PDA

View Full Version : Win7Ult.BadlyInfected Last Resort Before Reformat



pallmall
2012-02-01, 07:40
Alright, First symptoms were slow running p/c, popups on Firefox etc. Hours later I was constantly being redirected and could not run any .exe files. On a restart, very long bootup time, booted into windows with all icons gone, start list empty and all other folders were empty (did research, files are still here, just have all been changed to be hidden), also a fake cleaner claiming RAM and HDD errors popped up. Ran and updated Spybot, Mbam and SAS and restarted pc. The fake cleaner is gone now, but symptoms have just gotten worse. Mbam no longer runs. Cannot reinstall any programs (access denied) even as administrator and in safe mode, and even after running rkill. Also, before running dds, I tried to disable teatimer, but again access is denied. I am on the verge of reformatting as usually I can fix these problems myself, but I would really prefer not to. I know I am horribly infected and any help or suggestions would be absolutely welcome. Thanks~

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 21:22:17 on 2012-01-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1700 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TeamSpeak Update] rundll32
uRun: [DirectxBackupUpdate] rundll32.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 75.75.75.75 75.75.76.76
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111009&q=
FF - prefs.js: network.proxy.ftp - :
FF - prefs.js: network.proxy.http - :
FF - prefs.js: network.proxy.socks - :
FF - prefs.js: network.proxy.ssl - :
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.hardId - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:27:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.funmoods_i.instlDay - 15368
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.12:32:00
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-01 05:10:31 20480 ----a-w- C:\Windows\svchost.exe
2012-02-01 05:10:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-01 04:56:43 -------- d-----w- C:\brandon.exe
2012-02-01 00:52:27 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2012-02-01 00:52:23 -------- d-----w- C:\ProgramData\!SASCORE
2012-02-01 00:52:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-01 00:41:35 98816 ----a-w- C:\Windows\sed.exe
2012-02-01 00:41:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-01 00:41:35 256000 ----a-w- C:\Windows\PEV.exe
2012-02-01 00:41:35 208896 ----a-w- C:\Windows\MBR.exe
2012-01-31 23:46:59 -------- d--h--w- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
2012-01-31 07:35:30 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
2012-01-31 07:35:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C156.tmp
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C155.tmp
2012-01-30 18:11:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
2012-01-30 18:11:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
2012-01-30 05:10:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
2012-01-30 05:10:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
2012-01-29 18:57:32 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
2012-01-29 10:38:25 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-01-29 10:38:25 497664 ---ha-w- C:\Windows\SysWow64\ac3filter.acm
2012-01-29 10:38:25 -------- d--h--w- C:\Program Files (x86)\AC3Filter
2012-01-29 10:27:54 -------- d--h--w- C:\Users\Brandon\AppData\Local\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\Users\Brandon\AppData\Roaming\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\ProgramData\Babylon
2012-01-28 19:43:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
2012-01-28 19:43:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
2012-01-28 06:32:34 -------- d--h--w- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
2012-01-28 06:32:24 -------- d--h--w- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
2012-01-26 19:21:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
2012-01-26 19:20:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
2012-01-26 05:38:10 -------- d--h--w- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
2012-01-26 05:38:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
2012-01-25 23:21:20 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
2012-01-25 07:55:30 -------- d--h--w- C:\Users\Brandon\riotsGamesLogs
2012-01-24 23:57:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
2012-01-24 23:57:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
2012-01-23 21:48:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
2012-01-23 21:47:56 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
2012-01-23 04:06:43 -------- d--h--w- C:\Program Files (x86)\MSECache
2012-01-23 01:50:21 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
2012-01-22 01:13:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
2012-01-22 01:13:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
2012-01-19 21:25:40 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
2012-01-19 21:17:48 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
2012-01-19 20:29:57 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
2012-01-18 17:44:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
2012-01-18 17:44:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
2012-01-17 15:27:56 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{073D1B73-1554-47FD-8235-A630DA92A708}\mpengine.dll
2012-01-16 17:12:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
2012-01-16 17:12:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
2012-01-15 18:05:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
2012-01-15 18:05:41 -------- d--h--w- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
2012-01-14 19:05:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
2012-01-14 19:04:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
2012-01-14 04:47:11 -------- d--h--w- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
2012-01-14 04:47:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
2012-01-13 02:58:31 -------- d-----w- C:\Windows\System32\appmgmt
2012-01-13 01:56:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
2012-01-13 01:55:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
2012-01-12 13:02:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
2012-01-12 13:01:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
2012-01-11 21:42:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
2012-01-11 21:42:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
2012-01-11 05:09:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 05:09:24 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 05:09:24 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 05:09:24 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 05:09:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 05:09:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 05:09:20 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 05:09:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 05:04:39 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
2012-01-11 05:04:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
2012-01-09 08:10:01 626688 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 08:10:01 548864 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 08:10:01 479232 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 08:10:01 43992 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 07:13:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
2012-01-09 07:13:04 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
2012-01-08 01:01:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
2012-01-08 01:01:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
2012-01-06 23:47:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
2012-01-06 23:47:43 -------- d--h--w- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
2012-01-05 23:06:50 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8FDA20A3-EB9E-4E71-AF26-792F5C621314}
2012-01-05 23:06:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A84B1332-E094-417E-BBB4-A62D4DD0CB97}
2012-01-04 20:02:16 -------- d--h--w- C:\Users\Brandon\AppData\Local\{CE0C63B0-C87E-4061-A89B-B3AF35AC49F0}
2012-01-04 20:02:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F3AF0FC6-C962-4FFD-9D32-A3433B217F29}
2012-01-04 00:05:58 -------- d--h--w- C:\Users\Brandon\AppData\Local\{B1B03262-B741-4A85-9F51-D0CACFF54217}
2012-01-04 00:05:47 -------- d--h--w- C:\Users\Brandon\AppData\Local\{9B7879EE-6CBC-4CEE-A8E0-08E59D4A0DFE}
2012-01-02 18:50:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1DE8E51-2AB0-4767-B961-7C184C8D8DFE}
2012-01-02 18:50:08 -------- d--h--w- C:\Users\Brandon\AppData\Local\{165FB7F3-502B-493F-AD63-3CD2F82D52E4}
.
==================== Find3M ====================
.
2011-12-27 12:36:36 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-13 12:18:55 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-12 19:18:20 24576 ----a-w- C:\Windows\System32\drivers\FlyUsb.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:24:40.31 ===============

Scolabar
2012-02-04, 13:34
Hi pallmall,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator (http://support.microsoft.com/kb/922708)


Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

Scolabar
2012-02-04, 14:38
Hi pallmall,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Disable Spybot S&D Teatimer

From the log(s) you have provided I can see that Spybot S&D Teatimer is active. This might interfere with any fixes we attempt to run so we need to disable it.

Right-click on the Spybot S&D desktop icon and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Select Mode > Advanced Mode.
In the Warning pop-up window click on the Yes button to continue.
Towards the bottom of the left-hand pane, click on the Tools option.
Then click on the Resident option under the expanded Tools sub-menu.
If you receive a firewall alert message, click on theOK button to continue.
Under the main Resident protection status frame, Uncheck the Resident "TeaTimer"(Protection of over-all system settings) active checkbox.
Click on the OK button to accept the change to the setting.
Then select File > Exit to quit the Spybot S&D program.
Reboot the computer to apply the changes.
Step 2:
DeFogger

We need to disable the active CD Emulation drivers as they will almost certainly interfere with the cleanup process.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) by jpshortstuff and save it to your Desktop.
Right-click on DeFogger.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
When the application window appears click on the Disable button to disable your CD Emulation drivers.
Click on the Yes button to continue.
When the Finished! message appears click on the OK button.
Then click on the OK button when DeFogger asks to reboot the machine.
Please do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.

Step 3:
OTL - Scan

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer. Save it to your Desktop.
Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Tick the LOP Check and Purity Check checkboxes.
Also make sure the Include 64bit Scans checkbox is ticked.
Note: Please leave the remaining selections on the default settings.
Click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
OTL.txt <-- Will be opened, maximized.
Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 4:
TDSSKiller - Scan

Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky and save it to your Desktop. <-- Important!!!
Right-click on TDSSKiller.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
If TDSSKiller does not run, try renaming the program file. Right-click on TDSSKiller.exe, select the Rename option and give the program a random name with the .com file extension (i.e. ektfhtw.com).
If you cannot see file extensions, please refer to: How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
Click the Start Scan button. Do not use the computer during the scan!
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller.
The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.
PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

Step 5:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL.exe.
Extras.txt.
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

pallmall
2012-02-05, 04:38
Scolabar, thank you for the hasty reply. This machine is still in need of care. I am glad you will be assisting me in (hopefully) getting this resolved! Thanks so much!

1. No problems with any of the instructions. (see Error when disabling TeaTimer)
2. Think your post means. OTL.txt, not OTL.exe ^_^. <a href="#otl.txt">OTL.txt</a> is below.
3. <a href="#extras.txt">Extras.txt</a> is below.
4. <a href="#tdsskiller.txt">TDSSKiller.txt</a>
5. I do have the Windows disks.



Followed your directions to disable TeaTimer
recieved the following Error
Cannot create file "C:\ProgramData\Spybot - Search & Destroy\Configuration.ini". Access is denied
Disabled TeaTimer.
Rebooted.

Ran Defogger.
No Errors. Did gen log.
Rebooted.

<a name="otl.txt">OTL.txt</a>

OTL logfile created on: 2/4/2012 5:45:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 66.76% Memory free
8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 95.32 Gb Free Space | 20.47% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 17:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
PRC - [2012/02/01 04:09:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/08/20 07:43:08 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/21 06:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/07 00:03:52 | 000,075,064 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/18 00:26:14 | 002,435,592 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 00:24:50 | 001,043,968 | -H-- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/03 15:59:00 | 000,240,232 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/06 10:58:38 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2005/06/15 17:04:48 | 000,529,920 | -H-- | M] () -- C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 04:09:29 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 09:19:06 | 008,500,224 | -H-- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | -H-- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | -H-- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | -H-- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 00:50:20 | 000,024,576 | RH-- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - [2011/02/15 07:26:18 | 000,822,264 | -H-- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/06/29 09:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/12 11:21:58 | 006,141,792 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/20 07:43:08 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/02 18:33:37 | 000,411,432 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/01 13:19:00 | 004,045,688 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/04/21 06:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/07 00:03:52 | 000,075,064 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/18 00:26:14 | 002,435,592 | -H-- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/25 09:07:20 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/03 15:59:00 | 000,240,232 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 10:58:38 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/06/15 17:04:48 | 000,529,920 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe -- (NICSer_WUSBF54G)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/27 04:36:36 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/12 11:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2011/08/20 07:43:09 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/20 07:43:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 07:25:38 | 000,033,528 | -H-- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/27 16:17:07 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 10:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 10:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/08/17 03:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/13 04:56:49 | 000,122,624 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmcam326av.sys -- (vmcam326av)
DRV:64bit: - [2007/04/13 04:56:49 | 000,104,192 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav.sys -- (vvftav)
DRV:64bit: - [2005/08/15 14:49:48 | 000,351,616 | ---- | M] (Linksys, A Division of Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZD1211U.sys -- (ZD1211U(Linksys)) Linksys Wireless-G USB Network Adapter Driver(Linksys)
DRV - [2010/05/15 12:25:27 | 000,019,952 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 10:27:46 | 000,014,104 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/01/03 16:43:08 | 000,004,682 | -H-- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]

IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 C4 70 02 7E CC CC 01 [binary data]
IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 5C 1E 14 41 E9 B5 41 85 94 EB C9 D9 FC 47 53 [binary data]
IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/09/03 16:43:49 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/09/03 16:12:07 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/01 04:09:30 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/21 22:06:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2012/02/04 17:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions
[2012/01/16 12:18:10 | 000,000,000 | -H-D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/12/24 03:10:59 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/13 20:55:09 | 000,000,000 | -H-D | M] (Flash and Video Download) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/01/29 02:16:46 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/29 10:57:39 | 000,000,000 | -H-D | M] (Funmoods.com) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\extensions\ffxtlbr@funmoods.com
[2011/08/31 10:42:48 | 000,000,939 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\searchplugins\conduit.xml
[2012/01/29 02:31:56 | 000,001,800 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\searchplugins\funmoods.xml
[2011/08/24 00:23:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\BRANDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B1SW9J6Q.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012/02/01 04:09:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 02:27:55 | 000,002,310 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/09 12:32:59 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 19:16:35 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/10 00:08:01 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/02/01 04:55:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-545903267-2311813859-710853934-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [DirectxBackupUpdate] rundll32.exe File not found
O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-545903267-2311813859-710853934-1000..\Run: [TeamSpeak Update] rundll32 File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 17:43:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/02/01 04:55:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/02/01 04:55:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 04:43:49 | 000,000,000 | ---D | C] -- C:\brandon.exe
[2012/01/31 21:06:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/31 16:52:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/31 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/31 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2012/01/31 16:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/31 16:41:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/31 16:41:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/31 16:41:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/31 15:46:59 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
[2012/01/30 23:35:30 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
[2012/01/30 23:35:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
[2012/01/30 19:37:31 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2012/01/30 10:11:29 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
[2012/01/30 10:11:18 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
[2012/01/29 21:10:49 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
[2012/01/29 21:10:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
[2012/01/29 10:57:32 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
[2012/01/29 02:38:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012/01/29 02:38:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\AC3Filter
[2012/01/29 02:27:54 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\Babylon
[2012/01/29 02:27:51 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Roaming\Babylon
[2012/01/29 02:27:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2012/01/28 11:43:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
[2012/01/28 11:43:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
[2012/01/27 22:32:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
[2012/01/27 22:32:24 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
[2012/01/26 11:21:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
[2012/01/26 11:20:49 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
[2012/01/25 21:38:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
[2012/01/25 21:38:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
[2012/01/25 15:21:20 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
[2012/01/24 23:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\riotsGamesLogs
[2012/01/24 15:57:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
[2012/01/24 15:57:03 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
[2012/01/23 13:48:06 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
[2012/01/23 13:47:56 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
[2012/01/22 20:07:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/01/22 20:06:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\MSECache
[2012/01/22 19:53:51 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Desktop\Traveler's
[2012/01/22 17:50:21 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
[2012/01/21 17:13:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
[2012/01/21 17:13:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
[2012/01/19 13:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
[2012/01/19 13:17:48 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
[2012/01/19 12:29:57 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
[2012/01/18 09:44:29 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
[2012/01/18 09:44:17 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
[2012/01/16 09:12:38 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
[2012/01/16 09:12:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
[2012/01/15 10:05:53 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
[2012/01/15 10:05:41 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
[2012/01/14 11:05:05 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
[2012/01/14 11:04:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
[2012/01/13 20:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
[2012/01/13 20:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
[2012/01/12 18:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/01/12 17:56:03 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
[2012/01/12 17:55:53 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
[2012/01/12 05:02:06 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
[2012/01/12 05:01:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
[2012/01/11 13:42:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
[2012/01/11 13:42:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
[2012/01/10 21:09:24 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 21:09:24 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 21:09:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 21:09:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 21:09:22 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 21:09:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 21:09:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 21:04:39 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
[2012/01/10 21:04:28 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
[2012/01/10 03:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Roaming\dvdcss
[2012/01/08 23:13:17 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
[2012/01/08 23:13:04 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
[2012/01/07 17:01:25 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
[2012/01/07 17:01:14 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
[2012/01/06 15:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
[2012/01/06 15:47:43 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 17:48:40 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:48:40 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/02/04 17:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 17:41:06 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 17:40:06 | 000,000,188 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
[2012/02/04 17:39:40 | 000,050,477 | ---- | M] () -- C:\Users\Brandon\Desktop\Defogger(1).exe
[2012/02/01 05:01:42 | 409,087,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/01 04:55:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 04:43:28 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\brandon.exe.exe
[2012/02/01 01:07:23 | 000,000,794 | ---- | M] () -- C:\Users\Brandon\Desktop\lol.launcher - Shortcut.lnk
[2012/01/31 16:52:23 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/31 16:51:04 | 000,001,122 | ---- | M] () -- C:\Users\Brandon\Desktop\ComboFix - Shortcut.lnk
[2012/01/31 16:27:21 | 000,000,677 | -H-- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/29 02:32:00 | 000,000,287 | -H-- | M] () -- C:\user.js
[2012/01/27 03:59:40 | 000,007,605 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg
[2012/01/23 13:57:40 | 000,000,565 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\myMPQ.ini
[2012/01/22 19:50:38 | 000,001,946 | -H-- | M] () -- C:\Users\Brandon\Documents\Traveler'sCL.rtf
[2012/01/12 18:59:43 | 000,003,589 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\bbd0cb76
[2012/01/12 18:59:43 | 000,003,554 | -H-- | M] () -- C:\Users\Brandon\AppData\Roaming\ab1db9f0
[2012/01/12 18:59:43 | 000,003,553 | -H-- | M] () -- C:\ProgramData\ed7240f2
[2012/01/11 03:03:13 | 000,739,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 03:03:13 | 000,623,994 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 03:03:13 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 05:01:29 | 000,001,046 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\fb3171ly5igb78n40r732cc5y4n4eioea100powc8a52lr
[2012/01/06 23:27:06 | 000,001,398 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\vay3y2g8qcaa
[2012/01/06 06:22:38 | 000,001,738 | -H-- | M] () -- C:\Users\Brandon\Desktop\Diablo II - Lord of Destruction.lnk
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 17:40:06 | 000,000,188 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
[2012/02/04 17:39:39 | 000,050,477 | ---- | C] () -- C:\Users\Brandon\Desktop\Defogger(1).exe
[2012/02/01 01:07:23 | 000,000,794 | ---- | C] () -- C:\Users\Brandon\Desktop\lol.launcher - Shortcut.lnk
[2012/01/31 16:52:23 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/31 16:51:04 | 000,001,122 | ---- | C] () -- C:\Users\Brandon\Desktop\ComboFix - Shortcut.lnk
[2012/01/31 16:48:10 | 409,087,456 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/31 16:41:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 16:41:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 16:41:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 16:41:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 16:41:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 16:27:21 | 000,000,677 | -H-- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/29 02:38:25 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2012/01/29 02:38:25 | 000,497,664 | -H-- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2012/01/29 02:28:00 | 000,000,287 | -H-- | C] () -- C:\user.js
[2012/01/22 19:50:38 | 000,001,946 | -H-- | C] () -- C:\Users\Brandon\Documents\Traveler'sCL.rtf
[2012/01/12 18:46:31 | 000,003,589 | -H-- | C] () -- C:\Users\Brandon\AppData\Local\bbd0cb76
[2012/01/12 18:46:31 | 000,003,554 | -H-- | C] () -- C:\Users\Brandon\AppData\Roaming\ab1db9f0
[2012/01/12 18:46:31 | 000,003,553 | -H-- | C] () -- C:\ProgramData\ed7240f2
[2012/01/08 05:01:29 | 000,001,046 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\fb3171ly5igb78n40r732cc5y4n4eioea100powc8a52lr
[2012/01/06 23:27:06 | 000,001,398 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\vay3y2g8qcaa
[2012/01/05 15:58:17 | 000,000,916 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\20phjt65e281mp7fe2cyy27v2i6a06720ngv0433d7pe80
[2012/01/05 00:43:44 | 000,001,342 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\lbe80ph44tc2chkjmuip775027e8ksj025p55hjqcb1
[2012/01/04 06:25:49 | 000,001,198 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\ree24xd02my3dxefbwxo168475b6gan804q08pmkeg0
[2011/12/27 05:03:10 | 000,000,565 | -H-- | C] () -- C:\Users\Brandon\AppData\Roaming\myMPQ.ini
[2011/10/12 21:05:03 | 000,007,605 | -H-- | C] () -- C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg
[2011/06/29 00:29:09 | 000,037,137 | -H-- | C] () -- C:\Windows\DIIUnin.dat
[2011/04/07 00:03:45 | 000,189,480 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/07 00:03:44 | 000,075,064 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/07 00:03:43 | 003,360,624 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/06/25 09:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/24 23:42:13 | 000,138,752 | -H-- | C] () -- C:\Windows\VM303Uninst64.exe
[2010/05/24 23:42:13 | 000,073,728 | -H-- | C] () -- C:\Windows\VMInstNT.exe
[2010/05/24 23:42:13 | 000,069,632 | -H-- | C] () -- C:\Windows\VMInst64.exe
[2010/05/24 23:42:13 | 000,040,960 | -H-- | C] () -- C:\Windows\VM303UninstNT.exe
[2010/05/16 13:48:01 | 000,000,262 | -H-- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/15 00:05:29 | 000,165,376 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/05/15 00:05:28 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini
[2010/05/15 00:05:24 | 000,881,664 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/15 00:05:24 | 000,205,824 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/15 00:05:19 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/14 22:26:11 | 000,024,576 | RH-- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/14 22:26:11 | 000,013,368 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/14 22:26:09 | 000,011,832 | -H-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/05/14 22:26:09 | 000,010,216 | -H-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/05/14 22:24:09 | 000,036,616 | -H-- | C] () -- C:\Windows\Ascd_log.ini
[2010/05/14 22:23:41 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini
[2010/05/14 22:23:37 | 000,030,017 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/10/08 19:17:54 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\AnvSoft
[2012/01/29 02:27:51 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Babylon
[2010/05/15 11:39:34 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\CheckPoint
[2012/01/26 11:20:33 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\DAEMON Tools Lite
[2011/03/27 18:21:17 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\LolClient
[2011/09/30 18:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\PhotoScape
[2011/12/16 05:15:48 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\RIFT
[2011/12/10 01:20:25 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Screaming Bee
[2011/10/10 19:36:15 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\TS3Client
[2011/10/03 20:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\ts3overlay
[2011/09/25 16:25:29 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Unity
[2011/09/22 23:44:49 | 000,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\Wireshark
[2011/12/04 03:17:55 | 000,032,638 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

pallmall
2012-02-05, 04:39
<a name="extras.txt">Extras.txt</a>


OTL Extras logfile created on: 2/4/2012 5:45:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 66.76% Memory free
8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 95.32 Gb Free Space | 20.47% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2DEFE25-83D8-55D0-AF90-BF25ED8360DA}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3095C241-9622-48D8-BE8C-69AC80C51D24}" = HP Webcam
"{327C4E4D-7DB9-44F8-85F1-833C03E9E51A}" = Linksys Wireless Network Monitor
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
"{8f46b3c5-6a2a-4c6b-a2e5-ffaf1df8b3d8}" = Nero 9 Essentials
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E5F27DA8-48D3-4A46-AD83-26F42F5DA54D}" = ArcSoft VideoImpression 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AmazingMIDI" = AmazingMIDI
"Anarchy Online_is1" = Anarchy Online
"Any Video Converter_is1" = Any Video Converter 3.2.7
"ArtMoney SE_is1" = ArtMoney SE v7.36.2
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Chord Pickout" = Chord Pickout 2.0
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"EGREEN" = ASUS E-Green Uninstall
"E-Hammer1.0.0" = E-Hammer
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V1.03
"StarCraft II" = StarCraft II
"Steam App 13140" = America's Army 3
"SystemRequirementsLab" = System Requirements Lab
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"World of Warcraft" = World of Warcraft
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-545903267-2311813859-710853934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

pallmall
2012-02-05, 04:39
<a name="tdsskiller.txt">TDSSKiller.txt</a>

17:57:51.0293 2684 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
17:57:51.0932 2684 ============================================================
17:57:51.0932 2684 Current date / time: 2012/02/04 17:57:51.0932
17:57:51.0932 2684 SystemInfo:
17:57:51.0932 2684
17:57:51.0932 2684 OS Version: 6.1.7601 ServicePack: 1.0
17:57:51.0932 2684 Product type: Workstation
17:57:51.0932 2684 ComputerName: BRANDON-PC
17:57:51.0932 2684 UserName: Brandon
17:57:51.0932 2684 Windows directory: C:\Windows
17:57:51.0932 2684 System windows directory: C:\Windows
17:57:51.0932 2684 Running under WOW64
17:57:51.0932 2684 Processor architecture: Intel x64
17:57:51.0932 2684 Number of processors: 2
17:57:51.0932 2684 Page size: 0x1000
17:57:51.0932 2684 Boot type: Normal boot
17:57:51.0932 2684 ============================================================
17:57:52.0775 2684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:52.0790 2684 \Device\Harddisk0\DR0:
17:57:52.0790 2684 MBR used
17:57:52.0790 2684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:57:52.0790 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:57:52.0822 2684 Initialize success
17:57:52.0822 2684 ============================================================
18:04:35.0582 2536 ============================================================
18:04:35.0582 2536 Scan started
18:04:35.0582 2536 Mode: Manual;
18:04:35.0582 2536 ============================================================
18:04:36.0238 2536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:04:36.0238 2536 1394ohci - ok
18:04:36.0300 2536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:04:36.0316 2536 ACPI - ok
18:04:36.0331 2536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:04:36.0331 2536 AcpiPmi - ok
18:04:36.0394 2536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:04:36.0394 2536 adp94xx - ok
18:04:36.0425 2536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:04:36.0425 2536 adpahci - ok
18:04:36.0441 2536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:04:36.0441 2536 adpu320 - ok
18:04:36.0519 2536 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:04:36.0534 2536 AFD - ok
18:04:36.0581 2536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:04:36.0597 2536 agp440 - ok
18:04:36.0628 2536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:04:36.0628 2536 aliide - ok
18:04:36.0659 2536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:04:36.0675 2536 amdide - ok
18:04:36.0721 2536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:04:36.0721 2536 AmdK8 - ok
18:04:36.0753 2536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:04:36.0753 2536 AmdPPM - ok
18:04:36.0799 2536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:04:36.0799 2536 amdsata - ok
18:04:36.0815 2536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:04:36.0815 2536 amdsbs - ok
18:04:36.0846 2536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:04:36.0846 2536 amdxata - ok
18:04:36.0987 2536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:04:36.0987 2536 AppID - ok
18:04:37.0033 2536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:04:37.0033 2536 arc - ok
18:04:37.0049 2536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:04:37.0049 2536 arcsas - ok
18:04:37.0065 2536 AsIO - ok
18:04:37.0080 2536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:37.0080 2536 AsyncMac - ok
18:04:37.0127 2536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:04:37.0127 2536 atapi - ok
18:04:37.0174 2536 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:04:37.0174 2536 AtiPcie - ok
18:04:37.0236 2536 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
18:04:37.0236 2536 avgntflt - ok
18:04:37.0283 2536 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
18:04:37.0283 2536 avipbb - ok
18:04:37.0345 2536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:04:37.0345 2536 b06bdrv - ok
18:04:37.0392 2536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:37.0392 2536 b57nd60a - ok
18:04:37.0423 2536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:04:37.0423 2536 Beep - ok
18:04:37.0470 2536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:37.0470 2536 blbdrive - ok
18:04:37.0533 2536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:04:37.0533 2536 bowser - ok
18:04:37.0564 2536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:04:37.0579 2536 BrFiltLo - ok
18:04:37.0595 2536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:04:37.0595 2536 BrFiltUp - ok
18:04:37.0642 2536 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:04:37.0642 2536 BridgeMP - ok
18:04:37.0673 2536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:04:37.0673 2536 Brserid - ok
18:04:37.0704 2536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:37.0704 2536 BrSerWdm - ok
18:04:37.0735 2536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:37.0735 2536 BrUsbMdm - ok
18:04:37.0751 2536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:37.0751 2536 BrUsbSer - ok
18:04:37.0767 2536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:04:37.0767 2536 BTHMODEM - ok
18:04:37.0829 2536 catchme - ok
18:04:37.0907 2536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:04:37.0907 2536 cdfs - ok
18:04:37.0985 2536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:04:37.0985 2536 cdrom - ok
18:04:38.0032 2536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:04:38.0032 2536 circlass - ok
18:04:38.0079 2536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:04:38.0079 2536 CLFS - ok
18:04:38.0125 2536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:38.0125 2536 CmBatt - ok
18:04:38.0188 2536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:04:38.0188 2536 cmdide - ok
18:04:38.0219 2536 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:04:38.0219 2536 CNG - ok
18:04:38.0250 2536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:04:38.0250 2536 Compbatt - ok
18:04:38.0313 2536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:04:38.0313 2536 CompositeBus - ok
18:04:38.0344 2536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:04:38.0344 2536 crcdisk - ok
18:04:38.0391 2536 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:04:38.0406 2536 CSC - ok
18:04:38.0562 2536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:04:38.0562 2536 DfsC - ok
18:04:38.0609 2536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:04:38.0609 2536 discache - ok
18:04:38.0640 2536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:04:38.0640 2536 Disk - ok
18:04:38.0687 2536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:04:38.0687 2536 drmkaud - ok
18:04:38.0765 2536 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:04:38.0765 2536 dtsoftbus01 - ok
18:04:38.0796 2536 dump_wmimmc - ok
18:04:38.0874 2536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:04:38.0890 2536 DXGKrnl - ok
18:04:38.0952 2536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:04:38.0999 2536 ebdrv - ok
18:04:39.0046 2536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:04:39.0046 2536 elxstor - ok
18:04:39.0093 2536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:04:39.0093 2536 ErrDev - ok
18:04:39.0108 2536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:04:39.0108 2536 exfat - ok
18:04:39.0124 2536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:04:39.0124 2536 fastfat - ok
18:04:39.0155 2536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:04:39.0155 2536 fdc - ok
18:04:39.0171 2536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:04:39.0171 2536 FileInfo - ok
18:04:39.0217 2536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:04:39.0217 2536 Filetrace - ok
18:04:39.0233 2536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:39.0233 2536 flpydisk - ok
18:04:39.0280 2536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:04:39.0280 2536 FltMgr - ok
18:04:39.0342 2536 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
18:04:39.0358 2536 FlyUsb - ok
18:04:39.0389 2536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:04:39.0389 2536 FsDepends - ok
18:04:39.0405 2536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:04:39.0405 2536 Fs_Rec - ok
18:04:39.0467 2536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:04:39.0467 2536 fvevol - ok
18:04:39.0498 2536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:04:39.0498 2536 gagp30kx - ok
18:04:39.0529 2536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:04:39.0529 2536 hcw85cir - ok
18:04:39.0576 2536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:04:39.0576 2536 HdAudAddService - ok
18:04:39.0623 2536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:04:39.0623 2536 HDAudBus - ok
18:04:39.0670 2536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:04:39.0670 2536 HidBatt - ok
18:04:39.0685 2536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:04:39.0685 2536 HidBth - ok
18:04:39.0748 2536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:04:39.0748 2536 HidIr - ok
18:04:39.0826 2536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:04:39.0826 2536 HidUsb - ok
18:04:39.0873 2536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:04:39.0873 2536 HpSAMD - ok
18:04:39.0919 2536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:04:39.0935 2536 HTTP - ok
18:04:39.0966 2536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:04:39.0966 2536 hwpolicy - ok
18:04:40.0029 2536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:04:40.0029 2536 i8042prt - ok
18:04:40.0044 2536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:04:40.0060 2536 iaStorV - ok
18:04:40.0075 2536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:04:40.0075 2536 iirsp - ok
18:04:40.0122 2536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:04:40.0122 2536 intelide - ok
18:04:40.0138 2536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:04:40.0138 2536 intelppm - ok
18:04:40.0200 2536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:40.0216 2536 IpFilterDriver - ok
18:04:40.0263 2536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:04:40.0263 2536 IPMIDRV - ok
18:04:40.0294 2536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:04:40.0294 2536 IPNAT - ok
18:04:40.0325 2536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:04:40.0325 2536 IRENUM - ok
18:04:40.0356 2536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:04:40.0356 2536 isapnp - ok
18:04:40.0387 2536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:04:40.0387 2536 iScsiPrt - ok
18:04:40.0450 2536 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
18:04:40.0450 2536 ISWKL - ok
18:04:40.0497 2536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:04:40.0497 2536 kbdclass - ok
18:04:40.0528 2536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:04:40.0528 2536 kbdhid - ok
18:04:40.0575 2536 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:04:40.0575 2536 KSecDD - ok
18:04:40.0606 2536 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:04:40.0621 2536 KSecPkg - ok
18:04:40.0653 2536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:04:40.0653 2536 ksthunk - ok
18:04:40.0715 2536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:04:40.0715 2536 lltdio - ok
18:04:40.0762 2536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:04:40.0762 2536 LSI_FC - ok
18:04:40.0777 2536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:04:40.0777 2536 LSI_SAS - ok
18:04:40.0793 2536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:04:40.0793 2536 LSI_SAS2 - ok
18:04:40.0809 2536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:04:40.0809 2536 LSI_SCSI - ok
18:04:40.0824 2536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:04:40.0824 2536 luafv - ok
18:04:40.0855 2536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:04:40.0855 2536 megasas - ok
18:04:40.0871 2536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:04:40.0871 2536 MegaSR - ok
18:04:40.0902 2536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:04:40.0902 2536 Modem - ok
18:04:40.0918 2536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:04:40.0918 2536 monitor - ok
18:04:40.0965 2536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:04:40.0965 2536 mouclass - ok
18:04:40.0980 2536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:04:40.0980 2536 mouhid - ok
18:04:41.0027 2536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:04:41.0027 2536 mountmgr - ok
18:04:41.0043 2536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:04:41.0058 2536 mpio - ok
18:04:41.0089 2536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:04:41.0089 2536 mpsdrv - ok
18:04:41.0152 2536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:04:41.0152 2536 MRxDAV - ok
18:04:41.0199 2536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:41.0199 2536 mrxsmb - ok
18:04:41.0245 2536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:41.0245 2536 mrxsmb10 - ok
18:04:41.0261 2536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:41.0277 2536 mrxsmb20 - ok
18:04:41.0339 2536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:04:41.0339 2536 msahci - ok
18:04:41.0355 2536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:04:41.0355 2536 msdsm - ok
18:04:41.0401 2536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:04:41.0401 2536 Msfs - ok
18:04:41.0433 2536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:04:41.0433 2536 mshidkmdf - ok
18:04:41.0448 2536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:04:41.0448 2536 msisadrv - ok
18:04:41.0479 2536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:04:41.0479 2536 MSKSSRV - ok
18:04:41.0495 2536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:41.0495 2536 MSPCLOCK - ok
18:04:41.0495 2536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:04:41.0511 2536 MSPQM - ok
18:04:41.0557 2536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:04:41.0573 2536 MsRPC - ok
18:04:41.0620 2536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:04:41.0620 2536 mssmbios - ok
18:04:41.0651 2536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:04:41.0651 2536 MSTEE - ok
18:04:41.0682 2536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:04:41.0682 2536 MTConfig - ok
18:04:41.0713 2536 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:04:41.0713 2536 MTsensor - ok
18:04:41.0729 2536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:04:41.0729 2536 Mup - ok
18:04:41.0760 2536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:04:41.0760 2536 NativeWifiP - ok
18:04:41.0854 2536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:04:41.0869 2536 NDIS - ok
18:04:41.0901 2536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:04:41.0901 2536 NdisCap - ok
18:04:41.0932 2536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:41.0932 2536 NdisTapi - ok
18:04:41.0979 2536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:41.0979 2536 Ndisuio - ok
18:04:42.0025 2536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:42.0025 2536 NdisWan - ok
18:04:42.0057 2536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:04:42.0057 2536 NDProxy - ok
18:04:42.0103 2536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:04:42.0103 2536 NetBIOS - ok
18:04:42.0150 2536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:04:42.0166 2536 NetBT - ok
18:04:42.0213 2536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:04:42.0213 2536 nfrd960 - ok
18:04:42.0291 2536 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
18:04:42.0291 2536 NPF - ok
18:04:42.0322 2536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:04:42.0322 2536 Npfs - ok
18:04:42.0369 2536 NPPTNT2 - ok
18:04:42.0400 2536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:04:42.0400 2536 nsiproxy - ok
18:04:42.0462 2536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:04:42.0493 2536 Ntfs - ok
18:04:42.0509 2536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:04:42.0509 2536 Null - ok
18:04:42.0743 2536 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:04:42.0805 2536 nvlddmkm - ok
18:04:42.0852 2536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:04:42.0852 2536 nvraid - ok
18:04:42.0883 2536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:04:42.0883 2536 nvstor - ok
18:04:42.0930 2536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:04:42.0930 2536 nv_agp - ok
18:04:42.0946 2536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:04:42.0946 2536 ohci1394 - ok
18:04:43.0039 2536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:04:43.0039 2536 Parport - ok
18:04:43.0086 2536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:04:43.0086 2536 partmgr - ok
18:04:43.0133 2536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:04:43.0133 2536 pci - ok
18:04:43.0195 2536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:04:43.0195 2536 pciide - ok
18:04:43.0211 2536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:04:43.0211 2536 pcmcia - ok
18:04:43.0242 2536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:04:43.0242 2536 pcw - ok
18:04:43.0273 2536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:04:43.0273 2536 PEAUTH - ok
18:04:43.0383 2536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:04:43.0383 2536 PptpMiniport - ok
18:04:43.0414 2536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:04:43.0414 2536 Processor - ok
18:04:43.0461 2536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:04:43.0461 2536 Psched - ok
18:04:43.0523 2536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:04:43.0539 2536 ql2300 - ok
18:04:43.0617 2536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:04:43.0617 2536 ql40xx - ok
18:04:43.0679 2536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:04:43.0679 2536 QWAVEdrv - ok
18:04:43.0726 2536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:04:43.0726 2536 RasAcd - ok
18:04:43.0757 2536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:04:43.0757 2536 RasAgileVpn - ok
18:04:43.0804 2536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:43.0819 2536 Rasl2tp - ok
18:04:43.0851 2536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:43.0851 2536 RasPppoe - ok
18:04:43.0866 2536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:04:43.0866 2536 RasSstp - ok
18:04:43.0929 2536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:04:43.0929 2536 rdbss - ok
18:04:43.0960 2536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:04:43.0960 2536 rdpbus - ok
18:04:43.0975 2536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:43.0975 2536 RDPCDD - ok
18:04:44.0038 2536 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:04:44.0053 2536 RDPDR - ok
18:04:44.0069 2536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:04:44.0069 2536 RDPENCDD - ok
18:04:44.0085 2536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:04:44.0085 2536 RDPREFMP - ok
18:04:44.0147 2536 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:04:44.0147 2536 RdpVideoMiniport - ok
18:04:44.0194 2536 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:04:44.0194 2536 RDPWD - ok
18:04:44.0256 2536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:04:44.0256 2536 rdyboost - ok
18:04:44.0319 2536 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:04:44.0319 2536 RimUsb - ok
18:04:44.0350 2536 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
18:04:44.0350 2536 RivaTuner64 - ok
18:04:44.0412 2536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:04:44.0412 2536 rspndr - ok
18:04:44.0443 2536 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:04:44.0443 2536 RTL8167 - ok
18:04:44.0475 2536 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:04:44.0475 2536 s3cap - ok
18:04:44.0553 2536 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:04:44.0553 2536 SASDIFSV - ok
18:04:44.0553 2536 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:04:44.0553 2536 SASKUTIL - ok
18:04:44.0646 2536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:04:44.0662 2536 sbp2port - ok
18:04:44.0709 2536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:04:44.0709 2536 scfilter - ok
18:04:44.0787 2536 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:04:44.0787 2536 ScreamBAudioSvc - ok
18:04:44.0818 2536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:04:44.0818 2536 secdrv - ok
18:04:44.0865 2536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:04:44.0865 2536 Serenum - ok
18:04:44.0880 2536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:04:44.0880 2536 Serial - ok
18:04:44.0927 2536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:04:44.0927 2536 sermouse - ok
18:04:45.0005 2536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:04:45.0005 2536 sffdisk - ok
18:04:45.0021 2536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:04:45.0021 2536 sffp_mmc - ok
18:04:45.0036 2536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:04:45.0036 2536 sffp_sd - ok
18:04:45.0067 2536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:04:45.0067 2536 sfloppy - ok
18:04:45.0099 2536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:04:45.0099 2536 SiSRaid2 - ok
18:04:45.0114 2536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:04:45.0114 2536 SiSRaid4 - ok
18:04:45.0145 2536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:04:45.0145 2536 Smb - ok
18:04:45.0177 2536 speedfan - ok
18:04:45.0208 2536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:04:45.0208 2536 spldr - ok
18:04:45.0270 2536 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
18:04:45.0286 2536 sptd - ok
18:04:45.0333 2536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:04:45.0333 2536 srv - ok
18:04:45.0395 2536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:04:45.0411 2536 srv2 - ok
18:04:45.0457 2536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:04:45.0457 2536 srvnet - ok
18:04:45.0582 2536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:04:45.0582 2536 stexstor - ok
18:04:45.0645 2536 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:04:45.0645 2536 storflt - ok
18:04:45.0660 2536 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:04:45.0660 2536 storvsc - ok
18:04:45.0707 2536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:04:45.0707 2536 swenum - ok
18:04:45.0738 2536 Synth3dVsc - ok
18:04:45.0832 2536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:04:45.0863 2536 Tcpip - ok
18:04:45.0941 2536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:04:45.0957 2536 TCPIP6 - ok
18:04:46.0003 2536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:04:46.0003 2536 tcpipreg - ok
18:04:46.0050 2536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:04:46.0050 2536 TDPIPE - ok
18:04:46.0066 2536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:04:46.0066 2536 TDTCP - ok
18:04:46.0113 2536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:04:46.0113 2536 tdx - ok
18:04:46.0159 2536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:04:46.0175 2536 TermDD - ok
18:04:46.0237 2536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:46.0237 2536 tssecsrv - ok
18:04:46.0269 2536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:04:46.0269 2536 TsUsbFlt - ok
18:04:46.0300 2536 tsusbhub - ok
18:04:46.0347 2536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:04:46.0347 2536 tunnel - ok
18:04:46.0378 2536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:04:46.0378 2536 uagp35 - ok
18:04:46.0440 2536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:04:46.0440 2536 udfs - ok
18:04:46.0518 2536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:04:46.0518 2536 uliagpkx - ok
18:04:46.0549 2536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:04:46.0549 2536 umbus - ok
18:04:46.0581 2536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:04:46.0581 2536 UmPass - ok
18:04:46.0612 2536 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:04:46.0627 2536 usbaudio - ok
18:04:46.0659 2536 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:04:46.0659 2536 usbbus - ok
18:04:46.0721 2536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:46.0721 2536 usbccgp - ok
18:04:46.0752 2536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:04:46.0752 2536 usbcir - ok
18:04:46.0815 2536 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:04:46.0815 2536 UsbDiag - ok
18:04:46.0830 2536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:04:46.0830 2536 usbehci - ok
18:04:46.0861 2536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:04:46.0877 2536 usbhub - ok
18:04:46.0924 2536 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:04:46.0924 2536 USBModem - ok
18:04:46.0939 2536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:04:46.0939 2536 usbohci - ok
18:04:47.0002 2536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:04:47.0002 2536 usbprint - ok
18:04:47.0033 2536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:47.0033 2536 USBSTOR - ok
18:04:47.0049 2536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:04:47.0049 2536 usbuhci - ok
18:04:47.0095 2536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:04:47.0095 2536 vdrvroot - ok
18:04:47.0127 2536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:47.0127 2536 vga - ok
18:04:47.0158 2536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:04:47.0158 2536 VgaSave - ok
18:04:47.0158 2536 VGPU - ok
18:04:47.0205 2536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:04:47.0205 2536 vhdmp - ok
18:04:47.0267 2536 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
18:04:47.0283 2536 VIAHdAudAddService - ok
18:04:47.0329 2536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:04:47.0345 2536 viaide - ok
18:04:47.0376 2536 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:04:47.0392 2536 vmbus - ok
18:04:47.0407 2536 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:04:47.0407 2536 VMBusHID - ok
18:04:47.0454 2536 vmcam326av (08cced76883b1a2302e5a01121c76414) C:\Windows\system32\Drivers\vmcam326av.sys
18:04:47.0454 2536 vmcam326av - ok
18:04:47.0501 2536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:04:47.0501 2536 volmgr - ok
18:04:47.0563 2536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:04:47.0563 2536 volmgrx - ok
18:04:47.0595 2536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:04:47.0595 2536 volsnap - ok
18:04:47.0641 2536 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
18:04:47.0641 2536 Vsdatant - ok
18:04:47.0688 2536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:04:47.0688 2536 vsmraid - ok
18:04:47.0735 2536 vvftav (fdbed56781e036769a2bc4badd754689) C:\Windows\system32\drivers\vvftav.sys
18:04:47.0735 2536 vvftav - ok
18:04:47.0751 2536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:04:47.0751 2536 vwifibus - ok
18:04:47.0782 2536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:04:47.0782 2536 WacomPen - ok
18:04:47.0844 2536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:04:47.0860 2536 WANARP - ok
18:04:47.0860 2536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:04:47.0860 2536 Wanarpv6 - ok
18:04:47.0938 2536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:04:47.0938 2536 Wd - ok
18:04:47.0953 2536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:04:47.0969 2536 Wdf01000 - ok
18:04:48.0016 2536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:04:48.0016 2536 WfpLwf - ok
18:04:48.0047 2536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:04:48.0047 2536 WIMMount - ok
18:04:48.0109 2536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:04:48.0109 2536 WmiAcpi - ok
18:04:48.0141 2536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:04:48.0141 2536 ws2ifsl - ok
18:04:48.0234 2536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:04:48.0234 2536 WudfPf - ok
18:04:48.0265 2536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:48.0265 2536 WUDFRd - ok
18:04:48.0343 2536 ZD1211U(Linksys) (6b7d88060a9c8da58b4b1113da6835c8) C:\Windows\system32\DRIVERS\zd1211u.sys
18:04:48.0343 2536 ZD1211U(Linksys) - ok
18:04:48.0359 2536 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
18:04:48.0390 2536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:04:48.0390 2536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:04:48.0421 2536 Boot (0x1200) (37bceb1cc39c46ca817a78f4928e5df0) \Device\Harddisk0\DR0\Partition0
18:04:48.0421 2536 \Device\Harddisk0\DR0\Partition0 - ok
18:04:48.0421 2536 Boot (0x1200) (57f1b1ccb9ca3a3e7562b5fc2f8893f6) \Device\Harddisk0\DR0\Partition1
18:04:48.0421 2536 \Device\Harddisk0\DR0\Partition1 - ok
18:04:48.0421 2536 ============================================================
18:04:48.0421 2536 Scan finished
18:04:48.0421 2536 ============================================================
18:04:48.0437 3084 Detected object count: 1
18:04:48.0437 3084 Actual detected object count: 1
18:04:56.0908 3084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
18:04:56.0908 3084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

Scolabar
2012-02-05, 09:41
Hi pallmall,

Thank you for the logs and feedback. I am afraid I have some bad news for you. :sad:

Rootkit Warning

Your computer shows signs of multiple infections, including a Rootkit infection.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords
(ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that, once infected with this type of malware, the best course of action would be to do a reformat and re-installation of the operating system (OS).

This decision will have to be made by you.

An attempt can be made to clean this machine but there will be no guarantee that it won't still be compromised, afterwards.

Guide to re-formatting and re-installing (http://spyware-free.us/tutorials/reformat/) courtesy of wng_z3r0.

To help you decide, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous (http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should I re-format and reinstall my OS (http://www.dslreports.com/faq/10063)
How and Where to backup your files (http://www.microsoft.com/athome/security/update/wherebackup.mspx)
Restoring your backups (http://support.microsoft.com/kb/309340)

Please let me know how you intend to proceed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

pallmall
2012-02-05, 11:04
Damn!
Was afraid that may be the case. I would like to cleanse this p/c if at all possible. I have some things installed which I can no longer reinstall and personal data saved that I would like to keep in tact.

If you're still up for the challenge, I am ready to keep trying.

Thanks again.

Scolabar
2012-02-06, 15:48
Hi pallmall,

Firstly, you have already been advised to backup all your data. Please refer to my initial post. ;)


...
Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)
...
Before proceeding with any further instructions please make sure you backup your data.
I cannot guarantee that the cleanup process will work as already stated:

An attempt can be made to clean this machine but there will be no guarantee that it won't still be compromised, afterwards.
In addition there is always the possibility that the computer could be rendered unbootable and all data lost. I can make no guarantees.

If you are happy acknowledge this and have backed up your data please continue with the rest of the instructions.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Company-Owned Computer?

Entries in the log provided lead me to believe this may be a company-owned computer.
Please confirm whether or not this computer is a company owned computer, a computer used for business or connected to a business network.
If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
MGA Diagnostics

Please download this tool (http://go.microsoft.com/fwlink/?linkid=52012) from Microsoft and Save it to your Desktop.
Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Continue button to proceed.
The program will now run. It will take a short while to complete its diagnosis, please be patient.
When it has finished click on the Copy button.
Click on Start and then click on the Start Search box in the Start Menu.
Copy and Paste the following value into the open text entry box:


notepad


Then click on the magnifying glass symbol or press Enter.
This will open an empty Notepad file.
Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
Click on the OK button to exit the MGA Diagnostics program.
Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 3:
CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and Save it to your Desktop.
Make sure that CKScanner.exe is on your Desktop before running the application!
Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Then click on the Search For Files button.
When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
Note: Please run the program ONCE only.
Click on the Exit button to close the program.
Double-click on the ckfiles.txt file to open it.
Then Copy and Paste the entire contents of the file into your next reply.
Step 4:
Include in Next Post

Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
mgadiag.txt.
ckfiles.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

pallmall
2012-02-06, 19:28
Alright, have many gigs of data to transfer. Will take most the day to sort out which files I want/need as well as zipping and making clones of installed files to work from the portable hdd.

This is a personal computer. Mainly used as my gaming/media center pc.

Will post logs back soon, after I save some things.

Thanks,

Scolabar
2012-02-07, 00:59
Hi pallmall,

No problem. I'll wait to hear from you. ;)
Please post the logs when you are ready.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

pallmall
2012-02-09, 02:23
Alrighty, here we go:

mgadiag.txt

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {64E10C59-24C5-40E2-AC82-63DAE7D67CBB}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64E10C59-24C5-40E2-AC82-63DAE7D67CBB}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-545903267-2311813859-710853934</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0910 </Version><SMBIOSVersion major="2" minor="5"/><Date>20091126000000.000000+000</Date></BIOS><HWID>7A313D07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-1342010
Installation ID: 021315898652134325941683050372378260732461704785168332
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 2/8/2012 4:15:28 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:2:2011 09:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIABAABAAEAAAACAAAAAQABAAEA6GFMj3cWBCFU8uJrOJgQM25+gNLO7tzhHs8YeQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 112609 APIC1132
FACP 112609 FACP1132
HPET 112609 OEMHPET
MCFG 112609 OEMMCFG
OEMB 112609 OEMB1132
SSDT A M I POWERNOW
SLIC ACRSYS ACRPRDCT






and,

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.SIAPTD
----- EOF -----



not much there. ran it as admin, let it run. thats all it came up with. : /

Scolabar
2012-02-10, 05:52
Hi pallmall,

We are very sorry, but there are indications that something is amiss regarding the validity of the Windows operating system on this computer.

If you believe the operating system is valid, then you should contact Microsoft and have them help you resolve the issue so you can then receive help in removing the malware infections.

Microsoft has provided a forum where Windows users can address operating system validity issues:

http://social.microsoft.com/Forums/en-US/category/genuine

May I draw your attention to THIS TOPIC (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

We do not support the use of illegal Pirated/Warez/Cracked software.

...

Please have a legitimate copy of Windows or your topic will be closed.Thank you for your understanding.

This thread will now therefore be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed