cannot create file "C:\ProgramData\Spybot - Search & Destroy\Configuration.ini". Access is denied
    Disabled TeaTimer.
    Rebooted.

    Ran Defogger.
    No Errors. Did gen log.
    Rebooted.

    <a name="otl.txt">OTL.txt</a>

    OTL logfile created on: 2/4/2012 5:45:15 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandon\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 66.76% Memory free
    8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 95.32 Gb Free Space | 20.47% Space Free | Partition Type: NTFS

    Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/04 17:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    PRC - [2012/02/01 04:09:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/11/12 12:04:12 | 000,268,640 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2011/11/12 11:21:58 | 006,141,792 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/08/20 07:43:08 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/21 06:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 06:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/04/07 00:03:52 | 000,075,064 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/03/18 00:26:14 | 002,435,592 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    PRC - [2011/03/18 00:24:50 | 001,043,968 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/04/03 15:59:00 | 000,240,232 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/11/06 10:58:38 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/08/20 21:16:54 | 005,782,528 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2005/06/15 17:04:48 | 000,529,920 | -H-- | M] () -- C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/01 04:09:29 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/09/14 09:19:06 | 008,500,224 | -H-- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2011/09/14 09:19:06 | 002,348,544 | -H-- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2009/03/25 15:53:14 | 000,053,248 | -H-- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
    MOD - [2009/01/15 13:55:10 | 000,565,248 | -H-- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
    MOD - [2006/01/10 00:50:20 | 000,024,576 | RH-- | M] () -- C:\Windows\SysWOW64\AsIO.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/15 07:26:18 | 000,822,264 | -H-- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2010/06/29 09:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/11/12 11:21:58 | 006,141,792 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/08/20 07:43:08 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/08/02 18:33:37 | 000,411,432 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/01 13:19:00 | 004,045,688 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2011/04/21 06:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/04/07 00:03:52 | 000,075,064 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/03/18 00:26:14 | 002,435,592 | -H-- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/06/25 09:07:20 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/04/03 15:59:00 | 000,240,232 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/06 10:58:38 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2005/06/15 17:04:48 | 000,529,920 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe -- (NICSer_WUSBF54G)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/27 04:36:36 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/11/12 11:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2011/08/20 07:43:09 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/08/20 07:43:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/15 07:25:38 | 000,033,528 | -H-- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/08/27 16:17:07 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/17 10:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 10:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2009/08/17 03:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2007/04/13 04:56:49 | 000,122,624 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmcam326av.sys -- (vmcam326av)
    DRV:64bit: - [2007/04/13 04:56:49 | 000,104,192 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav.sys -- (vvftav)
    DRV:64bit: - [2005/08/15 14:49:48 | 000,351,616 | ---- | M] (Linksys, A Division of Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZD1211U.sys -- (ZD1211U(Linksys)) Linksys Wireless-G USB Network Adapter Driver(Linksys)
    DRV - [2010/05/15 12:25:27 | 000,019,952 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/02/07 10:27:46 | 000,014,104 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
    DRV - [2005/01/03 16:43:08 | 000,004,682 | -H-- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]

    IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 C4 70 02 7E CC CC 01 [binary data]
    IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
    IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

    ========== FireFox ==========



    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/09/03 16:43:49 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/09/03 16:12:07 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/01 04:09:30 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/08/21 22:06:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
    [2012/02/04 17:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions
    [2012/01/16 12:18:10 | 000,000,000 | -H-D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    [2011/12/24 03:10:59 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/01/13 20:55:09 | 000,000,000 | -H-D | M] (Flash and Video Download) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2012/01/29 02:16:46 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/01/29 10:57:39 | 000,000,000 | -H-D | M] (Funmoods.com) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\ffxtlbr@funmoods.com
    [2011/08/31 10:42:48 | 000,000,939 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\searchplugins\conduit.xml
    [2012/01/29 02:31:56 | 000,001,800 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\searchplugins\funmoods.xml
    [2011/08/24 00:23:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\BRANDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B1SW9J6Q.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
    [2012/02/01 04:09:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/29 02:27:55 | 000,002,310 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/10/09 12:32:59 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/08/11 19:16:35 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/11/10 00:08:01 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =

    O1 HOSTS File: ([2012/02/01 04:55:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKU\S-1-5-21-545903267-2311813859-710853934-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe File not found
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [DirectxBackupUpdate] rundll32.exe File not found
    O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [TeamSpeak Update] rundll32 File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/04 17:43:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    [2012/02/01 04:55:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
    [2012/02/01 04:55:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/01 04:43:49 | 000,000,000 | ---D | C] -- C:\brandon.exe
    [2012/01/31 21:06:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/31 16:52:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
    [2012/01/31 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/01/31 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2012/01/31 16:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/01/31 16:41:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/31 16:41:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/31 16:41:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/31 15:46:59 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
    [2012/01/30 23:35:30 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
    [2012/01/30 23:35:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
    [2012/01/30 19:37:31 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
    [2012/01/30 10:11:29 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
    [2012/01/30 10:11:18 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
    [2012/01/29 21:10:49 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
    [2012/01/29 21:10:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
    [2012/01/29 10:57:32 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
    [2012/01/29 02:38:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2012/01/29 02:38:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\AC3Filter
    [2012/01/29 02:27:54 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\Babylon
    [2012/01/29 02:27:51 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Roaming\Babylon
    [2012/01/29 02:27:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
    [2012/01/28 11:43:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
    [2012/01/28 11:43:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
    [2012/01/27 22:32:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
    [2012/01/27 22:32:24 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
    [2012/01/26 11:21:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
    [2012/01/26 11:20:49 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
    [2012/01/25 21:38:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
    [2012/01/25 21:38:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
    [2012/01/25 15:21:20 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
    [2012/01/24 23:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\riotsGamesLogs
    [2012/01/24 15:57:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
    [2012/01/24 15:57:03 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
    [2012/01/23 13:48:06 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
    [2012/01/23 13:47:56 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
    [2012/01/22 20:07:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Microsoft Office
    [2012/01/22 20:06:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\MSECache
    [2012/01/22 19:53:51 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Desktop\Traveler's
    [2012/01/22 17:50:21 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
    [2012/01/21 17:13:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
    [2012/01/21 17:13:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
    [2012/01/19 13:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
    [2012/01/19 13:17:48 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
    [2012/01/19 12:29:57 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
    [2012/01/18 09:44:29 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
    [2012/01/18 09:44:17 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
    [2012/01/16 09:12:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
    [2012/01/16 09:12:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
    [2012/01/15 10:05:53 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
    [2012/01/15 10:05:41 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
    [2012/01/14 11:05:05 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
    [2012/01/14 11:04:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
    [2012/01/13 20:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
    [2012/01/13 20:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
    [2012/01/12 18:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2012/01/12 17:56:03 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
    [2012/01/12 17:55:53 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
    [2012/01/12 05:02:06 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
    [2012/01/12 05:01:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
    [2012/01/11 13:42:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
    [2012/01/11 13:42:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
    [2012/01/10 21:09:24 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
    [2012/01/10 21:09:24 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
    [2012/01/10 21:09:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/01/10 21:09:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/01/10 21:09:22 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2012/01/10 21:09:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2012/01/10 21:09:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2012/01/10 21:04:39 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
    [2012/01/10 21:04:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
    [2012/01/10 03:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Roaming\dvdcss
    [2012/01/08 23:13:17 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
    [2012/01/08 23:13:04 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
    [2012/01/07 17:01:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
    [2012/01/07 17:01:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
    [2012/01/06 15:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
    [2012/01/06 15:47:43 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
    [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/04 17:48:40 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/04 17:48:40 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/04 17:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    [2012/02/04 17:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/04 17:41:06 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/04 17:40:06 | 000,000,188 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
    [2012/02/04 17:39:40 | 000,050,477 | ---- | M] () -- C:\Users\Brandon\Desktop\Defogger(1).exe
    [2012/02/01 05:01:42 | 409,087,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/01 04:55:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/02/01 04:43:28 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\brandon.exe.exe
    [2012/02/01 01:07:23 | 000,000,794 | ---- | M] () -- C:\Users\Brandon\Desktop\lol.launcher - Shortcut.lnk
    [2012/01/31 16:52:23 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/31 16:51:04 | 000,001,122 | ---- | M] () -- C:\Users\Brandon\Desktop\ComboFix - Shortcut.lnk
    [2012/01/31 16:27:21 | 000,000,677 | -H-- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/29 02:32:00 | 000,000,287 | -H-- | M] () -- C:\user.js
    [2012/01/27 03:59:40 | 000,007,605 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg
    [2012/01/23 13:57:40 | 000,000,565 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\myMPQ.ini
    [2012/01/22 19:50:38 | 000,001,946 | -H-- | M] () -- C:\Users\Brandon\Documents\Traveler'sCL.rtf
    [2012/01/12 18:59:43 | 000,003,589 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\bbd0cb76
    [2012/01/12 18:59:43 | 000,003,554 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\ab1db9f0
    [2012/01/12 18:59:43 | 000,003,553 | -H-- | M] () -- C:\ProgramData\ed7240f2
    [2012/01/11 03:03:13 | 000,739,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/11 03:03:13 | 000,623,994 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/11 03:03:13 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/08 05:01:29 | 000,001,046 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\fb3171ly5igb78n40r732cc5y4n4eioea100powc8a52lr
    [2012/01/06 23:27:06 | 000,001,398 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\vay3y2g8qcaa
    [2012/01/06 06:22:38 | 000,001,738 | -H-- | M] () -- C:\Users\Brandon\Desktop\Diablo II - Lord of Destruction.lnk
    [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/04 17:40:06 | 000,000,188 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
    [2012/02/04 17:39:39 | 000,050,477 | ---- | C] () -- C:\Users\Brandon\Desktop\Defogger(1).exe
    [2012/02/01 01:07:23 | 000,000,794 | ---- | C] () -- C:\Users\Brandon\Desktop\lol.launcher - Shortcut.lnk
    [2012/01/31 16:52:23 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/31 16:51:04 | 000,001,122 | ---- | C] () -- C:\Users\Brandon\Desktop\ComboFix - Shortcut.lnk
    [2012/01/31 16:48:10 | 409,087,456 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/01/31 16:41:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/31 16:41:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/31 16:41:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/31 16:41:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/31 16:41:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/31 16:27:21 | 000,000,677 | -H-- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/29 02:38:25 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
    [2012/01/29 02:38:25 | 000,497,664 | -H-- | C] () -- C:\Windows\SysWow64\ac3filter.acm
    [2012/01/29 02:28:00 | 000,000,287 | -H-- | C] () -- C:\user.js
    [2012/01/22 19:50:38 | 000,001,946 | -H-- | C] () -- C:\Users\Brandon\Documents\Traveler'sCL.rtf
    [2012/01/12 18:46:31 | 000,003,589 | -H-- | C] () -- C:\Users\Brandon\AppData\Local\bbd0cb76
    [2012/01/12 18:46:31 | 000,003,554 | -H-- | C] () -- C:\Users\Brandon\AppData\Roaming\ab1db9f0
    [2012/01/12 18:46:31 | 000,003,553 | -H-- | C] () -- C:\ProgramData\ed7240f2
    [2012/01/08 05:01:29 | 000,001,046 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\fb3171ly5igb78n40r732cc5y4n4eioea100powc8a52lr
    [2012/01/06 23:27:06 | 000,001,398 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\vay3y2g8qcaa
    [2012/01/05 15:58:17 | 000,000,916 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\20phjt65e281mp7fe2cyy27v2i6a06720ngv0433d7pe80
    [2012/01/05 00:43:44 | 000,001,342 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\lbe80ph44tc2chkjmuip775027e8ksj025p55hjqcb1
    [2012/01/04 06:25:49 | 000,001,198 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\ree24xd02my3dxefbwxo168475b6gan804q08pmkeg0
    [2011/12/27 05:03:10 | 000,000,565 | -H-- | C] () -- C:\Users\Brandon\AppData\Roaming\myMPQ.ini
    [2011/10/12 21:05:03 | 000,007,605 | -H-- | C] () -- C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg
    [2011/06/29 00:29:09 | 000,037,137 | -H-- | C] () -- C:\Windows\DIIUnin.dat
    [2011/04/07 00:03:45 | 000,189,480 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/04/07 00:03:44 | 000,075,064 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/04/07 00:03:43 | 003,360,624 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/06/25 09:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2010/05/24 23:42:13 | 000,138,752 | -H-- | C] () -- C:\Windows\VM303Uninst64.exe
    [2010/05/24 23:42:13 | 000,073,728 | -H-- | C] () -- C:\Windows\VMInstNT.exe
    [2010/05/24 23:42:13 | 000,069,632 | -H-- | C] () -- C:\Windows\VMInst64.exe
    [2010/05/24 23:42:13 | 000,040,960 | -H-- | C] () -- C:\Windows\VM303UninstNT.exe
    [2010/05/16 13:48:01 | 000,000,262 | -H-- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/05/15 00:05:29 | 000,165,376 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/05/15 00:05:28 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini
    [2010/05/15 00:05:24 | 000,881,664 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/05/15 00:05:24 | 000,205,824 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/05/15 00:05:19 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/05/14 22:26:11 | 000,024,576 | RH-- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/05/14 22:26:11 | 000,013,368 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/05/14 22:26:09 | 000,011,832 | -H-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2010/05/14 22:26:09 | 000,010,216 | -H-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2010/05/14 22:24:09 | 000,036,616 | -H-- | C] () -- C:\Windows\Ascd_log.ini
    [2010/05/14 22:23:41 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini
    [2010/05/14 22:23:37 | 000,030,017 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 04:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2011/10/08 19:17:54 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\AnvSoft
    [2012/01/29 02:27:51 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Babylon
    [2010/05/15 11:39:34 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\CheckPoint
    [2012/01/26 11:20:33 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\DAEMON Tools Lite
    [2011/03/27 18:21:17 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\LolClient
    [2011/09/30 18:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\PhotoScape
    [2011/12/16 05:15:48 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\RIFT
    [2011/12/10 01:20:25 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Screaming Bee
    [2011/10/10 19:36:15 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\TS3Client
    [2011/10/03 20:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\ts3overlay
    [2011/09/25 16:25:29 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Unity
    [2011/09/22 23:44:49 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Wireshark
    [2011/12/04 03:17:55 | 000,032,638 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

  5. #5
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default

    <a name="extras.txt">Extras.txt</a>


    OTL Extras logfile created on: 2/4/2012 5:45:15 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandon\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 66.76% Memory free
    8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 95.32 Gb Free Space | 20.47% Space Free | Partition Type: NTFS

    Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F2DEFE25-83D8-55D0-AF90-BF25ED8360DA}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinRAR archiver" = WinRAR archiver
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3095C241-9622-48D8-BE8C-69AC80C51D24}" = HP Webcam
    "{327C4E4D-7DB9-44F8-85F1-833C03E9E51A}" = Linksys Wireless Network Monitor
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
    "{8f46b3c5-6a2a-4c6b-a2e5-ffaf1df8b3d8}" = Nero 9 Essentials
    "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E5F27DA8-48D3-4A46-AD83-26F42F5DA54D}" = ArcSoft VideoImpression 2
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AmazingMIDI" = AmazingMIDI
    "Anarchy Online_is1" = Anarchy Online
    "Any Video Converter_is1" = Any Video Converter 3.2.7
    "ArtMoney SE_is1" = ArtMoney SE v7.36.2
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Cheat Engine 6.1_is1" = Cheat Engine 6.1
    "Chord Pickout" = Chord Pickout 2.0
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Diablo II" = Diablo II
    "EGREEN" = ASUS E-Green Uninstall
    "E-Hammer1.0.0" = E-Hammer
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PhotoScape" = PhotoScape
    "PunkBusterSvc" = PunkBuster Services
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "SpeedFan" = SpeedFan (remove only)
    "ST6UNST #1" = Hero Editor V1.03
    "StarCraft II" = StarCraft II
    "Steam App 13140" = America's Army 3
    "SystemRequirementsLab" = System Requirements Lab
    "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "UPCShell" = LeapFrog Connect
    "VLC media player" = VLC media player 1.1.10
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.6.2
    "World of Warcraft" = World of Warcraft
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

  6. #6
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default

    <a name="tdsskiller.txt">TDSSKiller.txt</a>

    17:57:51.0293 2684 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
    17:57:51.0932 2684 ============================================================
    17:57:51.0932 2684 Current date / time: 2012/02/04 17:57:51.0932
    17:57:51.0932 2684 SystemInfo:
    17:57:51.0932 2684
    17:57:51.0932 2684 OS Version: 6.1.7601 ServicePack: 1.0
    17:57:51.0932 2684 Product type: Workstation
    17:57:51.0932 2684 ComputerName: BRANDON-PC
    17:57:51.0932 2684 UserName: Brandon
    17:57:51.0932 2684 Windows directory: C:\Windows
    17:57:51.0932 2684 System windows directory: C:\Windows
    17:57:51.0932 2684 Running under WOW64
    17:57:51.0932 2684 Processor architecture: Intel x64
    17:57:51.0932 2684 Number of processors: 2
    17:57:51.0932 2684 Page size: 0x1000
    17:57:51.0932 2684 Boot type: Normal boot
    17:57:51.0932 2684 ============================================================
    17:57:52.0775 2684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:57:52.0790 2684 \Device\Harddisk0\DR0:
    17:57:52.0790 2684 MBR used
    17:57:52.0790 2684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:57:52.0790 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    17:57:52.0822 2684 Initialize success
    17:57:52.0822 2684 ============================================================
    18:04:35.0582 2536 ============================================================
    18:04:35.0582 2536 Scan started
    18:04:35.0582 2536 Mode: Manual;
    18:04:35.0582 2536 ============================================================
    18:04:36.0238 2536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:04:36.0238 2536 1394ohci - ok
    18:04:36.0300 2536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:04:36.0316 2536 ACPI - ok
    18:04:36.0331 2536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:04:36.0331 2536 AcpiPmi - ok
    18:04:36.0394 2536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:04:36.0394 2536 adp94xx - ok
    18:04:36.0425 2536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:04:36.0425 2536 adpahci - ok
    18:04:36.0441 2536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:04:36.0441 2536 adpu320 - ok
    18:04:36.0519 2536 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    18:04:36.0534 2536 AFD - ok
    18:04:36.0581 2536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:04:36.0597 2536 agp440 - ok
    18:04:36.0628 2536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:04:36.0628 2536 aliide - ok
    18:04:36.0659 2536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:04:36.0675 2536 amdide - ok
    18:04:36.0721 2536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:04:36.0721 2536 AmdK8 - ok
    18:04:36.0753 2536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:04:36.0753 2536 AmdPPM - ok
    18:04:36.0799 2536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:04:36.0799 2536 amdsata - ok
    18:04:36.0815 2536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:04:36.0815 2536 amdsbs - ok
    18:04:36.0846 2536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:04:36.0846 2536 amdxata - ok
    18:04:36.0987 2536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:04:36.0987 2536 AppID - ok
    18:04:37.0033 2536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:04:37.0033 2536 arc - ok
    18:04:37.0049 2536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:04:37.0049 2536 arcsas - ok
    18:04:37.0065 2536 AsIO - ok
    18:04:37.0080 2536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:04:37.0080 2536 AsyncMac - ok
    18:04:37.0127 2536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:04:37.0127 2536 atapi - ok
    18:04:37.0174 2536 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:04:37.0174 2536 AtiPcie - ok
    18:04:37.0236 2536 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
    18:04:37.0236 2536 avgntflt - ok
    18:04:37.0283 2536 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
    18:04:37.0283 2536 avipbb - ok
    18:04:37.0345 2536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:04:37.0345 2536 b06bdrv - ok
    18:04:37.0392 2536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:04:37.0392 2536 b57nd60a - ok
    18:04:37.0423 2536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:04:37.0423 2536 Beep - ok
    18:04:37.0470 2536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:04:37.0470 2536 blbdrive - ok
    18:04:37.0533 2536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:04:37.0533 2536 bowser - ok
    18:04:37.0564 2536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:04:37.0579 2536 BrFiltLo - ok
    18:04:37.0595 2536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:04:37.0595 2536 BrFiltUp - ok
    18:04:37.0642 2536 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:04:37.0642 2536 BridgeMP - ok
    18:04:37.0673 2536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:04:37.0673 2536 Brserid - ok
    18:04:37.0704 2536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:04:37.0704 2536 BrSerWdm - ok
    18:04:37.0735 2536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:04:37.0735 2536 BrUsbMdm - ok
    18:04:37.0751 2536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:04:37.0751 2536 BrUsbSer - ok
    18:04:37.0767 2536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:04:37.0767 2536 BTHMODEM - ok
    18:04:37.0829 2536 catchme - ok
    18:04:37.0907 2536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:04:37.0907 2536 cdfs - ok
    18:04:37.0985 2536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    18:04:37.0985 2536 cdrom - ok
    18:04:38.0032 2536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:04:38.0032 2536 circlass - ok
    18:04:38.0079 2536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:04:38.0079 2536 CLFS - ok
    18:04:38.0125 2536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:04:38.0125 2536 CmBatt - ok
    18:04:38.0188 2536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:04:38.0188 2536 cmdide - ok
    18:04:38.0219 2536 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    18:04:38.0219 2536 CNG - ok
    18:04:38.0250 2536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:04:38.0250 2536 Compbatt - ok
    18:04:38.0313 2536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:04:38.0313 2536 CompositeBus - ok
    18:04:38.0344 2536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:04:38.0344 2536 crcdisk - ok
    18:04:38.0391 2536 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    18:04:38.0406 2536 CSC - ok
    18:04:38.0562 2536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:04:38.0562 2536 DfsC - ok
    18:04:38.0609 2536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:04:38.0609 2536 discache - ok
    18:04:38.0640 2536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:04:38.0640 2536 Disk - ok
    18:04:38.0687 2536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:04:38.0687 2536 drmkaud - ok
    18:04:38.0765 2536 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    18:04:38.0765 2536 dtsoftbus01 - ok
    18:04:38.0796 2536 dump_wmimmc - ok
    18:04:38.0874 2536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:04:38.0890 2536 DXGKrnl - ok
    18:04:38.0952 2536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:04:38.0999 2536 ebdrv - ok
    18:04:39.0046 2536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:04:39.0046 2536 elxstor - ok
    18:04:39.0093 2536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:04:39.0093 2536 ErrDev - ok
    18:04:39.0108 2536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:04:39.0108 2536 exfat - ok
    18:04:39.0124 2536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:04:39.0124 2536 fastfat - ok
    18:04:39.0155 2536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:04:39.0155 2536 fdc - ok
    18:04:39.0171 2536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:04:39.0171 2536 FileInfo - ok
    18:04:39.0217 2536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:04:39.0217 2536 Filetrace - ok
    18:04:39.0233 2536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:04:39.0233 2536 flpydisk - ok
    18:04:39.0280 2536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:04:39.0280 2536 FltMgr - ok
    18:04:39.0342 2536 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
    18:04:39.0358 2536 FlyUsb - ok
    18:04:39.0389 2536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:04:39.0389 2536 FsDepends - ok
    18:04:39.0405 2536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    18:04:39.0405 2536 Fs_Rec - ok
    18:04:39.0467 2536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:04:39.0467 2536 fvevol - ok
    18:04:39.0498 2536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:04:39.0498 2536 gagp30kx - ok
    18:04:39.0529 2536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:04:39.0529 2536 hcw85cir - ok
    18:04:39.0576 2536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:04:39.0576 2536 HdAudAddService - ok
    18:04:39.0623 2536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:04:39.0623 2536 HDAudBus - ok
    18:04:39.0670 2536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:04:39.0670 2536 HidBatt - ok
    18:04:39.0685 2536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:04:39.0685 2536 HidBth - ok
    18:04:39.0748 2536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:04:39.0748 2536 HidIr - ok
    18:04:39.0826 2536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    18:04:39.0826 2536 HidUsb - ok
    18:04:39.0873 2536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:04:39.0873 2536 HpSAMD - ok
    18:04:39.0919 2536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:04:39.0935 2536 HTTP - ok
    18:04:39.0966 2536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:04:39.0966 2536 hwpolicy - ok
    18:04:40.0029 2536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:04:40.0029 2536 i8042prt - ok
    18:04:40.0044 2536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:04:40.0060 2536 iaStorV - ok
    18:04:40.0075 2536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:04:40.0075 2536 iirsp - ok
    18:04:40.0122 2536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:04:40.0122 2536 intelide - ok
    18:04:40.0138 2536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:04:40.0138 2536 intelppm - ok
    18:04:40.0200 2536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:04:40.0216 2536 IpFilterDriver - ok
    18:04:40.0263 2536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:04:40.0263 2536 IPMIDRV - ok
    18:04:40.0294 2536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:04:40.0294 2536 IPNAT - ok
    18:04:40.0325 2536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:04:40.0325 2536 IRENUM - ok
    18:04:40.0356 2536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:04:40.0356 2536 isapnp - ok
    18:04:40.0387 2536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:04:40.0387 2536 iScsiPrt - ok
    18:04:40.0450 2536 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    18:04:40.0450 2536 ISWKL - ok
    18:04:40.0497 2536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    18:04:40.0497 2536 kbdclass - ok
    18:04:40.0528 2536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    18:04:40.0528 2536 kbdhid - ok
    18:04:40.0575 2536 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    18:04:40.0575 2536 KSecDD - ok
    18:04:40.0606 2536 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:04:40.0621 2536 KSecPkg - ok
    18:04:40.0653 2536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:04:40.0653 2536 ksthunk - ok
    18:04:40.0715 2536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:04:40.0715 2536 lltdio - ok
    18:04:40.0762 2536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:04:40.0762 2536 LSI_FC - ok
    18:04:40.0777 2536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:04:40.0777 2536 LSI_SAS - ok
    18:04:40.0793 2536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:04:40.0793 2536 LSI_SAS2 - ok
    18:04:40.0809 2536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:04:40.0809 2536 LSI_SCSI - ok
    18:04:40.0824 2536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:04:40.0824 2536 luafv - ok
    18:04:40.0855 2536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:04:40.0855 2536 megasas - ok
    18:04:40.0871 2536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:04:40.0871 2536 MegaSR - ok
    18:04:40.0902 2536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:04:40.0902 2536 Modem - ok
    18:04:40.0918 2536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:04:40.0918 2536 monitor - ok
    18:04:40.0965 2536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    18:04:40.0965 2536 mouclass - ok
    18:04:40.0980 2536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:04:40.0980 2536 mouhid - ok
    18:04:41.0027 2536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:04:41.0027 2536 mountmgr - ok
    18:04:41.0043 2536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:04:41.0058 2536 mpio - ok
    18:04:41.0089 2536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:04:41.0089 2536 mpsdrv - ok
    18:04:41.0152 2536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:04:41.0152 2536 MRxDAV - ok
    18:04:41.0199 2536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:04:41.0199 2536 mrxsmb - ok
    18:04:41.0245 2536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:04:41.0245 2536 mrxsmb10 - ok
    18:04:41.0261 2536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:04:41.0277 2536 mrxsmb20 - ok
    18:04:41.0339 2536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:04:41.0339 2536 msahci - ok
    18:04:41.0355 2536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:04:41.0355 2536 msdsm - ok
    18:04:41.0401 2536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:04:41.0401 2536 Msfs - ok
    18:04:41.0433 2536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:04:41.0433 2536 mshidkmdf - ok
    18:04:41.0448 2536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:04:41.0448 2536 msisadrv - ok
    18:04:41.0479 2536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:04:41.0479 2536 MSKSSRV - ok
    18:04:41.0495 2536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:04:41.0495 2536 MSPCLOCK - ok
    18:04:41.0495 2536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:04:41.0511 2536 MSPQM - ok
    18:04:41.0557 2536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:04:41.0573 2536 MsRPC - ok
    18:04:41.0620 2536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:04:41.0620 2536 mssmbios - ok
    18:04:41.0651 2536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:04:41.0651 2536 MSTEE - ok
    18:04:41.0682 2536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:04:41.0682 2536 MTConfig - ok
    18:04:41.0713 2536 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    18:04:41.0713 2536 MTsensor - ok
    18:04:41.0729 2536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:04:41.0729 2536 Mup - ok
    18:04:41.0760 2536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:04:41.0760 2536 NativeWifiP - ok
    18:04:41.0854 2536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:04:41.0869 2536 NDIS - ok
    18:04:41.0901 2536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:04:41.0901 2536 NdisCap - ok
    18:04:41.0932 2536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:04:41.0932 2536 NdisTapi - ok
    18:04:41.0979 2536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:04:41.0979 2536 Ndisuio - ok
    18:04:42.0025 2536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:04:42.0025 2536 NdisWan - ok
    18:04:42.0057 2536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:04:42.0057 2536 NDProxy - ok
    18:04:42.0103 2536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:04:42.0103 2536 NetBIOS - ok
    18:04:42.0150 2536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:04:42.0166 2536 NetBT - ok
    18:04:42.0213 2536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:04:42.0213 2536 nfrd960 - ok
    18:04:42.0291 2536 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
    18:04:42.0291 2536 NPF - ok
    18:04:42.0322 2536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:04:42.0322 2536 Npfs - ok
    18:04:42.0369 2536 NPPTNT2 - ok
    18:04:42.0400 2536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:04:42.0400 2536 nsiproxy - ok
    18:04:42.0462 2536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:04:42.0493 2536 Ntfs - ok
    18:04:42.0509 2536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:04:42.0509 2536 Null - ok
    18:04:42.0743 2536 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:04:42.0805 2536 nvlddmkm - ok
    18:04:42.0852 2536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:04:42.0852 2536 nvraid - ok
    18:04:42.0883 2536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:04:42.0883 2536 nvstor - ok
    18:04:42.0930 2536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:04:42.0930 2536 nv_agp - ok
    18:04:42.0946 2536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:04:42.0946 2536 ohci1394 - ok
    18:04:43.0039 2536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:04:43.0039 2536 Parport - ok
    18:04:43.0086 2536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    18:04:43.0086 2536 partmgr - ok
    18:04:43.0133 2536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:04:43.0133 2536 pci - ok
    18:04:43.0195 2536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:04:43.0195 2536 pciide - ok
    18:04:43.0211 2536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:04:43.0211 2536 pcmcia - ok
    18:04:43.0242 2536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:04:43.0242 2536 pcw - ok
    18:04:43.0273 2536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:04:43.0273 2536 PEAUTH - ok
    18:04:43.0383 2536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:04:43.0383 2536 PptpMiniport - ok
    18:04:43.0414 2536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:04:43.0414 2536 Processor - ok
    18:04:43.0461 2536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:04:43.0461 2536 Psched - ok
    18:04:43.0523 2536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:04:43.0539 2536 ql2300 - ok
    18:04:43.0617 2536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:04:43.0617 2536 ql40xx - ok
    18:04:43.0679 2536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:04:43.0679 2536 QWAVEdrv - ok
    18:04:43.0726 2536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:04:43.0726 2536 RasAcd - ok
    18:04:43.0757 2536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:04:43.0757 2536 RasAgileVpn - ok
    18:04:43.0804 2536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:04:43.0819 2536 Rasl2tp - ok
    18:04:43.0851 2536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:04:43.0851 2536 RasPppoe - ok
    18:04:43.0866 2536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:04:43.0866 2536 RasSstp - ok
    18:04:43.0929 2536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:04:43.0929 2536 rdbss - ok
    18:04:43.0960 2536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:04:43.0960 2536 rdpbus - ok
    18:04:43.0975 2536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:04:43.0975 2536 RDPCDD - ok
    18:04:44.0038 2536 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    18:04:44.0053 2536 RDPDR - ok
    18:04:44.0069 2536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:04:44.0069 2536 RDPENCDD - ok
    18:04:44.0085 2536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:04:44.0085 2536 RDPREFMP - ok
    18:04:44.0147 2536 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    18:04:44.0147 2536 RdpVideoMiniport - ok
    18:04:44.0194 2536 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    18:04:44.0194 2536 RDPWD - ok
    18:04:44.0256 2536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:04:44.0256 2536 rdyboost - ok
    18:04:44.0319 2536 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    18:04:44.0319 2536 RimUsb - ok
    18:04:44.0350 2536 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
    18:04:44.0350 2536 RivaTuner64 - ok
    18:04:44.0412 2536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:04:44.0412 2536 rspndr - ok
    18:04:44.0443 2536 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:04:44.0443 2536 RTL8167 - ok
    18:04:44.0475 2536 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    18:04:44.0475 2536 s3cap - ok
    18:04:44.0553 2536 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:04:44.0553 2536 SASDIFSV - ok
    18:04:44.0553 2536 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:04:44.0553 2536 SASKUTIL - ok
    18:04:44.0646 2536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:04:44.0662 2536 sbp2port - ok
    18:04:44.0709 2536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:04:44.0709 2536 scfilter - ok
    18:04:44.0787 2536 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
    18:04:44.0787 2536 ScreamBAudioSvc - ok
    18:04:44.0818 2536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:04:44.0818 2536 secdrv - ok
    18:04:44.0865 2536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:04:44.0865 2536 Serenum - ok
    18:04:44.0880 2536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:04:44.0880 2536 Serial - ok
    18:04:44.0927 2536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:04:44.0927 2536 sermouse - ok
    18:04:45.0005 2536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:04:45.0005 2536 sffdisk - ok
    18:04:45.0021 2536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:04:45.0021 2536 sffp_mmc - ok
    18:04:45.0036 2536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:04:45.0036 2536 sffp_sd - ok
    18:04:45.0067 2536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:04:45.0067 2536 sfloppy - ok
    18:04:45.0099 2536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:04:45.0099 2536 SiSRaid2 - ok
    18:04:45.0114 2536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:04:45.0114 2536 SiSRaid4 - ok
    18:04:45.0145 2536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:04:45.0145 2536 Smb - ok
    18:04:45.0177 2536 speedfan - ok
    18:04:45.0208 2536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:04:45.0208 2536 spldr - ok
    18:04:45.0270 2536 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
    18:04:45.0286 2536 sptd - ok
    18:04:45.0333 2536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:04:45.0333 2536 srv - ok
    18:04:45.0395 2536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:04:45.0411 2536 srv2 - ok
    18:04:45.0457 2536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:04:45.0457 2536 srvnet - ok
    18:04:45.0582 2536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:04:45.0582 2536 stexstor - ok
    18:04:45.0645 2536 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    18:04:45.0645 2536 storflt - ok
    18:04:45.0660 2536 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    18:04:45.0660 2536 storvsc - ok
    18:04:45.0707 2536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:04:45.0707 2536 swenum - ok
    18:04:45.0738 2536 Synth3dVsc - ok
    18:04:45.0832 2536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    18:04:45.0863 2536 Tcpip - ok
    18:04:45.0941 2536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    18:04:45.0957 2536 TCPIP6 - ok
    18:04:46.0003 2536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:04:46.0003 2536 tcpipreg - ok
    18:04:46.0050 2536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:04:46.0050 2536 TDPIPE - ok
    18:04:46.0066 2536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    18:04:46.0066 2536 TDTCP - ok
    18:04:46.0113 2536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:04:46.0113 2536 tdx - ok
    18:04:46.0159 2536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:04:46.0175 2536 TermDD - ok
    18:04:46.0237 2536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:04:46.0237 2536 tssecsrv - ok
    18:04:46.0269 2536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:04:46.0269 2536 TsUsbFlt - ok
    18:04:46.0300 2536 tsusbhub - ok
    18:04:46.0347 2536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:04:46.0347 2536 tunnel - ok
    18:04:46.0378 2536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:04:46.0378 2536 uagp35 - ok
    18:04:46.0440 2536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:04:46.0440 2536 udfs - ok
    18:04:46.0518 2536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:04:46.0518 2536 uliagpkx - ok
    18:04:46.0549 2536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:04:46.0549 2536 umbus - ok
    18:04:46.0581 2536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:04:46.0581 2536 UmPass - ok
    18:04:46.0612 2536 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    18:04:46.0627 2536 usbaudio - ok
    18:04:46.0659 2536 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
    18:04:46.0659 2536 usbbus - ok
    18:04:46.0721 2536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:04:46.0721 2536 usbccgp - ok
    18:04:46.0752 2536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:04:46.0752 2536 usbcir - ok
    18:04:46.0815 2536 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
    18:04:46.0815 2536 UsbDiag - ok
    18:04:46.0830 2536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:04:46.0830 2536 usbehci - ok
    18:04:46.0861 2536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:04:46.0877 2536 usbhub - ok
    18:04:46.0924 2536 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
    18:04:46.0924 2536 USBModem - ok
    18:04:46.0939 2536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    18:04:46.0939 2536 usbohci - ok
    18:04:47.0002 2536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:04:47.0002 2536 usbprint - ok
    18:04:47.0033 2536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:04:47.0033 2536 USBSTOR - ok
    18:04:47.0049 2536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:04:47.0049 2536 usbuhci - ok
    18:04:47.0095 2536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:04:47.0095 2536 vdrvroot - ok
    18:04:47.0127 2536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:04:47.0127 2536 vga - ok
    18:04:47.0158 2536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:04:47.0158 2536 VgaSave - ok
    18:04:47.0158 2536 VGPU - ok
    18:04:47.0205 2536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:04:47.0205 2536 vhdmp - ok
    18:04:47.0267 2536 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
    18:04:47.0283 2536 VIAHdAudAddService - ok
    18:04:47.0329 2536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:04:47.0345 2536 viaide - ok
    18:04:47.0376 2536 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    18:04:47.0392 2536 vmbus - ok
    18:04:47.0407 2536 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    18:04:47.0407 2536 VMBusHID - ok
    18:04:47.0454 2536 vmcam326av (08cced76883b1a2302e5a01121c76414) C:\Windows\system32\Drivers\vmcam326av.sys
    18:04:47.0454 2536 vmcam326av - ok
    18:04:47.0501 2536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:04:47.0501 2536 volmgr - ok
    18:04:47.0563 2536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:04:47.0563 2536 volmgrx - ok
    18:04:47.0595 2536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:04:47.0595 2536 volsnap - ok
    18:04:47.0641 2536 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
    18:04:47.0641 2536 Vsdatant - ok
    18:04:47.0688 2536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:04:47.0688 2536 vsmraid - ok
    18:04:47.0735 2536 vvftav (fdbed56781e036769a2bc4badd754689) C:\Windows\system32\drivers\vvftav.sys
    18:04:47.0735 2536 vvftav - ok
    18:04:47.0751 2536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:04:47.0751 2536 vwifibus - ok
    18:04:47.0782 2536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:04:47.0782 2536 WacomPen - ok
    18:04:47.0844 2536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:04:47.0860 2536 WANARP - ok
    18:04:47.0860 2536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:04:47.0860 2536 Wanarpv6 - ok
    18:04:47.0938 2536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:04:47.0938 2536 Wd - ok
    18:04:47.0953 2536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:04:47.0969 2536 Wdf01000 - ok
    18:04:48.0016 2536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:04:48.0016 2536 WfpLwf - ok
    18:04:48.0047 2536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:04:48.0047 2536 WIMMount - ok
    18:04:48.0109 2536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:04:48.0109 2536 WmiAcpi - ok
    18:04:48.0141 2536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:04:48.0141 2536 ws2ifsl - ok
    18:04:48.0234 2536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:04:48.0234 2536 WudfPf - ok
    18:04:48.0265 2536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:04:48.0265 2536 WUDFRd - ok
    18:04:48.0343 2536 ZD1211U(Linksys) (6b7d88060a9c8da58b4b1113da6835c8) C:\Windows\system32\DRIVERS\zd1211u.sys
    18:04:48.0343 2536 ZD1211U(Linksys) - ok
    18:04:48.0359 2536 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    18:04:48.0390 2536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:04:48.0390 2536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:04:48.0421 2536 Boot (0x1200) (37bceb1cc39c46ca817a78f4928e5df0) \Device\Harddisk0\DR0\Partition0
    18:04:48.0421 2536 \Device\Harddisk0\DR0\Partition0 - ok
    18:04:48.0421 2536 Boot (0x1200) (57f1b1ccb9ca3a3e7562b5fc2f8893f6) \Device\Harddisk0\DR0\Partition1
    18:04:48.0421 2536 \Device\Harddisk0\DR0\Partition1 - ok
    18:04:48.0421 2536 ============================================================
    18:04:48.0421 2536 Scan finished
    18:04:48.0421 2536 ============================================================
    18:04:48.0437 3084 Detected object count: 1
    18:04:48.0437 3084 Actual detected object count: 1
    18:04:56.0908 3084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
    18:04:56.0908 3084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

  7. #7
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi pallmall,

    Thank you for the logs and feedback. I am afraid I have some bad news for you.

    Rootkit Warning

    Your computer shows signs of multiple infections, including a Rootkit infection.
    A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

    You are strongly advised to do the following:
    • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
      and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
    • From a clean computer, change all your passwords
      (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
      Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
    • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.


    Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
    Many experts in the security community believe that, once infected with this type of malware, the best course of action would be to do a reformat and re-installation of the operating system (OS).

    This decision will have to be made by you.

    An attempt can be made to clean this machine but there will be no guarantee that it won't still be compromised, afterwards.

    Guide to re-formatting and re-installing courtesy of wng_z3r0.

    To help you decide, please take some time to read the following articles:

    What are Remote Access Trojans and why are they dangerous
    How do I respond to a possible identity theft and how do I prevent it
    When should I re-format and reinstall my OS
    How and Where to backup your files
    Restoring your backups

    Please let me know how you intend to proceed.

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #8
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default

    Damn!
    Was afraid that may be the case. I would like to cleanse this p/c if at all possible. I have some things installed which I can no longer reinstall and personal data saved that I would like to keep in tact.

    If you're still up for the challenge, I am ready to keep trying.

    Thanks again.

  9. #9
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi pallmall,

    Firstly, you have already been advised to backup all your data. Please refer to my initial post.

    Quote Originally Posted by Scolabar
    Before proceeding with any further instructions please make sure you backup your data.
    I cannot guarantee that the cleanup process will work as already stated:
    Quote Originally Posted by Scolabar
    An attempt can be made to clean this machine but there will be no guarantee that it won't still be compromised, afterwards.
    In addition there is always the possibility that the computer could be rendered unbootable and all data lost. I can make no guarantees.

    If you are happy acknowledge this and have backed up your data please continue with the rest of the instructions.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    Company-Owned Computer?

    Entries in the log provided lead me to believe this may be a company-owned computer.
    Please confirm whether or not this computer is a company owned computer, a computer used for business or connected to a business network.
    If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

    Step 2:
    MGA Diagnostics

    1. Please download this tool from Microsoft and Save it to your Desktop.
    2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Click on the Continue button to proceed.
    4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
    5. When it has finished click on the Copy button.
    6. Click on Start and then click on the Start Search box in the Start Menu.
    7. Copy and Paste the following value into the open text entry box:

      notepad

    8. Then click on the magnifying glass symbol or press Enter.
    9. This will open an empty Notepad file.
    10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
    11. Click on the OK button to exit the MGA Diagnostics program.
    12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

    Step 3:
    CKScanner

    1. Please download CKScanner and Save it to your Desktop.
      Make sure that CKScanner.exe is on your Desktop before running the application!
    2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Then click on the Search For Files button.
    4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
      A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
      Note: Please run the program ONCE only.
    5. Click on the Exit button to close the program.
    6. Double-click on the ckfiles.txt file to open it.
    7. Then Copy and Paste the entire contents of the file into your next reply.

    Step 4:
    Include in Next Post

    1. Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
    2. mgadiag.txt.
    3. ckfiles.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Last edited by Scolabar; 2012-02-06 at 15:53.
    Malware Removal University - You too could train to help others

  10. #10
    Junior Member
    Join Date
    Feb 2012
    Posts
    7

    Default

    Alright, have many gigs of data to transfer. Will take most the day to sort out which files I want/need as well as zipping and making clones of installed files to work from the portable hdd.

    This is a personal computer. Mainly used as my gaming/media center pc.

    Will post logs back soon, after I save some things.

    Thanks,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •