PDA

View Full Version : smitfraud issue, wont delete



lavilev
2012-03-07, 00:54
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by LaviLev at 17:27:36 on 2012-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2140 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\LaviLev\Downloads\hijackthis.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title =
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273610114505l03f4z135a48m2v28n
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273610114505l03f4z135a48m2v28n
mWindow Title =
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\LaviLev\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB2347] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD6843] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRunOnce: [SpybotDeletingA5715] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC2633] cmd.exe /c del "C:\Windows\svchost.exe_old"
dRun: [nlsnet] C:\Windows\system32\config\systemprofile\AppData\Roaming\nlsnet.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\LaviLev\DOCUME~1\Startup\RT-UPD~1.LNK - C:\Ross-Tech\VCDS\VCDS.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
uPolicies-explorer: NoInstrumentation = 01
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : NameServer = 216.254.95.2,4.2.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\05F4C49534F4D4028444 : NameServer = 205.171.3.65,208.67.222.222
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\05F4C49534F4D4028444 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\2456C6B696E6F574F505C65737F5D494D4F4F5448383834424 : NameServer = 156.154.70.1,4.2.2.3
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\2456C6B696E6F574F505C65737F5D494D4F4F5448383834424 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\2456C6B696E6F5E413F575962756C6563737F5647333033453 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\A583839373 : NameServer = 216.254.95.2,4.2.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\A583839373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425 : NameServer = 216.254.95.2,4.2.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA} : DhcpNameServer = 192.168.2.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRunOnce-x64: [SpybotDeletingA5715] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC2633] cmd.exe /c del "C:\Windows\svchost.exe_old"
Hosts: 109.163.226.208 www.google-analytics.com.
Hosts: 109.163.226.208 ad-emea.doubleclick.net.
Hosts: 109.163.226.208 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LaviLev\AppData\Roaming\Mozilla\Firefox\Profiles\hhbrubyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.vwvortex.com/subscription.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LaviLev\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-6 136176]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-2 1153368]
S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]
S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-6 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RT-USB;Ross-Tech USB driver;C:\Windows\system32\drivers\RT-USB64.SYS --> C:\Windows\system32\drivers\RT-USB64.SYS [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-06 20:10:33 20480 ------w- C:\Windows\svchost.exe_old
2012-03-03 01:42:43 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-03 01:42:26 -------- d-----w- C:\Windows\PCHEALTH
2012-03-03 01:38:23 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-02-13 02:33:51 -------- d-----w- C:\Program Files\iTunes
2012-02-13 02:33:51 -------- d-----w- C:\Program Files\iPod
2012-02-13 02:33:51 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-08 06:54:40 -------- d-----w- C:\Users\LaviLev\AppData\Local\{193CE5D9-0571-4DC4-A5DA-3CAA0D51D4FC}
2012-02-08 06:54:28 -------- d-----w- C:\Users\LaviLev\AppData\Local\{7686645D-E2CE-4E03-98C5-67E66BBBD4AF}
2012-02-08 06:54:22 -------- d-----w- C:\Users\LaviLev\AppData\Local\{4DDBFCE9-3A2D-4854-A330-E816F49CF53C}
2012-02-08 06:54:08 -------- d-----w- C:\Users\LaviLev\Tracing
2012-02-08 06:52:59 -------- d-----w- C:\Windows\en
2012-02-08 06:46:36 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-02-08 06:46:36 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-02-08 06:46:34 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-02-08 06:46:34 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-02-08 06:46:07 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-02-08 06:46:07 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-02-08 06:45:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\DSETUP.dll
2012-02-08 06:45:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\DXSETUP.exe
2012-02-08 06:45:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\dsetup32.dll
2012-02-08 06:45:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\DSETUP.dll
2012-02-08 06:45:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\DXSETUP.exe
2012-02-08 06:45:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\dsetup32.dll
2012-02-08 06:43:55 -------- d-----w- C:\Users\LaviLev\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2012-02-20 14:08:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:32:12.99 ===============

oldman960
2012-03-07, 02:22
Hi lavilev, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Let's take a look.

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR.exe to run it. If asked to download the Avast database please do so.

Please post back with
aswMBR log
mbr.zip (attached)


Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
aswMBR log
mbr.zip (attached)

lavilev
2012-03-07, 03:52
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 19:34:48
-----------------------------
19:34:48.928 OS Version: Windows x64 6.1.7601 Service Pack 1
19:34:48.928 Number of processors: 2 586 0x170A
19:34:48.929 ComputerName: LAVILEV-PC UserName: LaviLev
19:34:51.542 Initialize success
19:35:35.941 AVAST engine defs: 12030600
19:35:48.853 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:35:48.856 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
19:35:48.859 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:35:48.862 Disk 1 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
19:35:48.866 Device \Driver\atapi -> MajorFunction fffffa800511e5c4
19:35:48.916 Disk 1 MBR read successfully
19:35:48.920 Disk 1 MBR scan
19:35:48.926 Disk 1 MBR:Alureon-M [Rtk]
19:35:48.930 Disk 1 TDL4@MBR code has been found
19:35:48.934 Disk 1 Windows 7 default MBR code found via API
19:35:48.940 Disk 1 MBR hidden
19:35:48.945 Disk 1 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
19:35:48.964 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
19:35:48.983 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 366261 MB offset 25382700
19:35:49.028 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 98283 MB offset 775487488
19:35:49.036 Disk 1 MBR [TDL4] **ROOTKIT**
19:35:49.043 Disk 1 trace - called modules:
19:35:49.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800511e5c4]<<
19:35:49.059 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004c4b060]
19:35:49.066 3 CLASSPNP.SYS[fffff880019b843f] -> nt!IofCallDriver -> [0xfffffa8003c755e0]
19:35:49.074 5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003db0680]
19:35:49.082 \Driver\atapi[0xfffffa800508a550] -> IRP_MJ_CREATE -> 0xfffffa800511e5c4
19:35:50.871 AVAST engine scan C:\Windows
19:35:53.837 AVAST engine scan C:\Windows\system32
19:40:31.722 AVAST engine scan C:\Windows\system32\drivers
19:40:48.587 AVAST engine scan C:\Users\LaviLev
20:36:44.673 AVAST engine scan C:\ProgramData
20:40:53.910 Scan finished successfully
20:45:19.075 Disk 1 MBR has been saved successfully to "C:\Users\LaviLev\Desktop\FIXME\MBR.dat"
20:45:19.083 The log file has been saved successfully to "C:\Users\LaviLev\Desktop\FIXME\DDS.txt"
20:46:59.812 Disk 1 MBR has been saved successfully to "C:\Users\LaviLev\Desktop\MBR.dat"
20:46:59.820 The log file has been saved successfully to "C:\Users\LaviLev\Desktop\aswMBR.txt"

oldman960
2012-03-07, 04:28
Hi lavilev,


Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.



Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

lavilev
2012-03-07, 04:44
21:34:28.0690 5408 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
21:34:29.0610 5408 ============================================================
21:34:29.0610 5408 Current date / time: 2012/03/06 21:34:29.0610
21:34:29.0610 5408 SystemInfo:
21:34:29.0610 5408
21:34:29.0610 5408 OS Version: 6.1.7601 ServicePack: 1.0
21:34:29.0610 5408 Product type: Workstation
21:34:29.0610 5408 ComputerName: LAVILEV-PC
21:34:29.0610 5408 UserName: LaviLev
21:34:29.0610 5408 Windows directory: C:\Windows
21:34:29.0610 5408 System windows directory: C:\Windows
21:34:29.0610 5408 Running under WOW64
21:34:29.0610 5408 Processor architecture: Intel x64
21:34:29.0610 5408 Number of processors: 2
21:34:29.0610 5408 Page size: 0x1000
21:34:29.0610 5408 Boot type: Normal boot
21:34:29.0610 5408 ============================================================
21:34:31.0576 5408 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:35.0117 5408 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:35.0195 5408 Drive \Device\Harddisk2\DR2 - Size: 0x1ECF00000 (7.70 Gb), SectorSize: 0x200, Cylinders: 0x3ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:34:35.0211 5408 \Device\Harddisk1\DR1:
21:34:35.0226 5408 MBR used
21:34:35.0226 5408 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
21:34:35.0226 5408 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x2CB5A904
21:34:35.0226 5408 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2E390000, BlocksNum 0xBFF5800
21:34:35.0226 5408 \Device\Harddisk0\DR0:
21:34:35.0351 5408 MBR used
21:34:35.0351 5408 \Device\Harddisk2\DR2:
21:34:35.0351 5408 MBR used
21:34:35.0351 5408 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0xF65800
21:34:35.0507 5408 Initialize success
21:34:35.0507 5408 ============================================================
21:35:06.0723 6512 ============================================================
21:35:06.0723 6512 Scan started
21:35:06.0723 6512 Mode: Manual; SigCheck; TDLFS;
21:35:06.0723 6512 ============================================================
21:35:07.0830 6512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:08.0111 6512 1394ohci - ok
21:35:08.0251 6512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:08.0267 6512 ACPI - ok
21:35:08.0548 6512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:08.0641 6512 AcpiPmi - ok
21:35:08.0751 6512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:08.0766 6512 adp94xx - ok
21:35:08.0875 6512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:08.0891 6512 adpahci - ok
21:35:09.0031 6512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:09.0031 6512 adpu320 - ok
21:35:09.0219 6512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:35:09.0297 6512 AFD - ok
21:35:09.0406 6512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:09.0421 6512 agp440 - ok
21:35:09.0546 6512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:09.0546 6512 aliide - ok
21:35:09.0655 6512 ALSysIO - ok
21:35:09.0749 6512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:09.0765 6512 amdide - ok
21:35:09.0858 6512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:09.0936 6512 AmdK8 - ok
21:35:10.0045 6512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:10.0092 6512 AmdPPM - ok
21:35:10.0201 6512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:35:10.0217 6512 amdsata - ok
21:35:10.0311 6512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:10.0342 6512 amdsbs - ok
21:35:10.0435 6512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:35:10.0435 6512 amdxata - ok
21:35:10.0545 6512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:11.0106 6512 AppID - ok
21:35:11.0247 6512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:11.0262 6512 arc - ok
21:35:11.0371 6512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:11.0387 6512 arcsas - ok
21:35:11.0512 6512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:11.0637 6512 AsyncMac - ok
21:35:11.0746 6512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:11.0761 6512 atapi - ok
21:35:11.0964 6512 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
21:35:12.0183 6512 atikmdag - ok
21:35:12.0323 6512 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:35:12.0401 6512 AVGIDSDriver - ok
21:35:12.0541 6512 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:35:12.0557 6512 AVGIDSEH - ok
21:35:12.0651 6512 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:35:12.0666 6512 AVGIDSFilter - ok
21:35:12.0822 6512 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
21:35:12.0838 6512 Avgldx64 - ok
21:35:12.0963 6512 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:35:12.0978 6512 Avgmfx64 - ok
21:35:13.0181 6512 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:35:13.0181 6512 Avgrkx64 - ok
21:35:13.0446 6512 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:35:13.0462 6512 Avgtdia - ok
21:35:13.0680 6512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:13.0774 6512 b06bdrv - ok
21:35:13.0883 6512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:13.0945 6512 b57nd60a - ok
21:35:14.0086 6512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:14.0164 6512 Beep - ok
21:35:14.0289 6512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:14.0335 6512 blbdrive - ok
21:35:14.0491 6512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:14.0554 6512 bowser - ok
21:35:14.0663 6512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:14.0710 6512 BrFiltLo - ok
21:35:14.0819 6512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:14.0866 6512 BrFiltUp - ok
21:35:14.0991 6512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:15.0053 6512 Brserid - ok
21:35:15.0162 6512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:15.0193 6512 BrSerWdm - ok
21:35:15.0287 6512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:15.0318 6512 BrUsbMdm - ok
21:35:15.0412 6512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:15.0427 6512 BrUsbSer - ok
21:35:15.0583 6512 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:35:15.0771 6512 BthEnum - ok
21:35:15.0989 6512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:16.0020 6512 BTHMODEM - ok
21:35:16.0161 6512 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:35:16.0192 6512 BthPan - ok
21:35:16.0317 6512 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:35:16.0363 6512 BTHPORT - ok
21:35:16.0597 6512 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:35:16.0629 6512 BTHUSB - ok
21:35:16.0909 6512 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
21:35:16.0972 6512 CAXHWAZL - ok
21:35:17.0097 6512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:17.0159 6512 cdfs - ok
21:35:17.0393 6512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:17.0440 6512 cdrom - ok
21:35:17.0549 6512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:17.0580 6512 circlass - ok
21:35:17.0705 6512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:17.0736 6512 CLFS - ok
21:35:17.0955 6512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:17.0986 6512 CmBatt - ok
21:35:18.0095 6512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:18.0111 6512 cmdide - ok
21:35:18.0282 6512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:35:18.0360 6512 CNG - ok
21:35:18.0547 6512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:18.0547 6512 Compbatt - ok
21:35:18.0688 6512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:18.0735 6512 CompositeBus - ok
21:35:18.0828 6512 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
21:35:18.0844 6512 cpudrv64 - ok
21:35:18.0937 6512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:18.0953 6512 crcdisk - ok
21:35:19.0109 6512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:19.0171 6512 DfsC - ok
21:35:19.0281 6512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:19.0343 6512 discache - ok
21:35:19.0452 6512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:19.0468 6512 Disk - ok
21:35:19.0546 6512 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
21:35:19.0546 6512 DKbFltr - ok
21:35:19.0686 6512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:19.0717 6512 drmkaud - ok
21:35:19.0827 6512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:19.0858 6512 DXGKrnl - ok
21:35:20.0045 6512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:20.0154 6512 ebdrv - ok
21:35:20.0279 6512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:20.0295 6512 elxstor - ok
21:35:20.0419 6512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:20.0482 6512 ErrDev - ok
21:35:20.0622 6512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:20.0685 6512 exfat - ok
21:35:20.0887 6512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:20.0965 6512 fastfat - ok
21:35:21.0090 6512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:21.0106 6512 fdc - ok
21:35:21.0231 6512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:21.0246 6512 FileInfo - ok
21:35:21.0355 6512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:21.0418 6512 Filetrace - ok
21:35:21.0527 6512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:21.0543 6512 flpydisk - ok
21:35:21.0636 6512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:21.0667 6512 FltMgr - ok
21:35:21.0777 6512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:21.0792 6512 FsDepends - ok
21:35:21.0886 6512 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:21.0901 6512 Fs_Rec - ok
21:35:22.0026 6512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:22.0042 6512 fvevol - ok
21:35:22.0151 6512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:22.0167 6512 gagp30kx - ok
21:35:22.0260 6512 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:22.0276 6512 GEARAspiWDM - ok
21:35:22.0401 6512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:22.0463 6512 hcw85cir - ok
21:35:22.0557 6512 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:35:22.0619 6512 HdAudAddService - ok
21:35:22.0728 6512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:22.0775 6512 HDAudBus - ok
21:35:22.0884 6512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:22.0931 6512 HidBatt - ok
21:35:23.0134 6512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:23.0181 6512 HidBth - ok
21:35:23.0290 6512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:23.0337 6512 HidIr - ok
21:35:23.0446 6512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:35:23.0477 6512 HidUsb - ok
21:35:23.0571 6512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:23.0586 6512 HpSAMD - ok
21:35:23.0727 6512 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:35:23.0789 6512 HSF_DPV - ok
21:35:23.0929 6512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:23.0992 6512 HTTP - ok
21:35:24.0085 6512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:24.0101 6512 hwpolicy - ok
21:35:24.0210 6512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:35:24.0226 6512 i8042prt - ok
21:35:24.0351 6512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:24.0382 6512 iaStorV - ok
21:35:24.0741 6512 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:25.0021 6512 igfx - ok
21:35:25.0131 6512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:25.0146 6512 iirsp - ok
21:35:25.0349 6512 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:25.0427 6512 IntcAzAudAddService - ok
21:35:25.0552 6512 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
21:35:25.0614 6512 IntcHdmiAddService - ok
21:35:25.0708 6512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:25.0723 6512 intelide - ok
21:35:25.0833 6512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:25.0848 6512 intelppm - ok
21:35:25.0989 6512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:26.0035 6512 IpFilterDriver - ok
21:35:26.0160 6512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:26.0191 6512 IPMIDRV - ok
21:35:26.0301 6512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:26.0347 6512 IPNAT - ok
21:35:26.0472 6512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:26.0519 6512 IRENUM - ok
21:35:26.0628 6512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:26.0644 6512 isapnp - ok
21:35:26.0753 6512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:26.0769 6512 iScsiPrt - ok
21:35:26.0893 6512 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:35:26.0909 6512 k57nd60a - ok
21:35:27.0049 6512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:35:27.0065 6512 kbdclass - ok
21:35:27.0174 6512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:35:27.0205 6512 kbdhid - ok
21:35:27.0346 6512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:35:27.0361 6512 KSecDD - ok
21:35:27.0517 6512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:27.0533 6512 KSecPkg - ok
21:35:27.0767 6512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:27.0892 6512 ksthunk - ok
21:35:28.0048 6512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:28.0095 6512 lltdio - ok
21:35:28.0219 6512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:28.0235 6512 LSI_FC - ok
21:35:28.0344 6512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:28.0344 6512 LSI_SAS - ok
21:35:28.0453 6512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:28.0469 6512 LSI_SAS2 - ok
21:35:28.0578 6512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:28.0594 6512 LSI_SCSI - ok
21:35:28.0703 6512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:28.0765 6512 luafv - ok
21:35:28.0875 6512 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:35:28.0890 6512 mcdbus - ok
21:35:28.0999 6512 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:35:29.0031 6512 mdmxsdk - ok
21:35:29.0140 6512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:29.0140 6512 megasas - ok
21:35:29.0249 6512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:29.0265 6512 MegaSR - ok
21:35:29.0389 6512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:29.0452 6512 Modem - ok
21:35:29.0561 6512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:29.0592 6512 monitor - ok
21:35:29.0748 6512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:35:29.0748 6512 mouclass - ok
21:35:29.0920 6512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:29.0967 6512 mouhid - ok
21:35:30.0481 6512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:30.0497 6512 mountmgr - ok
21:35:30.0606 6512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:30.0622 6512 mpio - ok
21:35:30.0731 6512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:30.0778 6512 mpsdrv - ok
21:35:30.0918 6512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:30.0981 6512 MRxDAV - ok
21:35:31.0090 6512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:31.0137 6512 mrxsmb - ok
21:35:31.0261 6512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:31.0308 6512 mrxsmb10 - ok
21:35:31.0433 6512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:31.0449 6512 mrxsmb20 - ok
21:35:31.0558 6512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:31.0573 6512 msahci - ok
21:35:31.0683 6512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:31.0698 6512 msdsm - ok
21:35:31.0823 6512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:31.0854 6512 Msfs - ok
21:35:31.0963 6512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:32.0026 6512 mshidkmdf - ok
21:35:32.0135 6512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:32.0151 6512 msisadrv - ok
21:35:32.0275 6512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:32.0322 6512 MSKSSRV - ok
21:35:32.0416 6512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:32.0478 6512 MSPCLOCK - ok
21:35:32.0634 6512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:32.0697 6512 MSPQM - ok
21:35:32.0806 6512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:32.0837 6512 MsRPC - ok
21:35:32.0946 6512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:32.0946 6512 mssmbios - ok
21:35:33.0055 6512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:33.0118 6512 MSTEE - ok
21:35:33.0227 6512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:33.0274 6512 MTConfig - ok
21:35:33.0367 6512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:33.0383 6512 Mup - ok
21:35:33.0492 6512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:33.0539 6512 NativeWifiP - ok
21:35:33.0648 6512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:33.0679 6512 NDIS - ok
21:35:33.0789 6512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:33.0835 6512 NdisCap - ok
21:35:33.0945 6512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:33.0991 6512 NdisTapi - ok
21:35:34.0132 6512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:34.0179 6512 Ndisuio - ok
21:35:34.0288 6512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:34.0335 6512 NdisWan - ok
21:35:34.0459 6512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:34.0506 6512 NDProxy - ok
21:35:34.0615 6512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:34.0678 6512 NetBIOS - ok
21:35:34.0803 6512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:34.0849 6512 NetBT - ok
21:35:35.0146 6512 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:35:35.0442 6512 NETw5s64 - ok
21:35:35.0801 6512 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
21:35:35.0988 6512 netw5v64 - ok
21:35:36.0300 6512 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:35:36.0550 6512 NETwNs64 - ok
21:35:36.0643 6512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:36.0659 6512 nfrd960 - ok
21:35:36.0799 6512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:36.0862 6512 Npfs - ok
21:35:36.0955 6512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:37.0018 6512 nsiproxy - ok
21:35:37.0174 6512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:37.0221 6512 Ntfs - ok
21:35:37.0345 6512 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:35:37.0345 6512 NTIDrvr - ok
21:35:37.0455 6512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:37.0517 6512 Null - ok
21:35:37.0642 6512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:37.0657 6512 nvraid - ok
21:35:37.0782 6512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:37.0798 6512 nvstor - ok
21:35:37.0907 6512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:37.0923 6512 nv_agp - ok
21:35:38.0032 6512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:38.0063 6512 ohci1394 - ok
21:35:38.0219 6512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:38.0235 6512 Parport - ok
21:35:38.0359 6512 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:35:38.0359 6512 partmgr - ok
21:35:38.0469 6512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:38.0484 6512 pci - ok
21:35:38.0593 6512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:38.0609 6512 pciide - ok
21:35:38.0703 6512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:38.0718 6512 pcmcia - ok
21:35:38.0827 6512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:38.0843 6512 pcw - ok
21:35:38.0968 6512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:39.0030 6512 PEAUTH - ok
21:35:39.0171 6512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:39.0217 6512 PptpMiniport - ok
21:35:39.0327 6512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:39.0342 6512 Processor - ok
21:35:39.0467 6512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:39.0514 6512 Psched - ok
21:35:39.0654 6512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:39.0701 6512 ql2300 - ok
21:35:39.0810 6512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:39.0826 6512 ql40xx - ok
21:35:39.0919 6512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:39.0966 6512 QWAVEdrv - ok
21:35:40.0060 6512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:40.0122 6512 RasAcd - ok
21:35:40.0216 6512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:40.0263 6512 RasAgileVpn - ok
21:35:40.0387 6512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:40.0434 6512 Rasl2tp - ok
21:35:40.0528 6512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:40.0590 6512 RasPppoe - ok
21:35:40.0933 6512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:40.0996 6512 RasSstp - ok
21:35:41.0121 6512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:41.0167 6512 rdbss - ok
21:35:41.0261 6512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:41.0292 6512 rdpbus - ok
21:35:41.0417 6512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:41.0464 6512 RDPCDD - ok
21:35:41.0573 6512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:41.0635 6512 RDPENCDD - ok
21:35:41.0745 6512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:41.0791 6512 RDPREFMP - ok
21:35:41.0901 6512 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:35:41.0947 6512 RDPWD - ok
21:35:42.0057 6512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:42.0072 6512 rdyboost - ok
21:35:42.0213 6512 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:35:42.0244 6512 RFCOMM - ok
21:35:42.0369 6512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:42.0431 6512 rspndr - ok
21:35:42.0540 6512 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
21:35:42.0571 6512 RSUSBSTOR - ok
21:35:42.0681 6512 RT-USB (5bdaf690fe82d8e531328de7e766fb7a) C:\Windows\system32\drivers\RT-USB64.SYS
21:35:42.0696 6512 RT-USB - ok
21:35:42.0805 6512 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
21:35:42.0821 6512 RTHDMIAzAudService - ok
21:35:42.0930 6512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:42.0930 6512 sbp2port - ok
21:35:43.0086 6512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:43.0133 6512 scfilter - ok
21:35:43.0258 6512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:43.0305 6512 secdrv - ok
21:35:43.0414 6512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:43.0445 6512 Serenum - ok
21:35:43.0539 6512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:43.0554 6512 Serial - ok
21:35:43.0679 6512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:43.0710 6512 sermouse - ok
21:35:43.0819 6512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:43.0866 6512 sffdisk - ok
21:35:43.0960 6512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:43.0991 6512 sffp_mmc - ok
21:35:44.0116 6512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:44.0147 6512 sffp_sd - ok
21:35:44.0256 6512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:44.0272 6512 sfloppy - ok
21:35:44.0397 6512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:44.0412 6512 SiSRaid2 - ok
21:35:44.0537 6512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:44.0553 6512 SiSRaid4 - ok
21:35:44.0646 6512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:44.0693 6512 Smb - ok
21:35:44.0818 6512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:44.0833 6512 spldr - ok
21:35:44.0974 6512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:45.0021 6512 srv - ok
21:35:45.0145 6512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:45.0192 6512 srv2 - ok
21:35:45.0317 6512 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:35:45.0333 6512 SrvHsfHDA - ok
21:35:45.0489 6512 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:35:45.0551 6512 SrvHsfV92 - ok
21:35:45.0676 6512 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:35:45.0707 6512 SrvHsfWinac - ok
21:35:45.0816 6512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:45.0847 6512 srvnet - ok
21:35:46.0035 6512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:46.0050 6512 stexstor - ok
21:35:46.0206 6512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:46.0206 6512 swenum - ok
21:35:46.0331 6512 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
21:35:46.0347 6512 SynTP - ok
21:35:46.0534 6512 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:35:46.0581 6512 Tcpip - ok
21:35:46.0737 6512 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:46.0783 6512 TCPIP6 - ok
21:35:46.0908 6512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:46.0955 6512 tcpipreg - ok
21:35:47.0064 6512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:47.0127 6512 TDPIPE - ok
21:35:47.0220 6512 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:35:47.0267 6512 TDTCP - ok
21:35:47.0376 6512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:47.0423 6512 tdx - ok
21:35:47.0532 6512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:47.0548 6512 TermDD - ok
21:35:47.0688 6512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:47.0735 6512 tssecsrv - ok
21:35:47.0844 6512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:47.0891 6512 TsUsbFlt - ok
21:35:48.0000 6512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:48.0047 6512 tunnel - ok
21:35:48.0156 6512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:48.0172 6512 uagp35 - ok
21:35:48.0297 6512 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:35:48.0297 6512 UBHelper - ok
21:35:48.0406 6512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:48.0468 6512 udfs - ok
21:35:48.0593 6512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:48.0609 6512 uliagpkx - ok
21:35:48.0718 6512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:48.0749 6512 umbus - ok
21:35:48.0843 6512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:48.0874 6512 UmPass - ok
21:35:49.0014 6512 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:35:49.0045 6512 USBAAPL64 - ok
21:35:49.0155 6512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:49.0170 6512 usbccgp - ok
21:35:49.0279 6512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:49.0311 6512 usbcir - ok
21:35:49.0420 6512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:49.0467 6512 usbehci - ok
21:35:49.0607 6512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:49.0654 6512 usbhub - ok
21:35:49.0763 6512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:35:49.0779 6512 usbohci - ok
21:35:49.0872 6512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:49.0919 6512 usbprint - ok
21:35:50.0028 6512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:50.0091 6512 USBSTOR - ok
21:35:50.0200 6512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:50.0215 6512 usbuhci - ok
21:35:50.0340 6512 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:35:50.0371 6512 usbvideo - ok
21:35:50.0481 6512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:50.0496 6512 vdrvroot - ok
21:35:50.0605 6512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:50.0621 6512 vga - ok
21:35:50.0730 6512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:50.0777 6512 VgaSave - ok
21:35:50.0902 6512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:50.0917 6512 vhdmp - ok
21:35:51.0027 6512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:51.0042 6512 viaide - ok
21:35:51.0151 6512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:51.0167 6512 volmgr - ok
21:35:51.0292 6512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:51.0307 6512 volmgrx - ok
21:35:51.0432 6512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:51.0448 6512 volsnap - ok
21:35:51.0541 6512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:51.0557 6512 vsmraid - ok
21:35:51.0682 6512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:51.0697 6512 vwifibus - ok
21:35:51.0807 6512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:51.0838 6512 vwififlt - ok
21:35:51.0947 6512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:51.0978 6512 WacomPen - ok
21:35:52.0087 6512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:52.0134 6512 WANARP - ok
21:35:52.0134 6512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:52.0181 6512 Wanarpv6 - ok
21:35:52.0306 6512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:35:52.0321 6512 Wd - ok
21:35:52.0446 6512 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:35:52.0477 6512 WDC_SAM - ok
21:35:52.0587 6512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:35:52.0618 6512 Wdf01000 - ok
21:35:52.0743 6512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:52.0789 6512 WfpLwf - ok
21:35:52.0883 6512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:35:52.0899 6512 WIMMount - ok
21:35:53.0008 6512 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:35:53.0039 6512 winachsf - ok
21:35:53.0179 6512 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:35:53.0211 6512 WinUsb - ok
21:35:53.0351 6512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:35:53.0382 6512 WmiAcpi - ok
21:35:53.0491 6512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:53.0554 6512 ws2ifsl - ok
21:35:53.0694 6512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:35:53.0772 6512 WudfPf - ok
21:35:53.0881 6512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:53.0944 6512 WUDFRd - ok
21:35:54.0069 6512 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
21:35:54.0100 6512 XAudio - ok
21:35:54.0147 6512 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk1\DR1
21:35:54.0178 6512 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
21:35:54.0178 6512 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
21:35:54.0895 6512 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
21:35:54.0895 6512 \Device\Harddisk1\DR1 - detected TDSS File System (1)
21:35:58.0593 6512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:35:58.0718 6512 \Device\Harddisk0\DR0 - ok
21:35:58.0718 6512 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
21:35:58.0874 6512 \Device\Harddisk2\DR2 - ok
21:35:58.0936 6512 Boot (0x1200) (c88a41d745e96a715af83e66473ed0d6) \Device\Harddisk1\DR1\Partition0
21:35:58.0936 6512 \Device\Harddisk1\DR1\Partition0 - ok
21:35:58.0936 6512 Boot (0x1200) (e24e5a9cdfa81f012d3bf0ca5e7fb140) \Device\Harddisk1\DR1\Partition1
21:35:58.0936 6512 \Device\Harddisk1\DR1\Partition1 - ok
21:35:58.0967 6512 Boot (0x1200) (4f9b06b3665e975f5efd4a5ee05a7d75) \Device\Harddisk1\DR1\Partition2
21:35:58.0967 6512 \Device\Harddisk1\DR1\Partition2 - ok
21:35:58.0983 6512 Boot (0x1200) (e7e2a9958803d0809296baad4334f5e5) \Device\Harddisk2\DR2\Partition0
21:35:58.0983 6512 \Device\Harddisk2\DR2\Partition0 - ok
21:35:58.0983 6512 ============================================================
21:35:58.0983 6512 Scan finished
21:35:58.0983 6512 ============================================================
21:35:58.0998 6368 Detected object count: 2
21:35:58.0998 6368 Actual detected object count: 2
21:36:51.0680 6368 \Device\Harddisk1\DR1\# - copied to quarantine
21:36:51.0680 6368 \Device\Harddisk1\DR1 - copied to quarantine
21:36:51.0711 6368 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
21:36:51.0711 6368 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
21:36:51.0711 6368 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
21:36:51.0711 6368 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
21:36:51.0726 6368 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
21:36:51.0726 6368 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
21:36:51.0726 6368 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
21:36:51.0726 6368 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
21:36:51.0742 6368 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
21:36:51.0742 6368 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
21:36:51.0742 6368 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
21:36:51.0742 6368 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
21:36:51.0773 6368 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:36:51.0773 6368 \Device\Harddisk1\DR1 - ok
21:36:52.0366 6368 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:36:52.0366 6368 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
21:36:52.0366 6368 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
21:37:10.0072 1592 Deinitialize success

oldman960
2012-03-07, 05:48
Hi lavilev,

Please rerun TDSSKiller. When you are presented with


21:35:54.0895 6512 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
21:35:54.0895 6512 \Device\Harddisk1\DR1 - detected TDSS File System (1)please use the dropdown menu and select delete.

Next

Please rerun aswMBR.

Please post back with
TDSSKiller log
aswMBR log
How's the computer?

lavilev
2012-03-07, 07:15
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 23:04:56
-----------------------------
23:04:56.592 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:56.592 Number of processors: 2 586 0x170A
23:04:56.593 ComputerName: LAVILEV-PC UserName: LaviLev
23:04:57.782 Initialize success
23:05:03.527 AVAST engine defs: 12030600
23:05:07.296 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:05:07.299 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
23:05:07.302 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
23:05:07.305 Disk 1 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
23:05:07.349 Disk 1 MBR read successfully
23:05:07.353 Disk 1 MBR scan
23:05:07.376 Disk 1 Windows 7 default MBR code
23:05:07.380 Disk 1 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
23:05:07.398 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
23:05:07.417 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 366261 MB offset 25382700
23:05:07.450 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 98283 MB offset 775487488
23:05:07.484 Disk 1 scanning C:\Windows\system32\drivers
23:05:18.795 Service scanning
23:05:40.370 Modules scanning
23:05:40.380 Disk 1 trace - called modules:
23:05:40.419 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:05:40.426 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004c2c060]
23:05:40.433 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003c75450]
23:05:40.440 5 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003db0060]
23:05:41.389 AVAST engine scan C:\Windows
23:05:43.563 AVAST engine scan C:\Windows\system32
23:09:11.605 AVAST engine scan C:\Windows\system32\drivers
23:09:25.773 AVAST engine scan C:\Users\LaviLev
00:04:38.553 AVAST engine scan C:\ProgramData
00:06:28.892 Scan finished successfully
00:07:24.662 Disk 1 MBR has been saved successfully to "C:\Users\LaviLev\Desktop\MBR.dat"
00:07:24.677 The log file has been saved successfully to "C:\Users\LaviLev\Desktop\aswMBR.txt"

lavilev
2012-03-07, 07:16
23:02:50.0918 3920 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
23:02:51.0163 3920 ============================================================
23:02:51.0163 3920 Current date / time: 2012/03/06 23:02:51.0163
23:02:51.0163 3920 SystemInfo:
23:02:51.0163 3920
23:02:51.0163 3920 OS Version: 6.1.7601 ServicePack: 1.0
23:02:51.0163 3920 Product type: Workstation
23:02:51.0163 3920 ComputerName: LAVILEV-PC
23:02:51.0164 3920 UserName: LaviLev
23:02:51.0164 3920 Windows directory: C:\Windows
23:02:51.0164 3920 System windows directory: C:\Windows
23:02:51.0164 3920 Running under WOW64
23:02:51.0164 3920 Processor architecture: Intel x64
23:02:51.0164 3920 Number of processors: 2
23:02:51.0164 3920 Page size: 0x1000
23:02:51.0164 3920 Boot type: Normal boot
23:02:51.0164 3920 ============================================================
23:02:52.0291 3920 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:55.0897 3920 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:55.0904 3920 Drive \Device\Harddisk2\DR2 - Size: 0x1ECF00000 (7.70 Gb), SectorSize: 0x200, Cylinders: 0x3ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:02:55.0908 3920 \Device\Harddisk1\DR1:
23:02:55.0926 3920 MBR used
23:02:55.0926 3920 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
23:02:55.0926 3920 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x2CB5A904
23:02:55.0926 3920 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2E390000, BlocksNum 0xBFF5800
23:02:55.0926 3920 \Device\Harddisk0\DR0:
23:02:55.0942 3920 MBR used
23:02:55.0942 3920 \Device\Harddisk2\DR2:
23:02:55.0943 3920 MBR used
23:02:55.0943 3920 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0xF65800
23:02:56.0093 3920 Initialize success
23:02:56.0093 3920 ============================================================
23:03:07.0052 4056 ============================================================
23:03:07.0052 4056 Scan started
23:03:07.0052 4056 Mode: Manual; SigCheck; TDLFS;
23:03:07.0052 4056 ============================================================
23:03:07.0631 4056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:03:07.0714 4056 1394ohci - ok
23:03:07.0857 4056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:03:07.0874 4056 ACPI - ok
23:03:07.0995 4056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:03:08.0028 4056 AcpiPmi - ok
23:03:08.0137 4056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:03:08.0156 4056 adp94xx - ok
23:03:08.0289 4056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:03:08.0306 4056 adpahci - ok
23:03:08.0427 4056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:03:08.0441 4056 adpu320 - ok
23:03:08.0595 4056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:03:08.0652 4056 AFD - ok
23:03:08.0762 4056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:03:08.0775 4056 agp440 - ok
23:03:08.0887 4056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:03:08.0899 4056 aliide - ok
23:03:08.0997 4056 ALSysIO - ok
23:03:09.0101 4056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:03:09.0113 4056 amdide - ok
23:03:09.0203 4056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:03:09.0272 4056 AmdK8 - ok
23:03:09.0368 4056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:03:09.0415 4056 AmdPPM - ok
23:03:09.0523 4056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:03:09.0536 4056 amdsata - ok
23:03:09.0632 4056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:03:09.0647 4056 amdsbs - ok
23:03:09.0744 4056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:03:09.0756 4056 amdxata - ok
23:03:09.0864 4056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:03:09.0936 4056 AppID - ok
23:03:10.0060 4056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:03:10.0073 4056 arc - ok
23:03:10.0175 4056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:03:10.0187 4056 arcsas - ok
23:03:10.0313 4056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:10.0371 4056 AsyncMac - ok
23:03:10.0484 4056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:03:10.0496 4056 atapi - ok
23:03:10.0700 4056 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
23:03:10.0808 4056 atikmdag - ok
23:03:10.0946 4056 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:03:10.0970 4056 AVGIDSDriver - ok
23:03:11.0103 4056 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:03:11.0112 4056 AVGIDSEH - ok
23:03:11.0218 4056 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:03:11.0228 4056 AVGIDSFilter - ok
23:03:11.0349 4056 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:03:11.0363 4056 Avgldx64 - ok
23:03:11.0488 4056 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:03:11.0497 4056 Avgmfx64 - ok
23:03:11.0624 4056 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:03:11.0634 4056 Avgrkx64 - ok
23:03:11.0767 4056 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:03:11.0783 4056 Avgtdia - ok
23:03:11.0922 4056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:03:11.0977 4056 b06bdrv - ok
23:03:12.0091 4056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:12.0153 4056 b57nd60a - ok
23:03:12.0291 4056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:03:12.0370 4056 Beep - ok
23:03:12.0498 4056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:12.0537 4056 blbdrive - ok
23:03:12.0678 4056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:03:12.0740 4056 bowser - ok
23:03:12.0849 4056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:03:12.0883 4056 BrFiltLo - ok
23:03:12.0994 4056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:03:13.0010 4056 BrFiltUp - ok
23:03:13.0127 4056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:03:13.0178 4056 Brserid - ok
23:03:13.0283 4056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:03:13.0310 4056 BrSerWdm - ok
23:03:13.0406 4056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:03:13.0430 4056 BrUsbMdm - ok
23:03:13.0528 4056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:03:13.0549 4056 BrUsbSer - ok
23:03:13.0677 4056 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:03:13.0748 4056 BthEnum - ok
23:03:13.0841 4056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:03:13.0874 4056 BTHMODEM - ok
23:03:13.0992 4056 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:03:14.0025 4056 BthPan - ok
23:03:14.0147 4056 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:03:14.0185 4056 BTHPORT - ok
23:03:14.0315 4056 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:03:14.0350 4056 BTHUSB - ok
23:03:14.0484 4056 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:03:14.0537 4056 CAXHWAZL - ok
23:03:14.0645 4056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:03:14.0705 4056 cdfs - ok
23:03:14.0824 4056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:03:14.0860 4056 cdrom - ok
23:03:14.0973 4056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:03:15.0012 4056 circlass - ok
23:03:15.0159 4056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:03:15.0176 4056 CLFS - ok
23:03:15.0307 4056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:03:15.0336 4056 CmBatt - ok
23:03:15.0450 4056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:03:15.0462 4056 cmdide - ok
23:03:15.0592 4056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:03:15.0616 4056 CNG - ok
23:03:15.0722 4056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:03:15.0733 4056 Compbatt - ok
23:03:15.0863 4056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:03:15.0899 4056 CompositeBus - ok
23:03:15.0989 4056 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:03:16.0001 4056 cpudrv64 - ok
23:03:16.0102 4056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:03:16.0113 4056 crcdisk - ok
23:03:16.0266 4056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:03:16.0320 4056 DfsC - ok
23:03:16.0434 4056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:03:16.0492 4056 discache - ok
23:03:16.0604 4056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:03:16.0616 4056 Disk - ok
23:03:16.0688 4056 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
23:03:16.0698 4056 DKbFltr - ok
23:03:16.0823 4056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:03:16.0848 4056 drmkaud - ok
23:03:16.0968 4056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:03:16.0999 4056 DXGKrnl - ok
23:03:17.0161 4056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:03:17.0211 4056 ebdrv - ok
23:03:17.0338 4056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:03:17.0358 4056 elxstor - ok
23:03:17.0464 4056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:03:17.0517 4056 ErrDev - ok
23:03:17.0637 4056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:03:17.0696 4056 exfat - ok
23:03:17.0812 4056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:03:17.0880 4056 fastfat - ok
23:03:17.0988 4056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:03:18.0035 4056 fdc - ok
23:03:18.0163 4056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:03:18.0175 4056 FileInfo - ok
23:03:18.0281 4056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:03:18.0352 4056 Filetrace - ok
23:03:18.0458 4056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:18.0475 4056 flpydisk - ok
23:03:18.0590 4056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:03:18.0606 4056 FltMgr - ok
23:03:18.0713 4056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:03:18.0725 4056 FsDepends - ok
23:03:18.0824 4056 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:03:18.0836 4056 Fs_Rec - ok
23:03:18.0959 4056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:03:18.0976 4056 fvevol - ok
23:03:19.0087 4056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:03:19.0099 4056 gagp30kx - ok
23:03:19.0212 4056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:03:19.0221 4056 GEARAspiWDM - ok
23:03:19.0348 4056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:03:19.0404 4056 hcw85cir - ok
23:03:19.0509 4056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:03:19.0547 4056 HdAudAddService - ok
23:03:19.0658 4056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:03:19.0697 4056 HDAudBus - ok
23:03:19.0804 4056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:03:19.0840 4056 HidBatt - ok
23:03:19.0948 4056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:03:19.0980 4056 HidBth - ok
23:03:20.0089 4056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:03:20.0128 4056 HidIr - ok
23:03:20.0237 4056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:03:20.0264 4056 HidUsb - ok
23:03:20.0369 4056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:03:20.0381 4056 HpSAMD - ok
23:03:20.0527 4056 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:03:20.0578 4056 HSF_DPV - ok
23:03:20.0721 4056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:03:20.0793 4056 HTTP - ok
23:03:20.0896 4056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:03:20.0907 4056 hwpolicy - ok
23:03:21.0016 4056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:03:21.0031 4056 i8042prt - ok
23:03:21.0147 4056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:03:21.0165 4056 iaStorV - ok
23:03:21.0419 4056 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:03:21.0630 4056 igfx - ok
23:03:21.0733 4056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:03:21.0745 4056 iirsp - ok
23:03:21.0898 4056 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
23:03:21.0936 4056 IntcAzAudAddService - ok
23:03:22.0045 4056 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
23:03:22.0073 4056 IntcHdmiAddService - ok
23:03:22.0184 4056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:03:22.0195 4056 intelide - ok
23:03:22.0308 4056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:03:22.0337 4056 intelppm - ok
23:03:22.0463 4056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:22.0522 4056 IpFilterDriver - ok
23:03:22.0626 4056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:03:22.0656 4056 IPMIDRV - ok
23:03:22.0770 4056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:03:22.0823 4056 IPNAT - ok
23:03:22.0938 4056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:03:22.0958 4056 IRENUM - ok
23:03:23.0065 4056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:03:23.0077 4056 isapnp - ok
23:03:23.0186 4056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:03:23.0201 4056 iScsiPrt - ok
23:03:23.0329 4056 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:03:23.0346 4056 k57nd60a - ok
23:03:23.0453 4056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:03:23.0465 4056 kbdclass - ok
23:03:23.0571 4056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:03:23.0603 4056 kbdhid - ok
23:03:23.0721 4056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:03:23.0734 4056 KSecDD - ok
23:03:23.0841 4056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:03:23.0855 4056 KSecPkg - ok
23:03:23.0954 4056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:03:24.0005 4056 ksthunk - ok
23:03:24.0135 4056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:03:24.0191 4056 lltdio - ok
23:03:24.0307 4056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:03:24.0320 4056 LSI_FC - ok
23:03:24.0429 4056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:03:24.0442 4056 LSI_SAS - ok
23:03:24.0552 4056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:03:24.0566 4056 LSI_SAS2 - ok
23:03:24.0666 4056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:03:24.0680 4056 LSI_SCSI - ok
23:03:24.0794 4056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:03:24.0852 4056 luafv - ok
23:03:24.0962 4056 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
23:03:24.0978 4056 mcdbus - ok
23:03:25.0080 4056 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:03:25.0110 4056 mdmxsdk - ok
23:03:25.0216 4056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:03:25.0228 4056 megasas - ok
23:03:25.0335 4056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:03:25.0352 4056 MegaSR - ok
23:03:25.0464 4056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:03:25.0513 4056 Modem - ok
23:03:25.0617 4056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:03:25.0636 4056 monitor - ok
23:03:25.0756 4056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:03:25.0769 4056 mouclass - ok
23:03:25.0884 4056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:03:25.0913 4056 mouhid - ok
23:03:26.0020 4056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:03:26.0033 4056 mountmgr - ok
23:03:26.0141 4056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:03:26.0154 4056 mpio - ok
23:03:26.0262 4056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:03:26.0320 4056 mpsdrv - ok
23:03:26.0438 4056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:03:26.0509 4056 MRxDAV - ok
23:03:26.0610 4056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:26.0653 4056 mrxsmb - ok
23:03:26.0775 4056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:26.0807 4056 mrxsmb10 - ok
23:03:26.0930 4056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:26.0947 4056 mrxsmb20 - ok
23:03:27.0053 4056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:03:27.0065 4056 msahci - ok
23:03:27.0181 4056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:03:27.0195 4056 msdsm - ok
23:03:27.0323 4056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:03:27.0363 4056 Msfs - ok
23:03:27.0460 4056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:03:27.0534 4056 mshidkmdf - ok
23:03:27.0636 4056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:03:27.0647 4056 msisadrv - ok
23:03:27.0751 4056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:03:27.0805 4056 MSKSSRV - ok
23:03:27.0905 4056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:27.0956 4056 MSPCLOCK - ok
23:03:28.0073 4056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:03:28.0122 4056 MSPQM - ok
23:03:28.0238 4056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:03:28.0256 4056 MsRPC - ok
23:03:28.0365 4056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:03:28.0377 4056 mssmbios - ok
23:03:28.0481 4056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:03:28.0537 4056 MSTEE - ok
23:03:28.0639 4056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:03:28.0692 4056 MTConfig - ok
23:03:28.0790 4056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:03:28.0803 4056 Mup - ok
23:03:28.0912 4056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:03:28.0949 4056 NativeWifiP - ok
23:03:29.0070 4056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:03:29.0097 4056 NDIS - ok
23:03:29.0188 4056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:03:29.0242 4056 NdisCap - ok
23:03:29.0347 4056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:29.0413 4056 NdisTapi - ok
23:03:29.0542 4056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:29.0594 4056 Ndisuio - ok
23:03:29.0700 4056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:29.0755 4056 NdisWan - ok
23:03:29.0870 4056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:03:29.0927 4056 NDProxy - ok
23:03:30.0032 4056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:03:30.0086 4056 NetBIOS - ok
23:03:30.0203 4056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:03:30.0245 4056 NetBT - ok
23:03:30.0554 4056 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
23:03:30.0794 4056 NETw5s64 - ok
23:03:31.0047 4056 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
23:03:31.0251 4056 netw5v64 - ok
23:03:31.0545 4056 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:03:31.0801 4056 NETwNs64 - ok
23:03:31.0899 4056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:03:31.0911 4056 nfrd960 - ok
23:03:32.0044 4056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:03:32.0093 4056 Npfs - ok
23:03:32.0094 4056 Scan interrupted by user!
23:03:32.0094 4056 Scan interrupted by user!
23:03:32.0094 4056 Scan interrupted by user!
23:03:32.0094 4056 ============================================================
23:03:32.0094 4056 Scan finished
23:03:32.0094 4056 ============================================================
23:03:32.0105 3404 Detected object count: 0
23:03:32.0105 3404 Actual detected object count: 0
23:03:35.0679 1428 ============================================================
23:03:35.0679 1428 Scan started
23:03:35.0679 1428 Mode: Manual; SigCheck; TDLFS;
23:03:35.0679 1428 ============================================================
23:03:36.0145 1428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:03:36.0170 1428 1394ohci - ok
23:03:36.0283 1428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:03:36.0299 1428 ACPI - ok
23:03:36.0409 1428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:03:36.0426 1428 AcpiPmi - ok
23:03:36.0529 1428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:03:36.0548 1428 adp94xx - ok
23:03:36.0647 1428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:03:36.0663 1428 adpahci - ok
23:03:36.0764 1428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:03:36.0777 1428 adpu320 - ok
23:03:36.0898 1428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:03:36.0917 1428 AFD - ok
23:03:37.0021 1428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:03:37.0033 1428 agp440 - ok
23:03:37.0146 1428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:03:37.0157 1428 aliide - ok
23:03:37.0223 1428 ALSysIO - ok
23:03:37.0326 1428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:03:37.0337 1428 amdide - ok
23:03:37.0428 1428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:03:37.0443 1428 AmdK8 - ok
23:03:37.0548 1428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:03:37.0563 1428 AmdPPM - ok
23:03:37.0660 1428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:03:37.0672 1428 amdsata - ok
23:03:37.0769 1428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:03:37.0783 1428 amdsbs - ok
23:03:37.0881 1428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:03:37.0892 1428 amdxata - ok
23:03:38.0000 1428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:03:38.0036 1428 AppID - ok
23:03:38.0151 1428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:03:38.0163 1428 arc - ok
23:03:38.0265 1428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:03:38.0278 1428 arcsas - ok
23:03:38.0382 1428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:38.0418 1428 AsyncMac - ok
23:03:38.0531 1428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:03:38.0542 1428 atapi - ok
23:03:38.0735 1428 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
23:03:38.0806 1428 atikmdag - ok
23:03:38.0926 1428 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:03:38.0938 1428 AVGIDSDriver - ok
23:03:39.0039 1428 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:03:39.0048 1428 AVGIDSEH - ok
23:03:39.0142 1428 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:03:39.0151 1428 AVGIDSFilter - ok
23:03:39.0262 1428 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:03:39.0274 1428 Avgldx64 - ok
23:03:39.0368 1428 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:03:39.0378 1428 Avgmfx64 - ok
23:03:39.0493 1428 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:03:39.0502 1428 Avgrkx64 - ok
23:03:39.0613 1428 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:03:39.0627 1428 Avgtdia - ok
23:03:39.0746 1428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:03:39.0765 1428 b06bdrv - ok
23:03:39.0871 1428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:39.0888 1428 b57nd60a - ok
23:03:39.0993 1428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:03:40.0030 1428 Beep - ok
23:03:40.0134 1428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:40.0148 1428 blbdrive - ok
23:03:40.0247 1428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:03:40.0260 1428 bowser - ok
23:03:40.0362 1428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:03:40.0379 1428 BrFiltLo - ok
23:03:40.0485 1428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:03:40.0501 1428 BrFiltUp - ok
23:03:40.0606 1428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:03:40.0624 1428 Brserid - ok
23:03:40.0730 1428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:03:40.0746 1428 BrSerWdm - ok
23:03:40.0841 1428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:03:40.0857 1428 BrUsbMdm - ok
23:03:40.0952 1428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:03:40.0966 1428 BrUsbSer - ok
23:03:41.0079 1428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:03:41.0093 1428 BthEnum - ok
23:03:41.0188 1428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:03:41.0205 1428 BTHMODEM - ok
23:03:41.0316 1428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:03:41.0333 1428 BthPan - ok
23:03:41.0460 1428 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:03:41.0479 1428 BTHPORT - ok
23:03:41.0594 1428 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:03:41.0608 1428 BTHUSB - ok
23:03:41.0709 1428 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:03:41.0726 1428 CAXHWAZL - ok
23:03:41.0825 1428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:03:41.0861 1428 cdfs - ok
23:03:41.0959 1428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:03:41.0975 1428 cdrom - ok
23:03:42.0075 1428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:03:42.0092 1428 circlass - ok
23:03:42.0183 1428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:03:42.0199 1428 CLFS - ok
23:03:42.0309 1428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:03:42.0322 1428 CmBatt - ok
23:03:42.0430 1428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:03:42.0441 1428 cmdide - ok
23:03:42.0549 1428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:03:42.0573 1428 CNG - ok
23:03:42.0668 1428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:03:42.0680 1428 Compbatt - ok
23:03:42.0787 1428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:03:42.0804 1428 CompositeBus - ok
23:03:42.0869 1428 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:03:42.0878 1428 cpudrv64 - ok
23:03:42.0982 1428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:03:42.0993 1428 crcdisk - ok

lavilev
2012-03-07, 07:17
23:03:43.0112 1428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:03:43.0148 1428 DfsC - ok
23:03:43.0247 1428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:03:43.0284 1428 discache - ok
23:03:43.0384 1428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:03:43.0396 1428 Disk - ok
23:03:43.0467 1428 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
23:03:43.0477 1428 DKbFltr - ok
23:03:43.0558 1428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:03:43.0574 1428 drmkaud - ok
23:03:43.0693 1428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:03:43.0719 1428 DXGKrnl - ok
23:03:43.0885 1428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:03:43.0936 1428 ebdrv - ok
23:03:44.0051 1428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:03:44.0070 1428 elxstor - ok
23:03:44.0177 1428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:03:44.0192 1428 ErrDev - ok
23:03:44.0306 1428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:03:44.0344 1428 exfat - ok
23:03:44.0448 1428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:03:44.0486 1428 fastfat - ok
23:03:44.0590 1428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:03:44.0604 1428 fdc - ok
23:03:44.0698 1428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:03:44.0711 1428 FileInfo - ok
23:03:44.0817 1428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:03:44.0853 1428 Filetrace - ok
23:03:44.0937 1428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:44.0952 1428 flpydisk - ok
23:03:45.0060 1428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:03:45.0075 1428 FltMgr - ok
23:03:45.0183 1428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:03:45.0194 1428 FsDepends - ok
23:03:45.0293 1428 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:03:45.0305 1428 Fs_Rec - ok
23:03:45.0418 1428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:03:45.0436 1428 fvevol - ok
23:03:45.0545 1428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:03:45.0557 1428 gagp30kx - ok
23:03:45.0659 1428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:03:45.0668 1428 GEARAspiWDM - ok
23:03:45.0784 1428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:03:45.0798 1428 hcw85cir - ok
23:03:45.0900 1428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:03:45.0920 1428 HdAudAddService - ok
23:03:46.0027 1428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:03:46.0045 1428 HDAudBus - ok
23:03:46.0151 1428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:03:46.0166 1428 HidBatt - ok
23:03:46.0262 1428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:03:46.0279 1428 HidBth - ok
23:03:46.0381 1428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:03:46.0397 1428 HidIr - ok
23:03:46.0507 1428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:03:46.0521 1428 HidUsb - ok
23:03:46.0627 1428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:03:46.0640 1428 HpSAMD - ok
23:03:46.0763 1428 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:03:46.0792 1428 HSF_DPV - ok
23:03:46.0913 1428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:03:46.0958 1428 HTTP - ok
23:03:47.0065 1428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:03:47.0077 1428 hwpolicy - ok
23:03:47.0174 1428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:03:47.0192 1428 i8042prt - ok
23:03:47.0306 1428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:03:47.0323 1428 iaStorV - ok
23:03:47.0566 1428 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:03:47.0662 1428 igfx - ok
23:03:47.0770 1428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:03:47.0782 1428 iirsp - ok
23:03:47.0912 1428 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
23:03:47.0952 1428 IntcAzAudAddService - ok
23:03:48.0048 1428 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
23:03:48.0061 1428 IntcHdmiAddService - ok
23:03:48.0164 1428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:03:48.0176 1428 intelide - ok
23:03:48.0278 1428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:03:48.0293 1428 intelppm - ok
23:03:48.0410 1428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:48.0447 1428 IpFilterDriver - ok
23:03:48.0551 1428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:03:48.0566 1428 IPMIDRV - ok
23:03:48.0606 1428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:03:48.0645 1428 IPNAT - ok
23:03:48.0752 1428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:03:48.0770 1428 IRENUM - ok
23:03:48.0879 1428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:03:48.0891 1428 isapnp - ok
23:03:49.0000 1428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:03:49.0015 1428 iScsiPrt - ok
23:03:49.0121 1428 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:03:49.0135 1428 k57nd60a - ok
23:03:49.0244 1428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:03:49.0256 1428 kbdclass - ok
23:03:49.0363 1428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:03:49.0377 1428 kbdhid - ok
23:03:49.0491 1428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:03:49.0503 1428 KSecDD - ok
23:03:49.0611 1428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:03:49.0624 1428 KSecPkg - ok
23:03:49.0724 1428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:03:49.0760 1428 ksthunk - ok
23:03:49.0871 1428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:03:49.0908 1428 lltdio - ok
23:03:50.0021 1428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:03:50.0034 1428 LSI_FC - ok
23:03:50.0143 1428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:03:50.0156 1428 LSI_SAS - ok
23:03:50.0267 1428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:03:50.0278 1428 LSI_SAS2 - ok
23:03:50.0381 1428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:03:50.0393 1428 LSI_SCSI - ok
23:03:50.0497 1428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:03:50.0534 1428 luafv - ok
23:03:50.0643 1428 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
23:03:50.0662 1428 mcdbus - ok
23:03:50.0772 1428 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:03:50.0785 1428 mdmxsdk - ok
23:03:50.0886 1428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:03:50.0897 1428 megasas - ok
23:03:51.0004 1428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:03:51.0020 1428 MegaSR - ok
23:03:51.0134 1428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:03:51.0171 1428 Modem - ok
23:03:51.0276 1428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:03:51.0292 1428 monitor - ok
23:03:51.0403 1428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:03:51.0415 1428 mouclass - ok
23:03:51.0520 1428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:03:51.0534 1428 mouhid - ok
23:03:51.0657 1428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:03:51.0669 1428 mountmgr - ok
23:03:51.0777 1428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:03:51.0790 1428 mpio - ok
23:03:51.0899 1428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:03:51.0936 1428 mpsdrv - ok
23:03:52.0052 1428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:03:52.0071 1428 MRxDAV - ok
23:03:52.0168 1428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:52.0184 1428 mrxsmb - ok
23:03:52.0278 1428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:52.0293 1428 mrxsmb10 - ok
23:03:52.0389 1428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:52.0403 1428 mrxsmb20 - ok
23:03:52.0512 1428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:03:52.0523 1428 msahci - ok
23:03:52.0628 1428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:03:52.0641 1428 msdsm - ok
23:03:52.0748 1428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:03:52.0785 1428 Msfs - ok
23:03:52.0874 1428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:03:52.0911 1428 mshidkmdf - ok
23:03:53.0016 1428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:03:53.0027 1428 msisadrv - ok
23:03:53.0142 1428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:03:53.0178 1428 MSKSSRV - ok
23:03:53.0284 1428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:53.0321 1428 MSPCLOCK - ok
23:03:53.0419 1428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:03:53.0456 1428 MSPQM - ok
23:03:53.0573 1428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:03:53.0589 1428 MsRPC - ok
23:03:53.0701 1428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:03:53.0712 1428 mssmbios - ok
23:03:53.0816 1428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:03:53.0853 1428 MSTEE - ok
23:03:53.0952 1428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:03:53.0966 1428 MTConfig - ok
23:03:54.0070 1428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:03:54.0082 1428 Mup - ok
23:03:54.0191 1428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:03:54.0213 1428 NativeWifiP - ok
23:03:54.0339 1428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:03:54.0364 1428 NDIS - ok
23:03:54.0456 1428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:03:54.0493 1428 NdisCap - ok
23:03:54.0593 1428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:54.0630 1428 NdisTapi - ok
23:03:54.0733 1428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:54.0769 1428 Ndisuio - ok
23:03:54.0880 1428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:54.0917 1428 NdisWan - ok
23:03:55.0017 1428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:03:55.0052 1428 NDProxy - ok
23:03:55.0145 1428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:03:55.0182 1428 NetBIOS - ok
23:03:55.0294 1428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:03:55.0331 1428 NetBT - ok
23:03:55.0600 1428 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
23:03:55.0697 1428 NETw5s64 - ok
23:03:55.0916 1428 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
23:03:55.0990 1428 netw5v64 - ok
23:03:56.0471 1428 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:03:56.0578 1428 NETwNs64 - ok
23:03:56.0678 1428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:03:56.0694 1428 nfrd960 - ok
23:03:56.0790 1428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:03:56.0827 1428 Npfs - ok
23:03:56.0939 1428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:03:56.0999 1428 nsiproxy - ok
23:03:57.0140 1428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:03:57.0183 1428 Ntfs - ok
23:03:57.0302 1428 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
23:03:57.0312 1428 NTIDrvr - ok
23:03:57.0419 1428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:03:57.0477 1428 Null - ok
23:03:57.0587 1428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:03:57.0600 1428 nvraid - ok
23:03:57.0710 1428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:03:57.0723 1428 nvstor - ok
23:03:57.0837 1428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:03:57.0850 1428 nv_agp - ok
23:03:57.0953 1428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:03:57.0976 1428 ohci1394 - ok
23:03:58.0138 1428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:03:58.0153 1428 Parport - ok
23:03:58.0259 1428 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:03:58.0271 1428 partmgr - ok
23:03:58.0377 1428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:03:58.0390 1428 pci - ok
23:03:58.0495 1428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:03:58.0507 1428 pciide - ok
23:03:58.0609 1428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:03:58.0624 1428 pcmcia - ok
23:03:58.0729 1428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:03:58.0741 1428 pcw - ok
23:03:58.0868 1428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:03:58.0915 1428 PEAUTH - ok
23:03:59.0058 1428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:03:59.0096 1428 PptpMiniport - ok
23:03:59.0193 1428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:03:59.0216 1428 Processor - ok
23:03:59.0338 1428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:03:59.0389 1428 Psched - ok
23:03:59.0529 1428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:03:59.0563 1428 ql2300 - ok
23:03:59.0668 1428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:03:59.0681 1428 ql40xx - ok
23:03:59.0790 1428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:03:59.0831 1428 QWAVEdrv - ok
23:03:59.0939 1428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:03:59.0985 1428 RasAcd - ok
23:04:00.0093 1428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:04:00.0131 1428 RasAgileVpn - ok
23:04:00.0244 1428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:04:00.0293 1428 Rasl2tp - ok
23:04:00.0389 1428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:04:00.0448 1428 RasPppoe - ok
23:04:00.0558 1428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:04:00.0604 1428 RasSstp - ok
23:04:00.0720 1428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:04:00.0770 1428 rdbss - ok
23:04:00.0869 1428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:04:00.0902 1428 rdpbus - ok
23:04:01.0010 1428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:04:01.0059 1428 RDPCDD - ok
23:04:01.0160 1428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:04:01.0214 1428 RDPENCDD - ok
23:04:01.0329 1428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:04:01.0365 1428 RDPREFMP - ok
23:04:01.0477 1428 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:04:01.0515 1428 RDPWD - ok
23:04:01.0635 1428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:04:01.0650 1428 rdyboost - ok
23:04:01.0773 1428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:04:01.0814 1428 RFCOMM - ok
23:04:01.0941 1428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:04:01.0987 1428 rspndr - ok
23:04:02.0108 1428 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
23:04:02.0137 1428 RSUSBSTOR - ok
23:04:02.0246 1428 RT-USB (5bdaf690fe82d8e531328de7e766fb7a) C:\Windows\system32\drivers\RT-USB64.SYS
23:04:02.0263 1428 RT-USB - ok
23:04:02.0387 1428 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
23:04:02.0400 1428 RTHDMIAzAudService - ok
23:04:02.0508 1428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:04:02.0520 1428 sbp2port - ok
23:04:02.0658 1428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:04:02.0707 1428 scfilter - ok
23:04:02.0823 1428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:04:02.0878 1428 secdrv - ok
23:04:02.0992 1428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:04:03.0013 1428 Serenum - ok
23:04:03.0117 1428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:04:03.0132 1428 Serial - ok
23:04:03.0235 1428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:04:03.0271 1428 sermouse - ok
23:04:03.0387 1428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:04:03.0418 1428 sffdisk - ok
23:04:03.0518 1428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:04:03.0538 1428 sffp_mmc - ok
23:04:03.0652 1428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:04:03.0678 1428 sffp_sd - ok
23:04:03.0786 1428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:04:03.0800 1428 sfloppy - ok
23:04:03.0942 1428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:04:03.0954 1428 SiSRaid2 - ok
23:04:04.0078 1428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:04:04.0090 1428 SiSRaid4 - ok
23:04:04.0215 1428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:04:04.0254 1428 Smb - ok
23:04:04.0382 1428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:04:04.0394 1428 spldr - ok
23:04:04.0527 1428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:04:04.0575 1428 srv - ok
23:04:04.0693 1428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:04:04.0730 1428 srv2 - ok
23:04:04.0849 1428 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:04:04.0868 1428 SrvHsfHDA - ok
23:04:05.0015 1428 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:04:05.0061 1428 SrvHsfV92 - ok
23:04:05.0205 1428 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:04:05.0231 1428 SrvHsfWinac - ok
23:04:05.0349 1428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:04:05.0376 1428 srvnet - ok
23:04:05.0520 1428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:04:05.0531 1428 stexstor - ok
23:04:05.0651 1428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:04:05.0663 1428 swenum - ok
23:04:05.0789 1428 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
23:04:05.0803 1428 SynTP - ok
23:04:05.0972 1428 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:04:06.0012 1428 Tcpip - ok
23:04:06.0172 1428 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:04:06.0215 1428 TCPIP6 - ok
23:04:06.0336 1428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:04:06.0387 1428 tcpipreg - ok
23:04:06.0499 1428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:04:06.0545 1428 TDPIPE - ok
23:04:06.0655 1428 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:04:06.0692 1428 TDTCP - ok
23:04:06.0808 1428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:04:06.0846 1428 tdx - ok
23:04:06.0955 1428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:04:06.0967 1428 TermDD - ok
23:04:07.0105 1428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:04:07.0154 1428 tssecsrv - ok
23:04:07.0269 1428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:04:07.0310 1428 TsUsbFlt - ok
23:04:07.0414 1428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:04:07.0469 1428 tunnel - ok
23:04:07.0577 1428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:04:07.0589 1428 uagp35 - ok
23:04:07.0706 1428 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
23:04:07.0716 1428 UBHelper - ok
23:04:07.0825 1428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:04:07.0880 1428 udfs - ok
23:04:07.0997 1428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:04:08.0009 1428 uliagpkx - ok
23:04:08.0129 1428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:04:08.0144 1428 umbus - ok
23:04:08.0245 1428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:04:08.0274 1428 UmPass - ok
23:04:08.0408 1428 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:04:08.0449 1428 USBAAPL64 - ok
23:04:08.0558 1428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:04:08.0583 1428 usbccgp - ok
23:04:08.0689 1428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:04:08.0720 1428 usbcir - ok
23:04:08.0818 1428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:04:08.0855 1428 usbehci - ok
23:04:08.0998 1428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:04:09.0046 1428 usbhub - ok
23:04:09.0159 1428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:04:09.0173 1428 usbohci - ok
23:04:09.0272 1428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:04:09.0295 1428 usbprint - ok
23:04:09.0404 1428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:04:09.0466 1428 USBSTOR - ok
23:04:09.0566 1428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:04:09.0589 1428 usbuhci - ok
23:04:09.0716 1428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:04:09.0734 1428 usbvideo - ok
23:04:09.0849 1428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:04:09.0860 1428 vdrvroot - ok
23:04:09.0962 1428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:04:09.0980 1428 vga - ok
23:04:10.0086 1428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:04:10.0132 1428 VgaSave - ok
23:04:10.0239 1428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:04:10.0253 1428 vhdmp - ok
23:04:10.0367 1428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:04:10.0378 1428 viaide - ok
23:04:10.0494 1428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:04:10.0506 1428 volmgr - ok
23:04:10.0616 1428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:04:10.0633 1428 volmgrx - ok
23:04:10.0742 1428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:04:10.0758 1428 volsnap - ok
23:04:10.0864 1428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:04:10.0878 1428 vsmraid - ok
23:04:10.0989 1428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:04:11.0008 1428 vwifibus - ok
23:04:11.0120 1428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:04:11.0139 1428 vwififlt - ok
23:04:11.0255 1428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:04:11.0278 1428 WacomPen - ok
23:04:11.0393 1428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:11.0442 1428 WANARP - ok
23:04:11.0447 1428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:11.0483 1428 Wanarpv6 - ok
23:04:11.0614 1428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:04:11.0626 1428 Wd - ok
23:04:11.0755 1428 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:04:11.0782 1428 WDC_SAM - ok
23:04:11.0895 1428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:04:11.0916 1428 Wdf01000 - ok
23:04:12.0048 1428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:04:12.0086 1428 WfpLwf - ok
23:04:12.0192 1428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:04:12.0204 1428 WIMMount - ok
23:04:12.0316 1428 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:04:12.0340 1428 winachsf - ok
23:04:12.0488 1428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:04:12.0516 1428 WinUsb - ok
23:04:12.0654 1428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:04:12.0684 1428 WmiAcpi - ok
23:04:12.0791 1428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:04:12.0842 1428 ws2ifsl - ok
23:04:12.0973 1428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:04:13.0043 1428 WudfPf - ok
23:04:13.0161 1428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:04:13.0213 1428 WUDFRd - ok
23:04:13.0341 1428 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
23:04:13.0365 1428 XAudio - ok
23:04:13.0411 1428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:04:14.0245 1428 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
23:04:14.0245 1428 \Device\Harddisk1\DR1 - detected TDSS File System (1)
23:04:17.0772 1428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:04:17.0856 1428 \Device\Harddisk0\DR0 - ok
23:04:17.0862 1428 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
23:04:18.0010 1428 \Device\Harddisk2\DR2 - ok
23:04:18.0048 1428 Boot (0x1200) (c88a41d745e96a715af83e66473ed0d6) \Device\Harddisk1\DR1\Partition0
23:04:18.0050 1428 \Device\Harddisk1\DR1\Partition0 - ok
23:04:18.0057 1428 Boot (0x1200) (e24e5a9cdfa81f012d3bf0ca5e7fb140) \Device\Harddisk1\DR1\Partition1
23:04:18.0058 1428 \Device\Harddisk1\DR1\Partition1 - ok
23:04:18.0090 1428 Boot (0x1200) (4f9b06b3665e975f5efd4a5ee05a7d75) \Device\Harddisk1\DR1\Partition2
23:04:18.0091 1428 \Device\Harddisk1\DR1\Partition2 - ok
23:04:18.0098 1428 Boot (0x1200) (e7e2a9958803d0809296baad4334f5e5) \Device\Harddisk2\DR2\Partition0
23:04:18.0101 1428 \Device\Harddisk2\DR2\Partition0 - ok
23:04:18.0101 1428 ============================================================
23:04:18.0101 1428 Scan finished
23:04:18.0101 1428 ============================================================
23:04:18.0111 1980 Detected object count: 1
23:04:18.0111 1980 Actual detected object count: 1
23:04:26.0517 1980 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
23:04:26.0521 1980 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
23:04:26.0525 1980 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
23:04:26.0530 1980 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
23:04:26.0538 1980 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
23:04:26.0590 1980 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
23:04:26.0591 1980 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
23:04:26.0593 1980 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
23:04:26.0595 1980 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
23:04:26.0598 1980 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
23:04:26.0610 1980 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
23:04:26.0612 1980 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
23:04:26.0613 1980 \Device\Harddisk1\DR1\TDLFS - deleted
23:04:26.0614 1980 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Delete
23:04:31.0441 1064 Deinitialize success

----------------------

thank you for all the help, comp feels great!:bigthumb:

oldman960
2012-03-07, 08:50
Hi lavilev,

Still some more to do.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

lavilev
2012-03-07, 15:45
ComboFix 12-03-06.01 - LaviLev 03/07/2012 8:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2811 [GMT -5:00]
Running from: c:\users\LaviLev\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iexplorer
c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Errors\2012_02_23_092610.txt
c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\iexplorer\iExplorer.exe
c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll
c:\program files (x86)\iexplorer\isxdl.dll
c:\program files (x86)\iexplorer\MPCrashReporter.dll
c:\program files (x86)\iexplorer\MPUpdater.dll
c:\program files (x86)\iexplorer\msvcr71.dll
c:\program files (x86)\iexplorer\PodPhone2.dll
c:\program files (x86)\iexplorer\unins000.dat
c:\program files (x86)\iexplorer\unins000.exe
c:\program files (x86)\iexplorer\unins000.msg
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 13:33 . 2012-03-07 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 02:36 . 2012-03-07 04:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-06 22:47 . 2012-03-06 22:47 -------- d-----w- c:\users\LaviLev\AppData\Local\WinZip
2012-03-06 22:46 . 2012-03-06 22:48 -------- d-----w- c:\programdata\WinZip
2012-03-06 22:28 . 2012-03-06 22:28 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-03 01:42 . 2012-03-03 01:42 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-03 01:42 . 2012-03-03 01:42 -------- d-----w- c:\windows\PCHEALTH
2012-03-03 01:38 . 2012-03-03 01:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-03 01:37 . 2012-03-03 01:37 -------- d-----r- C:\MSOCache
2012-02-13 02:33 . 2012-02-13 02:34 -------- d-----w- c:\program files\iTunes
2012-02-13 02:33 . 2012-02-13 02:34 -------- d-----w- c:\program files (x86)\iTunes
2012-02-13 02:33 . 2012-02-13 02:33 -------- d-----w- c:\program files\iPod
2012-02-08 06:54 . 2012-02-08 06:54 -------- d-----w- c:\users\LaviLev\Tracing
2012-02-08 06:52 . 2012-02-08 06:52 -------- d-----w- c:\windows\en
2012-02-08 06:47 . 2012-02-08 06:47 -------- d-----w- c:\program files\Windows Live
2012-02-08 06:46 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-02-08 06:46 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-02-08 06:46 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-08 06:46 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-02-08 06:46 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-08 06:46 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-08 06:45 . 2012-02-08 06:45 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\DSETUP.dll
2012-02-08 06:45 . 2012-02-08 06:45 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\DXSETUP.exe
2012-02-08 06:45 . 2012-02-08 06:45 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\47d4960b1cce62d12\dsetup32.dll
2012-02-08 06:45 . 2012-02-08 06:45 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\DSETUP.dll
2012-02-08 06:45 . 2012-02-08 06:45 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\DXSETUP.exe
2012-02-08 06:45 . 2012-02-08 06:45 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\458e47041cce62d11\dsetup32.dll
2012-02-08 06:43 . 2012-02-08 06:54 -------- d-----w- c:\users\LaviLev\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 14:08 . 2011-10-02 23:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 06:47 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nlsnet"="c:\windows\system32\config\systemprofile\AppData\Roaming\nlsnet.exe" [2012-03-06 67128]
.
c:\users\LaviLev\Documents\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
RT-Updater.lnk - c:\ross-tech\VCDS\VCDS.EXE [2012-1-25 930888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 00:04]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 00:04]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390952026-3048575554-1243231701-1001Core.job
- c:\users\LaviLev\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 05:18]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390952026-3048575554-1243231701-1001UA.job
- c:\users\LaviLev\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 05:18]
.
2012-03-04 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files (x86)\Registry Winner\RegistryWinner.exe [2012-01-17 18:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273610114505l03f4z135a48m2v28n
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title =
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 216.254.95.2,4.2.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\05F4C49534F4D4028444: NameServer = 205.171.3.65,208.67.222.222
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\2456C6B696E6F574F505C65737F5D494D4F4F5448383834424: NameServer = 156.154.70.1,4.2.2.3
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\A583839373: NameServer = 216.254.95.2,4.2.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425: NameServer = 216.254.95.2,4.2.2.1
FF - ProfilePath - c:\users\LaviLev\AppData\Roaming\Mozilla\Firefox\Profiles\hhbrubyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.vwvortex.com/subscription.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-07 08:39:12
ComboFix-quarantined-files.txt 2012-03-07 13:39
.
Pre-Run: 268,997,177,344 bytes free
Post-Run: 268,928,319,488 bytes free
.
- - End Of File - - 7A5B77B1F5295A3BD91F294D563E068F



-------------------------------------------------------------------------
*note: i ended up uninstalling AVG, as all the steps to disable worked as far as i could see, but combofix found them active in anti-virus and spyware. i proceeded to uninstall, but still got the active error? hope this does not hinder the log above

oldman960
2012-03-08, 01:35
Hi lavilev,

Open Windows Explorer. At the top click Organize.
click Folders and search options
click the view tab
check "Show hidden files, folders and drives"
uncheck "hide extentions for known file types"
uncheck Hide protected operating system files

Go to VirusTotal (www.virustotal.com) and submit the following file for analysis.

Use the Choose file button to navigate to

C:\Windows\syswow64\config\systemprofile\AppData\Roaming\nlsnet.exe


Click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete.

If you can't find the file try this path instead.

c:\windows\system32\config\systemprofile\AppData\Roaming\nlsnet.exe

lavilev
2012-03-08, 02:24
right when i did the above stated! AVG poped up with a threat. so i couldnt continue. here is the info from avg. virus vault
"Infection";"Trojan horse SHeur4.TIN";"c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\nlsnet.exe";"N/A";"3/7/2012, 7:19:15 PM"

oldman960
2012-03-08, 02:34
Hi lavilev,

Thanks, that answers that.


Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

lavilev
2012-03-08, 02:44
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
LaviLev :: LAVILEV-PC [administrator]

Protection: Enabled

3/7/2012 7:35:25 PM
mbam-log-2012-03-07 (19-35-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192842
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

oldman960
2012-03-08, 02:50
Hi

Any problems?


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

lavilev
2012-03-08, 03:48
OTL logfile created on: 3/7/2012 8:01:17 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\LaviLev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.12% Memory free
7.86 Gb Paging File | 6.10 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 357.68 Gb Total Space | 249.58 Gb Free Space | 69.78% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 205.51 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive E: | 95.98 Gb Total Space | 78.61 Gb Free Space | 81.90% Space Free | Partition Type: NTFS
Drive G: | 7.70 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive H: | 732.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAVILEV-PC | User Name: LaviLev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LaviLev\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe (RPA Technology)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NovacomD) -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe (Palm)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RT-USB) -- C:\Windows\SysNative\drivers\RT-USB64.SYS (Ross-Tech LLC)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273610114505l03f4z135a48m2v28n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273610114505l03f4z135a48m2v28n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z192&install_date=20111003
IE - HKCU\..\SearchScopes,DefaultScope = {9B97950D-482C-1D79-568F-FC7B9D40C785}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS451
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111003&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{A5BDA1A5-62BE-4977-AFD0-ADE60B3DF004}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forums.vwvortex.com/subscription.php"
FF - prefs.js..keyword.URL: "http://www.google.com/search?&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LaviLev\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LaviLev\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/07 08:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 10:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/11 22:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/03/07 08:47:25 | 000,000,000 | ---D | M]

[2011/10/02 17:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LaviLev\AppData\Roaming\Mozilla\Extensions
[2012/02/21 14:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LaviLev\AppData\Roaming\Mozilla\Firefox\Profiles\hhbrubyw.default\extensions
[2012/02/21 14:57:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\LaviLev\AppData\Roaming\Mozilla\Firefox\Profiles\hhbrubyw.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/12/31 16:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LAVILEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHBRUBYW.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/18 10:14:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 14:36:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/02/15 14:36:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\LaviLev\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LaviLev\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LaviLev\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\LaviLev\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_1\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\LaviLev\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\LaviLev\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\LaviLev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Users\LaviLev\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\LaviLev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/07 08:33:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\LaviLev\Documents\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\LaviLev\Documents\Startup\RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 216.254.95.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA}: DhcpNameServer = 192.168.2.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 19:53:59 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\LaviLev\Desktop\OTL.exe
[2012/03/07 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Roaming\Malwarebytes
[2012/03/07 19:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/07 19:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/07 19:34:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/07 19:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/07 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/07 19:33:46 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\LaviLev\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/07 19:19:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/07 09:13:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 08:48:50 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Roaming\AVG2012
[2012/03/07 08:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/07 08:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/03/07 08:47:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/03/07 08:15:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 08:15:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 08:15:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 07:56:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 07:53:51 | 004,428,059 | R--- | C] (Swearware) -- C:\Users\LaviLev\Desktop\ComboFix.exe
[2012/03/06 21:36:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/06 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\Desktop\FIXME
[2012/03/06 17:47:46 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Local\WinZip
[2012/03/06 17:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/03/06 17:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/03/06 17:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012/03/06 17:38:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 17:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/06 17:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/03/06 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/05 11:24:50 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LaviLev\Desktop\TDSSKiller.exe
[2012/03/02 20:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/02 20:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/02 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/03/02 20:42:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/02 20:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/02 20:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/02 20:37:12 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/02/27 13:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS
[2012/02/22 10:29:45 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\Documents\GLI REPAIR MANUAL
[2012/02/15 21:46:49 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 21:46:35 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 21:46:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 21:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 21:46:35 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 21:46:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 21:46:34 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 21:46:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 21:46:29 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 21:46:29 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 21:46:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/12 21:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/12 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/12 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/02/12 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/08 19:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/08 01:54:40 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Local\{193CE5D9-0571-4DC4-A5DA-3CAA0D51D4FC}
[2012/02/08 01:54:28 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Local\{7686645D-E2CE-4E03-98C5-67E66BBBD4AF}
[2012/02/08 01:54:22 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Local\{4DDBFCE9-3A2D-4854-A330-E816F49CF53C}
[2012/02/08 01:54:08 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\Tracing
[2012/02/08 01:52:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/02/08 01:52:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/02/08 01:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/02/08 01:46:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/02/08 01:46:36 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/02/08 01:46:34 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/02/08 01:46:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/02/08 01:46:07 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/02/08 01:46:07 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/02/08 01:43:55 | 000,000,000 | ---D | C] -- C:\Users\LaviLev\AppData\Local\Windows Live
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 19:54:00 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\LaviLev\Desktop\OTL.exe
[2012/03/07 19:53:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2390952026-3048575554-1243231701-1001UA.job
[2012/03/07 19:34:28 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 19:33:56 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\LaviLev\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/07 19:10:46 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 19:10:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 19:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 18:03:28 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/07 18:03:28 | 000,663,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/07 18:03:28 | 000,122,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 09:21:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 09:21:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 09:13:17 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 08:50:29 | 058,671,676 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/07 08:47:49 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/07 08:47:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/07 08:47:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/07 08:33:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/07 07:53:53 | 004,428,059 | R--- | M] (Swearware) -- C:\Users\LaviLev\Desktop\ComboFix.exe
[2012/03/07 00:07:24 | 000,000,512 | ---- | M] () -- C:\Users\LaviLev\Desktop\MBR.dat
[2012/03/06 21:53:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2390952026-3048575554-1243231701-1001Core.job
[2012/03/06 18:31:50 | 000,000,419 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/06 17:46:57 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/03/06 17:28:52 | 000,001,085 | ---- | M] () -- C:\Users\LaviLev\Documents\Startup\ERUNT AutoBackup.lnk
[2012/03/06 17:28:49 | 000,000,935 | ---- | M] () -- C:\Users\LaviLev\Desktop\NTREGOPT.lnk
[2012/03/06 17:28:49 | 000,000,916 | ---- | M] () -- C:\Users\LaviLev\Desktop\ERUNT.lnk
[2012/03/06 16:45:22 | 000,001,293 | ---- | M] () -- C:\Users\LaviLev\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/06 16:45:22 | 000,001,269 | ---- | M] () -- C:\Users\LaviLev\Desktop\Spybot - Search & Destroy.lnk
[2012/03/06 12:06:44 | 000,001,284 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LaviLev\Desktop\TDSSKiller.exe
[2012/03/04 08:22:46 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Registry Winner Schedule.job
[2012/03/02 20:49:19 | 000,425,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/27 13:49:35 | 000,000,751 | ---- | M] () -- C:\Users\LaviLev\Documents\Startup\RT-Updater.lnk
[2012/02/23 21:19:36 | 000,177,086 | ---- | M] () -- C:\Users\LaviLev\Desktop\blue housing.png
[2012/02/20 09:08:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/18 18:01:24 | 000,074,935 | ---- | M] () -- C:\Users\LaviLev\Desktop\treefaceniggah.png
[2012/02/17 21:52:57 | 000,203,097 | ---- | M] () -- C:\Users\LaviLev\Desktop\iphone blue.png
[2012/02/15 21:57:10 | 000,777,138 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/11 10:55:13 | 000,603,530 | ---- | M] () -- C:\Users\LaviLev\Desktop\iss-east-coast-panorama.jpg
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144915.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144914.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144912.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144911.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144904.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-144232.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-143959.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120306-113843.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-202930.backup
[2012/02/08 19:42:07 | 000,001,401 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-082302.backup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 19:34:28 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 08:50:29 | 058,671,676 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/07 08:47:49 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/07 08:47:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/07 08:47:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/07 08:15:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 08:15:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 08:15:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 08:15:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 08:15:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 00:07:24 | 000,000,512 | ---- | C] () -- C:\Users\LaviLev\Desktop\MBR.dat
[2012/03/06 17:46:57 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/03/06 17:28:52 | 000,001,085 | ---- | C] () -- C:\Users\LaviLev\Documents\Startup\ERUNT AutoBackup.lnk
[2012/03/06 17:28:49 | 000,000,935 | ---- | C] () -- C:\Users\LaviLev\Desktop\NTREGOPT.lnk
[2012/03/06 17:28:49 | 000,000,916 | ---- | C] () -- C:\Users\LaviLev\Desktop\ERUNT.lnk
[2012/03/06 16:45:22 | 000,001,293 | ---- | C] () -- C:\Users\LaviLev\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/06 16:45:22 | 000,001,269 | ---- | C] () -- C:\Users\LaviLev\Desktop\Spybot - Search & Destroy.lnk
[2012/03/06 09:19:44 | 000,000,419 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/27 13:49:35 | 000,000,751 | ---- | C] () -- C:\Users\LaviLev\Documents\Startup\RT-Updater.lnk
[2012/02/23 21:19:36 | 000,177,086 | ---- | C] () -- C:\Users\LaviLev\Desktop\blue housing.png
[2012/02/18 17:58:23 | 000,074,935 | ---- | C] () -- C:\Users\LaviLev\Desktop\treefaceniggah.png
[2012/02/17 21:52:57 | 000,203,097 | ---- | C] () -- C:\Users\LaviLev\Desktop\iphone blue.png
[2012/02/11 10:55:12 | 000,603,530 | ---- | C] () -- C:\Users\LaviLev\Desktop\iss-east-coast-panorama.jpg
[2012/02/08 01:51:57 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/02/08 01:51:31 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/02/08 01:50:46 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/02/08 01:50:10 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/31 17:45:08 | 000,001,298 | -HS- | C] () -- C:\Users\LaviLev\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
[2011/12/31 17:45:08 | 000,001,298 | -HS- | C] () -- C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
[2011/11/03 23:16:32 | 000,777,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

lavilev
2012-03-08, 03:49
========== LOP Check ==========

[2012/03/07 08:48:50 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\AVG2012
[2011/11/03 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\Jason Robitaille
[2011/12/06 11:30:53 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\JasonRobitaille
[2011/12/27 08:14:34 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\redsn0w
[2012/01/16 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\SPORE
[2011/12/28 23:46:10 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\SystemRequirementsLab
[2011/10/19 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\TeamViewer
[2011/10/02 20:25:53 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\Thunderbird
[2012/03/06 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\uTorrent
[2011/10/06 10:58:54 | 000,000,000 | ---D | M] -- C:\Users\LaviLev\AppData\Roaming\Xilisoft
[2012/03/04 08:22:46 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2012/01/17 23:22:14 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/27 23:49:08 | 000,000,394 | ---- | M] () -- C:\boot-ipt4g.lnk
[2009/08/28 06:29:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/07 08:39:13 | 000,017,867 | ---- | M] () -- C:\ComboFix.txt
[2011/05/04 16:07:32 | 000,000,821 | ---- | M] () -- C:\credits.txt
[2012/03/07 09:13:17 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 01:31:22 | 829,060,929 | ---- | M] () -- C:\iPhone3,1_5.0.1_9A405_Restore.ipsw
[2011/10/29 08:34:30 | 811,948,143 | ---- | M] () -- C:\iPhone3,1_5.0_9A334_Restore.ipsw
[2011/10/10 09:07:11 | 000,001,416 | ---- | M] () -- C:\lavi_signature.html
[2011/01/05 12:33:00 | 000,001,323 | ---- | M] () -- C:\license.txt
[2012/03/07 09:13:18 | 4221,546,496 | -HS- | M] () -- C:\pagefile.sys
[2011/01/02 19:49:24 | 000,000,553 | ---- | M] () -- C:\README.txt
[2011/10/20 22:19:02 | 020,745,728 | ---- | M] () -- C:\redsn0w.exe
[2009/08/28 05:40:39 | 000,003,170 | ---- | M] () -- C:\RHDSetup.log
[2012/03/06 21:37:10 | 000,088,450 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_06.03.2012_21.34.28_log.txt
[2012/03/06 23:04:31 | 000,133,642 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_06.03.2012_23.02.50_log.txt
[2011/10/04 15:27:21 | 000,033,461 | ---- | M] () -- C:\unitronic.gif

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s >


< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-D5E97654.PF >
[2012/03/07 19:19:08 | 000,105,046 | ---- | M] () MD5=1050F48C3423F200299337A0F00D4F04 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

< MD5 for: IEXPLORE.EXE >
[2011/11/05 00:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 03:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 00:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/06/21 01:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 00:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2011/06/21 00:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 03:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/04 23:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2011/08/20 00:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 01:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/12/16 03:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 04:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/08/20 00:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/08/19 23:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2012/03/06 18:56:11 | 000,044,256 | ---- | M] () MD5=9DDF516C5B89322C6A10E541F03F4423 -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< End of report >

lavilev
2012-03-08, 03:50
OTL Extras logfile created on: 3/7/2012 8:01:17 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\LaviLev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.12% Memory free
7.86 Gb Paging File | 6.10 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 357.68 Gb Total Space | 249.58 Gb Free Space | 69.78% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 205.51 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive E: | 95.98 Gb Total Space | 78.61 Gb Free Space | 81.90% Space Free | Partition Type: NTFS
Drive G: | 7.70 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive H: | 732.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAVILEV-PC | User Name: LaviLev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15FE4745-FF95-4746-A817-70CD06AAE8B8}" = Plex Media Server
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.1
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAC8C2FD-1FF8-4615-B827-9042248121CB}" = Mobile Mouse Server
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LManager" = Launch Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Registry Winner_is1" = Registry Winner 6.3
"uTorrent" = µTorrent
"VCDS Release 10.6" = VCDS Release 10.6.5
"VCDS Release 11.11" = VCDS Release 11.11.2
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"VLC Setup Helper_is1" = VLC Setup Helper
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"Xilisoft iPhone Magic" = Xilisoft iPhone Magic

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Back to the Future The Game" = Back to the Future The Game
"Google Chrome" = Google Chrome
"HP webOS(R) Doctor(tm) Build 71.68, webOS 3.0.2" = HP webOS(R) Doctor(tm) Build 71.68, webOS 3.0.2
"HP webOS(R) Doctor(tm) Build 80.77, webOS 3.0.4" = HP webOS(R) Doctor(tm) Build 80.77, webOS 3.0.4
"HP webOS(R) Doctor(tm) Build 88.86, webOS 3.0.5" = HP webOS(R) Doctor(tm) Build 88.86, webOS 3.0.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2012 7:21:02 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4739747

Error - 3/5/2012 7:21:03 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 7:21:03 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4740761

Error - 3/5/2012 7:21:03 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4740761

Error - 3/5/2012 7:21:04 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 7:21:04 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4741760

Error - 3/5/2012 7:21:04 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4741760

Error - 3/5/2012 7:21:07 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2012 7:21:07 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4744146

Error - 3/5/2012 7:21:07 PM | Computer Name = LaviLev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4744146

[ System Events ]
Error - 3/6/2012 6:34:37 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/6/2012 6:37:52 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 3/6/2012 6:46:50 PM | Computer Name = LaviLev-PC | Source = DCOM | ID = 10005
Description =

Error - 3/6/2012 6:46:50 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 3/6/2012 6:46:51 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 3/6/2012 6:46:51 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 3/6/2012 6:46:51 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 3/6/2012 6:46:51 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 3/6/2012 10:38:57 PM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 3/7/2012 8:52:43 AM | Computer Name = LaviLev-PC | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.


< End of report >

oldman960
2012-03-08, 04:35
Hi lavilev,

Your java is out of date. Click your start button > Control Panel
Use the drop down menu beside view by and change it to small icons
locate java (32bit) in the list and click on it
when the java console opens click the update tab
Click update now



Next

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
[2011/12/31 17:45:08 | 000,001,298 | -HS- | C] () -- C:\Users\LaviLev\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2
[2011/12/31 17:45:08 | 000,001,298 | -HS- | C] () -- C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2

:Commands
[emptytemp]
[createrestorepoint]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.


One more to check for stragglers.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.


Please post back with
OTL fix log
ESET log if there is one

lavilev
2012-03-08, 06:26
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\LaviLev\AppData\Local\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
C:\ProgramData\xnq02cl67hp6plpvidiu818060i0pwo240t66hwyxo2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LaviLev
->Temp folder emptied: 62981 bytes
->Temporary Internet Files folder emptied: 118071 bytes
->Java cache emptied: 9093 bytes
->FireFox cache emptied: 1095783937 bytes
->Google Chrome cache emptied: 6910424 bytes
->Flash cache emptied: 146702 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7829026 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19235508 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,078.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_214433

Files\Folders moved on Reboot...
C:\Users\LaviLev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------


C:\Program Files (x86)\Registry Winner\Update.exe.bak Win32/Adware.RegistryWinner application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_21.34.29\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.03.2012_23.02.51\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Users\LaviLev\Downloads\cnet_coretemp_coretemp_publisher_4645575_CNET_exe.exe a variant of Win32/InstallCore.D application
C:\Users\LaviLev\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
D:\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
D:\Registry.Winner.v6.3.8.26.Multilingual.Incl.Keymaker-CORE\RegistryWinner_Setup.exe multiple threats
D:\Xilisoft iPhone Magic v3.3+Crack [ kk ]\Xilisoft iPhone Magic v3.3+Crack [ kk ]\x-iphone-magic.exe Win32/Toolbar.Zugo application

oldman960
2012-03-09, 01:24
Hi lavilev,


Cracks-Keygens-Warez-Pirate

We do not support the use of illegally obtained software. The 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations.

Thank you for your understanding.
http://forums.spybot.info/faq.php?faq=vb3_board_faq#faq_vb3_board_usage


D:\Photoshop CS4\Adobe.Keygen.And.Patch\Any Product Activation\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
D:\Registry.Winner.v6.3.8.26.Multilingual.Incl.Keymaker-CORE\RegistryWinner_Setup.exe multiple threats
D:\Xilisoft iPhone Magic v3.3+Crack [ kk ]\Xilisoft iPhone Magic v3.3+Crack [ kk ]\x-iphone-magic.exe Win32/Toolbar.Zugo application The ESET log shows evidence of cracked programs. In order for me to continue helping please uninstall the following:

Registry Winner 6.3
Xilisoft iPhone Magic


µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem but what can be downloaded with it usually from an unknown source. This is probably the source of the cracks and your current situation.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please Download CKScanner by askey127 from HERE (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.

Doubleclick (Right click and "Run as administrator" in Vista/Win7) CKScanner.exe then click "Search For Files"
When the cursor hourglass disappears, click "Save List To File"
A message box will verify the file saved
please only run the tool once
Double-click the "CKFiles.txt" icon on your desktop then copy/paste the contents in your next reply

lavilev
2012-03-09, 03:52
programs uninstalled and folders of origin program "D: drive" deleted and removed!

----------------------------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.SNNAIJ
----- EOF -----

oldman960
2012-03-09, 05:44
Hi lavilev,

Thank you.

The rest of the ESET detections are Spybot's quarantined files and files we have quarantined with the tools. The ones we have quarantined will be removed along with the tools.


Everything looks good so if no problems we'll remove the tools.

From your desktop, please delete, if present
any notepads/logs that we created
DDS.scr
aswMBR
mbr.dat
mbr.zip
TDSSKiller


You can also delete this folder C:\TDSSKiller_Quarantine



Next

Click the Start button,in the search box type Run. At the top click run

Copy and paste the following line into the run box and click OK

Combofix /uninstall



Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates

Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the Foxit Toolbar offered during the install.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.5.0 MUI first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL (http://www.bleepingcomputer.com/forums/tutorial60.html) for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)


You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Automatic Updates to your chosen option Click your start button > Control Panel > System and Security > Windows Updates > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)


Please post back if you have any problems.

lavilev
2012-03-09, 15:51
thank you sir! all good! I truly appreciate your assistance!

oldman960
2012-03-09, 18:14
Hi lavilev,

Glad I could help.

Take care, keep safe.

oldman960
2012-03-10, 18:08
Since this issue appears to be resolved ... this Topic has been closed.