TechSpot

[A] Friend's desktop had no firewall or antivirus

By kozmyk
Sep 20, 2012
  1. Hello,

    I'm helping a friend reclaim their computer--I've done some cleaning on my own (first time I ran MWB, it came up with 48 problems, and avast found 5 infected files), but I wanted to make sure the issues were taken care of. I followed the steps, and the logs are below. Thank you for any assistance you can provide. I did not have a GMER log after completing that step.

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.20.06

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Maegan :: MAEGAN-PC [administrator]

    Protection: Disabled

    9/20/2012 8:39:02 AM
    mbam-log-2012-09-20 (08-39-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238470
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ----------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/21/2009 12:46:15 PM
    System Uptime: 9/20/2012 8:29:19 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0P927G
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | CPU 1 | 2900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 464 GiB total, 272.421 GiB free.
    D: is FIXED (NTFS) - 2 GiB total, 0.996 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    AMD Fusion for Gaming 1.0
    AMD OverDrive
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    avast! Free Antivirus
    Banctec Service Agreement
    Battlefield: Bad Company™ 2
    Big Fish Games Client
    Browser Address Error Redirector
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Turkish
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CCleaner (remove only)
    Dell Getting Started Guide
    Dell Video Chat (remove only)
    Download Updater (AOL LLC)
    Driver Detective
    GameTap Web Player
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java 7 Update 7
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Basic 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft PowerPoint Viewer
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Move Media Player
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Rocket
    ParetoLogic DriverCure
    PowerDVD
    PunkBuster Services
    QuickTime
    RAIDXpert
    Realtek High Definition Audio Driver
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Singlesnet
    Skins
    SpywareBlaster 4.6
    StarCraft II
    Steam
    TextPad 5
    The Lord of the Rings FREE Trial
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB Driver
    Visual C++ 8.0 Runtime Setup Package (x64)
    VoiceOver Kit
    WinRAR archiver
    Wireless USB Card
    World of Warcraft
    XPS Thermal Monitor
    Yahoo! Install Manager
    Yahoo! Messenger
    ZoneAlarm Firewall
    ZoneAlarm Free Firewall
    ZoneAlarm Security
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/20/2012 9:26:43 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer REGRETS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{00236BE0-C00A-456E-A9D8-FBE530456BA9}. The master browser is stopping or an election is being forced.
    9/20/2012 8:31:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    9/19/2012 3:42:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
    9/19/2012 3:03:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Microsoft Office File Validation Add-in.
    9/19/2012 2:27:18 PM, Error: EventLog [6008] - The previous system shutdown at 2:24:02 PM on 9/19/2012 was unexpected.
    9/19/2012 1:49:29 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/19/2012 1:32:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/19/2012 1:32:07 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/19/2012 1:21:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    9/19/2012 1:21:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/19/2012 1:21:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Maegan at 9:28:54 on 2012-09-20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3067.1488 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\BeepApp.exe
    C:\Users\Maegan\Desktop\0noxpvuc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fptb-msgr
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090122
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090122
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
    mRun: [RtHDVCpl] RAVCpl64.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{00236BE0-C00A-456E-A9D8-FBE530456BA9} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{ECFCBA76-06FD-4E48-AF3F-8B233B41DC7A} : DhcpNameServer = 192.168.1.254
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
    BHO-X64: AskBar BHO - No File
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
    BHO-X64: Browser Address Error Redirector - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB-X64: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
    mRun-x64: [RtHDVCpl] RAVCpl64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Maegan\AppData\Roaming\Mozilla\Firefox\Profiles\9yektyh8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-msgr
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Users\Maegan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-1-21 32240]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-10-2 122880]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-19 44808]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-8-30 33712]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-8-30 827560]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 399432]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
    S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist --> C:\Program Files (x86)\AMD\OverDrive\AODAssist [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-5-10 676936]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-19 114144]
    S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-09-20 13:44:03 -------- d-----w- C:\Users\Maegan\AppData\Local\Macromedia
    2012-09-20 13:36:33 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-20 13:36:33 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-19 20:00:19 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-09-19 20:00:15 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-09-19 19:59:32 41224 ----a-w- C:\Windows\avastSS.scr
    2012-09-19 19:58:28 -------- d-----w- C:\ProgramData\AVAST Software
    2012-09-19 19:58:28 -------- d-----w- C:\Program Files\AVAST Software
    2012-09-19 19:52:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-19 19:52:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-19 19:52:08 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 19:44:17 -------- d-----w- C:\Users\Maegan\AppData\Roaming\WinPatrol
    2012-09-19 19:43:33 -------- d-----w- C:\ProgramData\InstallMate
    2012-09-19 19:43:33 -------- d-----w- C:\Program Files (x86)\BillP Studios
    2012-09-19 19:36:00 -------- d-----w- C:\Users\Maegan\AppData\Local\Mozilla
    2012-09-19 19:34:59 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2012-09-19 18:46:15 -------- d-----w- C:\Users\Maegan\AppData\Roaming\CheckPoint
    2012-09-19 18:45:50 -------- d-----w- C:\Program Files\CheckPoint
    2012-09-19 18:44:07 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-19 18:42:19 -------- d-----w- C:\Program Files (x86)\CheckPoint
    2012-09-19 18:42:17 -------- d-----w- C:\ProgramData\CheckPoint
    2012-09-19 18:28:25 -------- d-----w- C:\Program Files (x86)\Steam
    2012-09-19 18:21:45 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4E4DEA-AC46-415D-97F3-7D0E12AB57EC}\mpengine.dll
    2012-09-19 18:21:05 788480 ----a-w- C:\Windows\System32\localspl.dll
    2012-09-19 18:21:05 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
    2012-09-19 18:19:15 2769408 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 9:31:30.02 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Please disable "word wrap" in Notepad as your logs are hard to read.

    ========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    The TDSSKiller log was greater than the word limit on a post, so I attached it to this post. Please let me know if you need anything else, and thank you for your help.


    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Maegan [Admin rights]
    Mode : Remove -- Date : 09/20/2012 10:35:00

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (\??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (\??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Disk drive +++++
    --- User ---
    [MBR] dbd9d2b8703271b7d33c1cd9bb7c95e9
    [BSP] e223061d7b1f736c4877938e9af93bcf : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 2048 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4323328 | Size: 474828 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt




    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-20 10:38:46
    -----------------------------
    10:38:46.206 OS Version: Windows x64 6.0.6002 Service Pack 2
    10:38:46.206 Number of processors: 2 586 0x6B02
    10:38:46.206 ComputerName: MAEGAN-PC UserName: Maegan
    10:38:47.563 Initialize success
    10:38:48.109 AVAST engine defs: 12092000
    10:39:02.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:39:02.445 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
    10:39:02.461 Disk 0 MBR read successfully
    10:39:02.476 Disk 0 MBR scan
    10:39:02.476 Disk 0 Windows VISTA default MBR code
    10:39:02.476 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    10:39:02.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 129024
    10:39:02.492 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 474828 MB offset 4323328
    10:39:02.523 Disk 0 scanning C:\Windows\system32\drivers
    10:39:16.170 Service scanning
    10:39:34.604 Modules scanning
    10:39:34.604 Disk 0 trace - called modules:
    10:39:34.620 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
    10:39:35.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046c06b0]
    10:39:35.135 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8003368520]
    10:39:35.135 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003384060]
    10:39:36.164 AVAST engine scan C:\Windows
    10:39:39.862 AVAST engine scan C:\Windows\system32
    10:42:16.074 AVAST engine scan C:\Windows\system32\drivers
    10:42:23.499 AVAST engine scan C:\Users\Maegan
    10:56:34.811 AVAST engine scan C:\ProgramData
    11:00:41.505 Scan finished successfully
    11:19:03.957 Disk 0 MBR has been saved successfully to "C:\Users\Maegan\Desktop\MBR.dat"
    11:19:03.957 The log file has been saved successfully to "C:\Users\Maegan\Desktop\aswMBR.txt"
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Our board rules say to split the log over couple of replies.
     
  5. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    10:29:01.0776 0444 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    10:29:02.0244 0444 ============================================================
    10:29:02.0244 0444 Current date / time: 2012/09/20 10:29:02.0244
    10:29:02.0244 0444 SystemInfo:
    10:29:02.0244 0444
    10:29:02.0244 0444 OS Version: 6.0.6002 ServicePack: 2.0
    10:29:02.0244 0444 Product type: Workstation
    10:29:02.0244 0444 ComputerName: MAEGAN-PC
    10:29:02.0245 0444 UserName: Maegan
    10:29:02.0245 0444 Windows directory: C:\Windows
    10:29:02.0245 0444 System windows directory: C:\Windows
    10:29:02.0245 0444 Running under WOW64
    10:29:02.0245 0444 Processor architecture: Intel x64
    10:29:02.0245 0444 Number of processors: 2
    10:29:02.0245 0444 Page size: 0x1000
    10:29:02.0245 0444 Boot type: Normal boot
    10:29:02.0245 0444 ============================================================
    10:29:03.0186 0444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:29:03.0192 0444 ============================================================
    10:29:03.0192 0444 \Device\Harddisk0\DR0:
    10:29:03.0192 0444 MBR partitions:
    10:29:03.0192 0444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x400000
    10:29:03.0192 0444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x41F800, BlocksNum 0x39F66000
    10:29:03.0192 0444 ============================================================
    10:29:03.0260 0444 C: <-> \Device\Harddisk0\DR0\Partition2
    10:29:03.0358 0444 D: <-> \Device\Harddisk0\DR0\Partition1
    10:29:03.0358 0444 ============================================================
    10:29:03.0358 0444 Initialize success
    10:29:03.0358 0444 ============================================================
    10:29:05.0720 4788 ============================================================
    10:29:05.0720 4788 Scan started
    10:29:05.0720 4788 Mode: Manual;
    10:29:05.0720 4788 ============================================================
    10:29:06.0576 4788 ================ Scan system memory ========================
    10:29:06.0576 4788 System memory - ok
    10:29:06.0577 4788 ================ Scan services =============================
    10:29:06.0766 4788 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
    10:29:06.0770 4788 ACPI - ok
    10:29:06.0891 4788 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    10:29:06.0898 4788 adp94xx - ok
    10:29:06.0932 4788 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    10:29:06.0937 4788 adpahci - ok
    10:29:06.0956 4788 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    10:29:06.0958 4788 adpu160m - ok
    10:29:06.0971 4788 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    10:29:06.0975 4788 adpu320 - ok
    10:29:07.0014 4788 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:29:07.0015 4788 AeLookupSvc - ok
    10:29:07.0058 4788 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
    10:29:07.0064 4788 AFD - ok
    10:29:07.0090 4788 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:29:07.0091 4788 agp440 - ok
    10:29:07.0139 4788 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
    10:29:07.0142 4788 ahcix64s - ok
    10:29:07.0171 4788 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    10:29:07.0173 4788 aic78xx - ok
    10:29:07.0188 4788 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    10:29:07.0190 4788 ALG - ok
    10:29:07.0211 4788 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:29:07.0212 4788 aliide - ok
    10:29:07.0233 4788 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    10:29:07.0237 4788 AMD External Events Utility - ok
    10:29:07.0242 4788 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    10:29:07.0244 4788 amdide - ok
    10:29:07.0255 4788 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    10:29:07.0257 4788 AmdK8 - ok
    10:29:07.0707 4788 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:29:07.0873 4788 amdkmdag - ok
    10:29:07.0901 4788 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    10:29:07.0905 4788 amdkmdap - ok
    10:29:07.0938 4788 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
    10:29:07.0939 4788 AmdLLD64 - ok
    10:29:08.0009 4788 [ DDEF43E00D866724CB2D3E553CD4999E ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    10:29:08.0010 4788 AMD_RAIDXpert - ok
    10:29:08.0029 4788 AODService - ok
    10:29:08.0075 4788 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    10:29:08.0077 4788 Appinfo - ok
    10:29:08.0160 4788 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:29:08.0161 4788 Apple Mobile Device - ok
    10:29:08.0179 4788 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    10:29:08.0182 4788 arc - ok
    10:29:08.0210 4788 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    10:29:08.0211 4788 arcsas - ok
    10:29:08.0239 4788 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    10:29:08.0240 4788 aswFsBlk - ok
    10:29:08.0254 4788 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    10:29:08.0256 4788 aswMonFlt - ok
    10:29:08.0272 4788 [ 2CF56F9848BF7841FF420E9DD95029EE ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
    10:29:08.0273 4788 AswRdr - ok
    10:29:08.0323 4788 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    10:29:08.0334 4788 aswSnx - ok
    10:29:08.0357 4788 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    10:29:08.0362 4788 aswSP - ok
    10:29:08.0389 4788 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    10:29:08.0390 4788 aswTdi - ok
    10:29:08.0421 4788 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:29:08.0422 4788 AsyncMac - ok
    10:29:08.0443 4788 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
    10:29:08.0444 4788 atapi - ok
    10:29:08.0616 4788 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:29:08.0673 4788 atikmdag - ok
    10:29:08.0720 4788 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    10:29:08.0727 4788 AudioEndpointBuilder - ok
    10:29:08.0735 4788 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    10:29:08.0739 4788 AudioSrv - ok
    10:29:08.0799 4788 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    10:29:08.0800 4788 avast! Antivirus - ok
    10:29:08.0843 4788 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
    10:29:08.0864 4788 BFE - ok
    10:29:08.0991 4788 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
    10:29:09.0006 4788 BITS - ok
    10:29:09.0033 4788 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    10:29:09.0035 4788 blbdrive - ok
    10:29:09.0088 4788 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:29:09.0094 4788 Bonjour Service - ok
    10:29:09.0122 4788 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:29:09.0133 4788 bowser - ok
    10:29:09.0143 4788 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    10:29:09.0144 4788 BrFiltLo - ok
    10:29:09.0151 4788 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    10:29:09.0153 4788 BrFiltUp - ok
    10:29:09.0183 4788 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    10:29:09.0185 4788 Browser - ok
    10:29:09.0208 4788 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    10:29:09.0210 4788 Brserid - ok
    10:29:09.0234 4788 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    10:29:09.0236 4788 BrSerWdm - ok
    10:29:09.0251 4788 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    10:29:09.0252 4788 BrUsbMdm - ok
    10:29:09.0257 4788 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    10:29:09.0259 4788 BrUsbSer - ok
    10:29:09.0266 4788 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    10:29:09.0267 4788 BTHMODEM - ok
    10:29:09.0282 4788 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:29:09.0284 4788 cdfs - ok
    10:29:09.0312 4788 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    10:29:09.0331 4788 cdrom - ok
    10:29:09.0376 4788 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
    10:29:09.0378 4788 CertPropSvc - ok
    10:29:09.0393 4788 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
    10:29:09.0394 4788 circlass - ok
    10:29:09.0425 4788 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
    10:29:09.0430 4788 CLFS - ok
    10:29:09.0490 4788 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:29:09.0512 4788 clr_optimization_v2.0.50727_32 - ok
    10:29:09.0560 4788 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:29:09.0563 4788 clr_optimization_v2.0.50727_64 - ok
    10:29:09.0611 4788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:29:09.0612 4788 clr_optimization_v4.0.30319_32 - ok
    10:29:09.0704 4788 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    10:29:09.0705 4788 clr_optimization_v4.0.30319_64 - ok
    10:29:09.0728 4788 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:29:09.0730 4788 cmdide - ok
    10:29:09.0736 4788 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    10:29:09.0737 4788 Compbatt - ok
    10:29:09.0743 4788 COMSysApp - ok
    10:29:09.0852 4788 cpuz132 - ok
    10:29:09.0868 4788 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    10:29:09.0870 4788 crcdisk - ok
    10:29:09.0902 4788 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:29:09.0906 4788 CryptSvc - ok
    10:29:09.0949 4788 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:29:09.0960 4788 DcomLaunch - ok
    10:29:09.0992 4788 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:29:09.0994 4788 DfsC - ok
    10:29:10.0089 4788 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
    10:29:10.0126 4788 DFSR - ok
    10:29:10.0168 4788 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    10:29:10.0174 4788 Dhcp - ok
    10:29:10.0204 4788 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
    10:29:10.0205 4788 disk - ok
    10:29:10.0243 4788 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:29:10.0246 4788 Dnscache - ok
    10:29:10.0278 4788 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:29:10.0282 4788 dot3svc - ok
    10:29:10.0305 4788 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    10:29:10.0309 4788 DPS - ok
    10:29:10.0345 4788 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:29:10.0346 4788 drmkaud - ok
    10:29:10.0382 4788 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:29:10.0392 4788 DXGKrnl - ok
    10:29:10.0432 4788 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
    10:29:10.0437 4788 e1express - ok
    10:29:10.0472 4788 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    10:29:10.0475 4788 E1G60 - ok
    10:29:10.0503 4788 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    10:29:10.0505 4788 EapHost - ok
    10:29:10.0539 4788 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
    10:29:10.0542 4788 Ecache - ok
    10:29:10.0582 4788 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:29:10.0588 4788 ehRecvr - ok
    10:29:10.0605 4788 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    10:29:10.0615 4788 ehSched - ok
    10:29:10.0717 4788 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    10:29:10.0719 4788 ehstart - ok
    10:29:10.0847 4788 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    10:29:10.0853 4788 elxstor - ok
    10:29:10.0902 4788 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    10:29:10.0908 4788 EMDMgmt - ok
    10:29:10.0920 4788 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    10:29:10.0921 4788 ErrDev - ok
    10:29:10.0959 4788 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
    10:29:10.0963 4788 EventSystem - ok
    10:29:11.0004 4788 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
    10:29:11.0008 4788 exfat - ok
    10:29:11.0045 4788 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:29:11.0048 4788 fastfat - ok
    10:29:11.0060 4788 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    10:29:11.0061 4788 fdc - ok
    10:29:11.0083 4788 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    10:29:11.0085 4788 fdPHost - ok
    10:29:11.0093 4788 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    10:29:11.0095 4788 FDResPub - ok
    10:29:11.0104 4788 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:29:11.0106 4788 FileInfo - ok
    10:29:11.0112 4788 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:29:11.0114 4788 Filetrace - ok
    10:29:11.0126 4788 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    10:29:11.0127 4788 flpydisk - ok
    10:29:11.0143 4788 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:29:11.0148 4788 FltMgr - ok
    10:29:11.0267 4788 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
    10:29:11.0276 4788 FontCache - ok
    10:29:11.0321 4788 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:29:11.0322 4788 FontCache3.0.0.0 - ok
    10:29:11.0350 4788 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:29:11.0351 4788 Fs_Rec - ok
    10:29:11.0375 4788 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    10:29:11.0377 4788 gagp30kx - ok
    10:29:11.0415 4788 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:29:11.0417 4788 GEARAspiWDM - ok
    10:29:11.0457 4788 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
    10:29:11.0462 4788 gpsvc - ok
    10:29:11.0532 4788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:29:11.0533 4788 gupdate - ok
    10:29:11.0547 4788 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    10:29:11.0549 4788 gupdatem - ok
    10:29:11.0583 4788 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    10:29:11.0584 4788 hamachi - ok
    10:29:11.0621 4788 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    10:29:11.0625 4788 HdAudAddService - ok
    10:29:11.0666 4788 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:29:11.0677 4788 HDAudBus - ok
    10:29:11.0700 4788 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    10:29:11.0702 4788 HidBth - ok
    10:29:11.0708 4788 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    10:29:11.0709 4788 HidIr - ok
    10:29:11.0739 4788 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
    10:29:11.0740 4788 hidserv - ok
    10:29:11.0752 4788 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    10:29:11.0753 4788 HidUsb - ok
    10:29:11.0776 4788 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:29:11.0780 4788 hkmsvc - ok
    10:29:11.0803 4788 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    10:29:11.0805 4788 HpCISSs - ok
    10:29:11.0851 4788 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:29:11.0859 4788 HTTP - ok
    10:29:11.0880 4788 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    10:29:11.0881 4788 i2omp - ok
    10:29:11.0912 4788 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    10:29:11.0914 4788 i8042prt - ok
    10:29:11.0935 4788 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    10:29:11.0939 4788 iaStorV - ok
    10:29:11.0991 4788 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:29:12.0002 4788 idsvc - ok
    10:29:12.0008 4788 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    10:29:12.0010 4788 iirsp - ok
    10:29:12.0047 4788 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
    10:29:12.0052 4788 IKEEXT - ok
    10:29:12.0109 4788 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    10:29:12.0124 4788 IntcAzAudAddService - ok
    10:29:12.0143 4788 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    10:29:12.0145 4788 intelide - ok
    10:29:12.0151 4788 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    10:29:12.0153 4788 intelppm - ok
    10:29:12.0169 4788 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:29:12.0172 4788 IPBusEnum - ok
    10:29:12.0204 4788 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:29:12.0206 4788 IpFilterDriver - ok
    10:29:12.0241 4788 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:29:12.0245 4788 iphlpsvc - ok
    10:29:12.0251 4788 IpInIp - ok
    10:29:12.0259 4788 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    10:29:12.0261 4788 IPMIDRV - ok
    10:29:12.0275 4788 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    10:29:12.0278 4788 IPNAT - ok
    10:29:12.0355 4788 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:29:12.0361 4788 iPod Service - ok
    10:29:12.0367 4788 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:29:12.0369 4788 IRENUM - ok
    10:29:12.0382 4788 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:29:12.0383 4788 isapnp - ok
    10:29:12.0408 4788 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    10:29:12.0411 4788 iScsiPrt - ok
    10:29:12.0455 4788 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    10:29:12.0457 4788 ISWKL - ok
    10:29:12.0477 4788 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    10:29:12.0487 4788 IswSvc - ok
    10:29:12.0503 4788 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    10:29:12.0504 4788 iteatapi - ok
    10:29:12.0520 4788 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    10:29:12.0521 4788 iteraid - ok
    10:29:12.0537 4788 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    10:29:12.0538 4788 kbdclass - ok
    10:29:12.0550 4788 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    10:29:12.0551 4788 kbdhid - ok
    10:29:12.0586 4788 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
    10:29:12.0587 4788 KeyIso - ok
    10:29:12.0627 4788 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:29:12.0635 4788 KSecDD - ok
    10:29:12.0648 4788 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    10:29:12.0649 4788 ksthunk - ok
    10:29:12.0677 4788 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:29:12.0684 4788 KtmRm - ok
    10:29:12.0713 4788 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
    10:29:12.0718 4788 LanmanServer - ok
    10:29:12.0747 4788 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:29:12.0753 4788 LanmanWorkstation - ok
    10:29:12.0779 4788 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:29:12.0781 4788 lltdio - ok
    10:29:12.0807 4788 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:29:12.0814 4788 lltdsvc - ok
    10:29:12.0833 4788 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:29:12.0835 4788 lmhosts - ok
    10:29:12.0861 4788 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    10:29:12.0864 4788 LSI_FC - ok
    10:29:12.0871 4788 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    10:29:12.0874 4788 LSI_SAS - ok
    10:29:12.0883 4788 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    10:29:12.0886 4788 LSI_SCSI - ok
    10:29:12.0902 4788 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    10:29:12.0905 4788 luafv - ok
    10:29:12.0932 4788 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    10:29:12.0933 4788 MBAMProtector - ok
    10:29:13.0006 4788 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    10:29:13.0012 4788 MBAMScheduler - ok
    10:29:13.0048 4788 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    10:29:13.0058 4788 MBAMService - ok
    10:29:13.0133 4788 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:29:13.0200 4788 Mcx2Svc - ok
    10:29:13.0220 4788 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    10:29:13.0222 4788 megasas - ok
    10:29:13.0243 4788 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    10:29:13.0250 4788 MegaSR - ok
    10:29:13.0272 4788 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    10:29:13.0275 4788 MMCSS - ok
    10:29:13.0281 4788 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    10:29:13.0283 4788 Modem - ok
    10:29:13.0308 4788 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:29:13.0309 4788 monitor - ok
    10:29:13.0318 4788 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    10:29:13.0319 4788 mouclass - ok
    10:29:13.0344 4788 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:29:13.0346 4788 mouhid - ok
    10:29:13.0360 4788 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    10:29:13.0362 4788 MountMgr - ok
    10:29:13.0401 4788 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    10:29:13.0424 4788 MozillaMaintenance - ok
    10:29:13.0476 4788 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:29:13.0502 4788 mpio - ok
    10:29:13.0519 4788 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:29:13.0521 4788 mpsdrv - ok
    10:29:13.0562 4788 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:29:13.0571 4788 MpsSvc - ok
    10:29:13.0587 4788 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    10:29:13.0589 4788 Mraid35x - ok
    10:29:13.0605 4788 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:29:13.0608 4788 MRxDAV - ok
    10:29:13.0643 4788 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:29:13.0646 4788 mrxsmb - ok
    10:29:13.0680 4788 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:29:13.0685 4788 mrxsmb10 - ok
    10:29:13.0701 4788 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:29:13.0704 4788 mrxsmb20 - ok
    10:29:13.0730 4788 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
    10:29:13.0737 4788 msahci - ok
    10:29:13.0752 4788 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:29:13.0754 4788 msdsm - ok
    10:29:13.0772 4788 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    10:29:13.0776 4788 MSDTC - ok
    10:29:13.0792 4788 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:29:13.0794 4788 Msfs - ok
    10:29:13.0816 4788 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:29:13.0817 4788 msisadrv - ok
    10:29:13.0842 4788 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:29:13.0845 4788 MSiSCSI - ok
    10:29:13.0851 4788 msiserver - ok
    10:29:13.0876 4788 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:29:13.0877 4788 MSKSSRV - ok
    10:29:13.0888 4788 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:29:13.0889 4788 MSPCLOCK - ok
    10:29:13.0923 4788 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:29:13.0924 4788 MSPQM - ok
    10:29:13.0955 4788 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:29:13.0960 4788 MsRPC - ok
    10:29:13.0972 4788 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    10:29:13.0973 4788 mssmbios - ok
    10:29:13.0986 4788 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:29:13.0987 4788 MSTEE - ok
    10:29:14.0005 4788 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    10:29:14.0006 4788 Mup - ok
    10:29:14.0057 4788 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    10:29:14.0065 4788 napagent - ok
     
  6. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    TDSSKiller Log cont.

    10:29:14.0100 4788 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:29:14.0104 4788 NativeWifiP - ok
    10:29:14.0145 4788 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:29:14.0155 4788 NDIS - ok
    10:29:14.0179 4788 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:29:14.0180 4788 NdisTapi - ok
    10:29:14.0189 4788 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:29:14.0190 4788 Ndisuio - ok
    10:29:14.0224 4788 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:29:14.0227 4788 NdisWan - ok
    10:29:14.0238 4788 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:29:14.0240 4788 NDProxy - ok
    10:29:14.0251 4788 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:29:14.0253 4788 NetBIOS - ok
    10:29:14.0279 4788 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    10:29:14.0292 4788 netbt - ok
    10:29:14.0302 4788 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    10:29:14.0304 4788 Netlogon - ok
    10:29:14.0338 4788 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    10:29:14.0344 4788 Netman - ok
    10:29:14.0369 4788 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    10:29:14.0376 4788 netprofm - ok
    10:29:14.0430 4788 [ 1BF56EF13988348F2AC8BD932FADEA0B ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
    10:29:14.0437 4788 netr7364 - ok
    10:29:14.0465 4788 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:29:14.0467 4788 NetTcpPortSharing - ok
    10:29:14.0488 4788 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    10:29:14.0489 4788 nfrd960 - ok
    10:29:14.0506 4788 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:29:14.0511 4788 NlaSvc - ok
    10:29:14.0544 4788 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:29:14.0549 4788 Npfs - ok
    10:29:14.0571 4788 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    10:29:14.0573 4788 nsi - ok
    10:29:14.0586 4788 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:29:14.0588 4788 nsiproxy - ok
    10:29:14.0707 4788 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:29:14.0730 4788 Ntfs - ok
    10:29:14.0754 4788 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    10:29:14.0755 4788 Null - ok
    10:29:14.0770 4788 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:29:14.0772 4788 nvraid - ok
    10:29:14.0780 4788 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:29:14.0782 4788 nvstor - ok
    10:29:14.0834 4788 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:29:14.0842 4788 nv_agp - ok
    10:29:14.0847 4788 NwlnkFlt - ok
    10:29:14.0855 4788 NwlnkFwd - ok
    10:29:14.0988 4788 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:29:14.0995 4788 odserv - ok
    10:29:15.0046 4788 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    10:29:15.0047 4788 ohci1394 - ok
    10:29:15.0089 4788 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:29:15.0093 4788 ose - ok
    10:29:15.0147 4788 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    10:29:15.0158 4788 p2pimsvc - ok
    10:29:15.0172 4788 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    10:29:15.0180 4788 p2psvc - ok
    10:29:15.0207 4788 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    10:29:15.0209 4788 Parport - ok
    10:29:15.0237 4788 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:29:15.0239 4788 partmgr - ok
    10:29:15.0265 4788 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:29:15.0269 4788 PcaSvc - ok
    10:29:15.0286 4788 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    10:29:15.0288 4788 pci - ok
    10:29:15.0322 4788 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
    10:29:15.0323 4788 pciide - ok
    10:29:15.0339 4788 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    10:29:15.0343 4788 pcmcia - ok
    10:29:15.0366 4788 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:29:15.0376 4788 PEAUTH - ok
    10:29:15.0431 4788 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    10:29:15.0434 4788 PerfHost - ok
    10:29:15.0493 4788 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    10:29:15.0511 4788 pla - ok
    10:29:15.0541 4788 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:29:15.0548 4788 PlugPlay - ok
    10:29:15.0554 4788 PnkBstrA - ok
    10:29:15.0580 4788 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    10:29:15.0588 4788 PNRPAutoReg - ok
    10:29:15.0603 4788 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    10:29:15.0611 4788 PNRPsvc - ok
    10:29:15.0648 4788 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:29:15.0653 4788 PolicyAgent - ok
    10:29:15.0684 4788 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:29:15.0687 4788 PptpMiniport - ok
    10:29:15.0719 4788 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    10:29:15.0721 4788 Processor - ok
    10:29:15.0754 4788 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    10:29:15.0760 4788 ProfSvc - ok
    10:29:15.0768 4788 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:29:15.0771 4788 ProtectedStorage - ok
    10:29:15.0804 4788 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    10:29:15.0806 4788 PSched - ok
    10:29:15.0850 4788 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    10:29:15.0892 4788 ql2300 - ok
    10:29:15.0905 4788 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    10:29:15.0908 4788 ql40xx - ok
    10:29:15.0931 4788 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    10:29:15.0937 4788 QWAVE - ok
    10:29:15.0956 4788 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:29:15.0957 4788 QWAVEdrv - ok
    10:29:16.0156 4788 [ 60216B0E704584DE6D5A9F59E9C34C47 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    10:29:16.0214 4788 R300 - ok
    10:29:16.0234 4788 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:29:16.0235 4788 RasAcd - ok
    10:29:16.0257 4788 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    10:29:16.0261 4788 RasAuto - ok
    10:29:16.0292 4788 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:29:16.0294 4788 Rasl2tp - ok
    10:29:16.0309 4788 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    10:29:16.0316 4788 RasMan - ok
    10:29:16.0335 4788 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:29:16.0336 4788 RasPppoe - ok
    10:29:16.0360 4788 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:29:16.0362 4788 RasSstp - ok
    10:29:16.0397 4788 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:29:16.0401 4788 rdbss - ok
    10:29:16.0421 4788 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:29:16.0422 4788 RDPCDD - ok
    10:29:16.0448 4788 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    10:29:16.0453 4788 rdpdr - ok
    10:29:16.0461 4788 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:29:16.0463 4788 RDPENCDD - ok
    10:29:16.0503 4788 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:29:16.0507 4788 RDPWD - ok
    10:29:16.0539 4788 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:29:16.0542 4788 RemoteAccess - ok
    10:29:16.0572 4788 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:29:16.0577 4788 RemoteRegistry - ok
    10:29:16.0589 4788 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    10:29:16.0591 4788 RpcLocator - ok
    10:29:16.0632 4788 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    10:29:16.0639 4788 RpcSs - ok
    10:29:16.0654 4788 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:29:16.0656 4788 rspndr - ok
    10:29:16.0687 4788 [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
    10:29:16.0691 4788 RTL8169 - ok
    10:29:16.0697 4788 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    10:29:16.0699 4788 SamSs - ok
    10:29:16.0721 4788 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:29:16.0723 4788 sbp2port - ok
    10:29:16.0756 4788 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:29:16.0761 4788 SCardSvr - ok
    10:29:16.0805 4788 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    10:29:16.0817 4788 Schedule - ok
    10:29:16.0842 4788 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:29:16.0843 4788 SCPolicySvc - ok
    10:29:16.0863 4788 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:29:16.0867 4788 SDRSVC - ok
    10:29:16.0881 4788 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:29:16.0883 4788 secdrv - ok
    10:29:16.0894 4788 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    10:29:16.0898 4788 seclogon - ok
    10:29:16.0911 4788 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    10:29:16.0915 4788 SENS - ok
    10:29:16.0921 4788 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    10:29:16.0922 4788 Serenum - ok
    10:29:16.0946 4788 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    10:29:16.0948 4788 Serial - ok
    10:29:16.0954 4788 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    10:29:16.0956 4788 sermouse - ok
    10:29:16.0979 4788 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:29:16.0983 4788 SessionEnv - ok
    10:29:16.0988 4788 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:29:16.0990 4788 sffdisk - ok
    10:29:16.0997 4788 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:29:16.0998 4788 sffp_mmc - ok
    10:29:17.0010 4788 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:29:17.0012 4788 sffp_sd - ok
    10:29:17.0019 4788 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    10:29:17.0020 4788 sfloppy - ok
    10:29:17.0051 4788 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:29:17.0055 4788 SharedAccess - ok
    10:29:17.0094 4788 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:29:17.0100 4788 ShellHWDetection - ok
    10:29:17.0106 4788 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    10:29:17.0108 4788 SiSRaid2 - ok
    10:29:17.0120 4788 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    10:29:17.0122 4788 SiSRaid4 - ok
    10:29:17.0196 4788 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    10:29:17.0226 4788 slsvc - ok
    10:29:17.0249 4788 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    10:29:17.0253 4788 SLUINotify - ok
    10:29:17.0283 4788 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:29:17.0285 4788 Smb - ok
    10:29:17.0318 4788 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:29:17.0321 4788 SNMPTRAP - ok
    10:29:17.0351 4788 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    10:29:17.0352 4788 spldr - ok
    10:29:17.0385 4788 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    10:29:17.0391 4788 Spooler - ok
    10:29:17.0424 4788 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:29:17.0430 4788 srv - ok
    10:29:17.0456 4788 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:29:17.0459 4788 srv2 - ok
    10:29:17.0468 4788 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:29:17.0471 4788 srvnet - ok
    10:29:17.0485 4788 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:29:17.0491 4788 SSDPSRV - ok
    10:29:17.0505 4788 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:29:17.0510 4788 SstpSvc - ok
    10:29:17.0522 4788 Steam Client Service - ok
    10:29:17.0549 4788 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    10:29:17.0559 4788 stisvc - ok
    10:29:17.0581 4788 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    10:29:17.0582 4788 swenum - ok
    10:29:17.0613 4788 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    10:29:17.0622 4788 swprv - ok
    10:29:17.0639 4788 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    10:29:17.0641 4788 Symc8xx - ok
    10:29:17.0660 4788 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    10:29:17.0662 4788 Sym_hi - ok
    10:29:17.0668 4788 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    10:29:17.0670 4788 Sym_u3 - ok
    10:29:17.0710 4788 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    10:29:17.0723 4788 SysMain - ok
    10:29:17.0741 4788 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:29:17.0745 4788 TabletInputService - ok
    10:29:17.0778 4788 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:29:17.0785 4788 TapiSrv - ok
    10:29:17.0797 4788 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    10:29:17.0800 4788 TBS - ok
    10:29:17.0851 4788 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:29:17.0868 4788 Tcpip - ok
    10:29:17.0890 4788 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:29:17.0900 4788 Tcpip6 - ok
    10:29:17.0914 4788 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:29:17.0916 4788 tcpipreg - ok
    10:29:17.0935 4788 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:29:17.0936 4788 TDPIPE - ok
    10:29:17.0955 4788 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:29:17.0956 4788 TDTCP - ok
    10:29:17.0971 4788 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:29:17.0973 4788 tdx - ok
    10:29:17.0986 4788 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    10:29:17.0987 4788 TermDD - ok
    10:29:18.0029 4788 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    10:29:18.0038 4788 TermService - ok
    10:29:18.0069 4788 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    10:29:18.0073 4788 Themes - ok
    10:29:18.0088 4788 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    10:29:18.0091 4788 THREADORDER - ok
    10:29:18.0114 4788 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    10:29:18.0119 4788 TrkWks - ok
    10:29:18.0163 4788 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:29:18.0164 4788 TrustedInstaller - ok
    10:29:18.0186 4788 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:29:18.0187 4788 tssecsrv - ok
    10:29:18.0200 4788 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    10:29:18.0202 4788 tunmp - ok
    10:29:18.0213 4788 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:29:18.0215 4788 tunnel - ok
    10:29:18.0243 4788 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    10:29:18.0245 4788 uagp35 - ok
    10:29:18.0300 4788 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:29:18.0305 4788 udfs - ok
    10:29:18.0343 4788 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:29:18.0347 4788 UI0Detect - ok
    10:29:18.0364 4788 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:29:18.0366 4788 uliagpkx - ok
    10:29:18.0383 4788 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    10:29:18.0388 4788 uliahci - ok
    10:29:18.0396 4788 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    10:29:18.0399 4788 UlSata - ok
    10:29:18.0409 4788 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    10:29:18.0413 4788 ulsata2 - ok
    10:29:18.0428 4788 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:29:18.0430 4788 umbus - ok
    10:29:18.0453 4788 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    10:29:18.0461 4788 upnphost - ok
    10:29:18.0502 4788 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    10:29:18.0504 4788 USBAAPL64 - ok
    10:29:18.0540 4788 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    10:29:18.0542 4788 usbccgp - ok
    10:29:18.0572 4788 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:29:18.0574 4788 usbcir - ok
    10:29:18.0619 4788 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    10:29:18.0621 4788 usbehci - ok
    10:29:18.0648 4788 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
    10:29:18.0650 4788 UsbFltr - ok
    10:29:18.0665 4788 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    10:29:18.0670 4788 usbhub - ok
    10:29:18.0703 4788 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    10:29:18.0704 4788 usbohci - ok
    10:29:18.0727 4788 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    10:29:18.0728 4788 usbprint - ok
    10:29:18.0763 4788 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    10:29:18.0765 4788 usbscan - ok
    10:29:18.0792 4788 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:29:18.0794 4788 USBSTOR - ok
    10:29:18.0825 4788 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    10:29:18.0826 4788 usbuhci - ok
    10:29:18.0853 4788 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    10:29:18.0857 4788 UxSms - ok
    10:29:18.0897 4788 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    10:29:18.0906 4788 vds - ok
    10:29:18.0912 4788 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:29:18.0913 4788 vga - ok
    10:29:18.0926 4788 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:29:18.0928 4788 VgaSave - ok
    10:29:18.0933 4788 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    10:29:18.0935 4788 viaide - ok
    10:29:18.0951 4788 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:29:18.0953 4788 volmgr - ok
    10:29:18.0987 4788 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:29:18.0993 4788 volmgrx - ok
    10:29:19.0024 4788 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:29:19.0028 4788 volsnap - ok
    10:29:19.0074 4788 [ 1B6892429CB452F4434F1B51CF921369 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
    10:29:19.0081 4788 Vsdatant - ok
    10:29:19.0103 4788 vsmon - ok
    10:29:19.0121 4788 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    10:29:19.0125 4788 vsmraid - ok
    10:29:19.0175 4788 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    10:29:19.0185 4788 VSS - ok
    10:29:19.0207 4788 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    10:29:19.0215 4788 W32Time - ok
    10:29:19.0232 4788 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    10:29:19.0233 4788 WacomPen - ok
    10:29:19.0256 4788 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    10:29:19.0258 4788 Wanarp - ok
    10:29:19.0263 4788 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:29:19.0265 4788 Wanarpv6 - ok
    10:29:19.0289 4788 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:29:19.0299 4788 wcncsvc - ok
    10:29:19.0323 4788 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:29:19.0327 4788 WcsPlugInService - ok
    10:29:19.0343 4788 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    10:29:19.0344 4788 Wd - ok
    10:29:19.0373 4788 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:29:19.0385 4788 Wdf01000 - ok
    10:29:19.0400 4788 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:29:19.0404 4788 WdiServiceHost - ok
    10:29:19.0410 4788 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:29:19.0414 4788 WdiSystemHost - ok
    10:29:19.0434 4788 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    10:29:19.0440 4788 WebClient - ok
    10:29:19.0473 4788 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:29:19.0478 4788 Wecsvc - ok
    10:29:19.0492 4788 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:29:19.0497 4788 wercplsupport - ok
    10:29:19.0511 4788 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    10:29:19.0516 4788 WerSvc - ok
    10:29:19.0530 4788 WinDefend - ok
    10:29:19.0537 4788 WinHttpAutoProxySvc - ok
    10:29:19.0586 4788 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:29:19.0590 4788 Winmgmt - ok
    10:29:19.0650 4788 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    10:29:19.0676 4788 WinRM - ok
    10:29:19.0715 4788 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:29:19.0725 4788 Wlansvc - ok
    10:29:19.0825 4788 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:29:19.0850 4788 wlidsvc - ok
    10:29:19.0883 4788 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    10:29:19.0884 4788 WmiAcpi - ok
    10:29:19.0923 4788 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:29:19.0927 4788 wmiApSrv - ok
    10:29:19.0931 4788 WMPNetworkSvc - ok
    10:29:19.0953 4788 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:29:19.0959 4788 WPCSvc - ok
    10:29:19.0991 4788 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:29:19.0995 4788 WPDBusEnum - ok
    10:29:20.0022 4788 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    10:29:20.0024 4788 WpdUsb - ok
    10:29:20.0123 4788 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:29:20.0134 4788 WPFFontCache_v0400 - ok
    10:29:20.0153 4788 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:29:20.0155 4788 ws2ifsl - ok
    10:29:20.0182 4788 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
    10:29:20.0185 4788 wscsvc - ok
    10:29:20.0191 4788 WSearch - ok
    10:29:20.0288 4788 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    10:29:20.0337 4788 wuauserv - ok
    10:29:20.0370 4788 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:29:20.0373 4788 WUDFRd - ok
    10:29:20.0397 4788 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:29:20.0401 4788 wudfsvc - ok
    10:29:20.0439 4788 [ 177590B0D2F8BE513626BB8C8D6E6A08 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
    10:29:20.0440 4788 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
    10:29:20.0454 4788 ================ Scan global ===============================
    10:29:20.0484 4788 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    10:29:20.0512 4788 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    10:29:20.0528 4788 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    10:29:20.0566 4788 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
    10:29:20.0574 4788 [Global] - ok
    10:29:20.0578 4788 ================ Scan MBR ==================================
    10:29:20.0584 4788 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    10:29:20.0746 4788 \Device\Harddisk0\DR0 - ok
    10:29:20.0750 4788 ================ Scan VBR ==================================
    10:29:20.0760 4788 [ 29467C4874BB8DC7F99692D9B92B11BF ] \Device\Harddisk0\DR0\Partition1
    10:29:20.0761 4788 \Device\Harddisk0\DR0\Partition1 - ok
    10:29:20.0769 4788 [ C8E752F603B626BAECE0E14D302E98CA ] \Device\Harddisk0\DR0\Partition2
    10:29:20.0771 4788 \Device\Harddisk0\DR0\Partition2 - ok
    10:29:20.0772 4788 ============================================================
    10:29:20.0772 4788 Scan finished
    10:29:20.0772 4788 ============================================================
    10:29:20.0794 4928 Detected object count: 0
    10:29:20.0794 4928 Actual detected object count: 0
    10:30:31.0726 4876 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    ComboFix 12-09-20.02 - Maegan 09/20/2012 12:39:22.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3067.1802 [GMT -5:00]
    Running from: c:\users\Maegan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Retrogamer_2zEI
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-20 17:51 . 2012-09-20 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-20 17:51 . 2012-09-20 17:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-09-20 13:44 . 2012-09-20 13:44 -------- d-----w- c:\users\Maegan\AppData\Local\Macromedia
    2012-09-20 13:36 . 2012-09-20 13:36 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-20 13:36 . 2012-09-20 13:36 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-20 13:36 . 2012-09-20 13:36 -------- d-----w- c:\windows\system32\Macromed
    2012-09-20 13:22 . 2012-09-20 13:23 -------- d-----w- c:\users\Kelsey
    2012-09-19 20:26 . 2012-09-19 20:26 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
    2012-09-19 20:25 . 2012-09-19 20:26 -------- d-----w- c:\users\Guest\AppData\Roaming\WinPatrol
    2012-09-19 20:24 . 2012-09-19 20:24 -------- d-----w- c:\users\Guest\AppData\Roaming\CheckPoint
    2012-09-19 20:00 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-19 20:00 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-19 20:00 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-09-19 20:00 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-19 20:00 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-19 20:00 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-19 20:00 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-09-19 19:59 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-19 19:59 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-09-19 19:58 . 2012-09-19 19:58 -------- d-----w- c:\programdata\AVAST Software
    2012-09-19 19:58 . 2012-09-19 19:58 -------- d-----w- c:\program files\AVAST Software
    2012-09-19 19:52 . 2012-09-19 19:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-19 19:52 . 2012-09-19 19:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-19 19:52 . 2012-09-19 19:51 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 19:44 . 2012-09-19 19:54 -------- d-----w- c:\users\Maegan\AppData\Roaming\WinPatrol
    2012-09-19 19:43 . 2012-09-19 19:43 -------- d-----w- c:\programdata\InstallMate
    2012-09-19 19:43 . 2012-09-19 19:43 -------- d-----w- c:\program files (x86)\BillP Studios
    2012-09-19 19:36 . 2012-09-19 19:36 -------- d-----w- c:\users\Maegan\AppData\Local\Mozilla
    2012-09-19 18:46 . 2012-09-19 18:46 -------- d-----w- c:\users\Maegan\AppData\Roaming\CheckPoint
    2012-09-19 18:45 . 2012-09-19 18:45 -------- d-----w- c:\program files\CheckPoint
    2012-09-19 18:44 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-19 18:42 . 2012-09-19 18:45 -------- d-----w- c:\program files (x86)\CheckPoint
    2012-09-19 18:42 . 2012-09-19 18:42 -------- d-----w- c:\programdata\CheckPoint
    2012-09-19 18:28 . 2012-09-19 20:29 -------- d-----w- c:\program files (x86)\Steam
    2012-09-19 18:21 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA4E4DEA-AC46-415D-97F3-7D0E12AB57EC}\mpengine.dll
    2012-09-19 18:21 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
    2012-09-19 18:21 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
    2012-09-19 18:21 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
    2012-09-19 18:19 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 22:04 . 2010-05-10 14:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-31 05:43 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-19 363752]
    "RtHDVCpl"="RAVCpl64.exe" [2008-11-17 6430208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-15 c:\windows\Tasks\DriverCure.job
    - c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 12:29]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 12:29]
    .
    2012-09-19 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2012-09-19 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2012-07-13 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-11-17 6430208]
    "Skytel"="Skytel.exe" [2008-11-17 1826816]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 1127592]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-19 363752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?fr=fptb-msgr
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Maegan\AppData\Roaming\Mozilla\Firefox\Profiles\9yektyh8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-msgr
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-(Default) - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AODService]
    "ImagePath"="c:\program files (x86)\AMD\OverDrive\AODAssist"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-20 13:03:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-20 18:03
    .
    Pre-Run: 293,609,410,560 bytes free
    Post-Run: 293,469,462,528 bytes free
    .
    - - End Of File - - B628AACD13BE5772F69A3FB22283C592



    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/20/2012 01:16:54 PM in x64 mode.
    Windows Version: Windows Vista (TM) Home Premium Service Pack 2

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (AFD) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NETBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    * msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 09/20/2012 01:17:07 PM
    Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    Any current issues?

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    The computer has been running significantly better--Avast and Malwarebytes are still coming up clean today.






    OTL Extras logfile created on: 9/21/2012 7:34:39 AM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Maegan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.80% Memory free
    6.20 Gb Paging File | 4.63 Gb Available in Paging File | 74.68% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 463.70 Gb Total Space | 260.57 Gb Free Space | 56.19% Space Free | Partition Type: NTFS
    Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 49.81% Space Free | Partition Type: NTFS
    Drive E: | 6.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MAEGAN-PC | User Name: Maegan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-4069935306-1709804640-2620325657-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = B8 FE DB 37 58 15 CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{383DDA18-7957-494D-AB61-52F87A0E9132}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4D86C3A3-EC49-4A9F-A9FD-C98C109A4820}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{679244CF-7D00-44FC-BD4B-59D74C451B1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DF39482-3EA1-477B-8587-A5E942998A68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
    "{0FDA8B47-A762-40BF-B8CC-27FF81BA1D7A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{1620EACA-5A6B-4493-A08F-BB313419C6D8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{20340A69-39D5-4DDB-9706-589C6C31A67B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{31DA488F-7F8B-4D5E-8176-E90C1BCD2609}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{3F97AEAB-F4D1-4464-BB4D-79035FB3B413}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{400E9954-10F5-4897-9370-5DCB19487256}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
    "{42E69755-15C4-47DF-A91F-68D9A3DADEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
    "{67F993DA-B153-4412-A09F-45F3E0704F54}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{6923935B-D0A7-400A-BFC3-0CB3547ECE89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{79C6ABFF-5434-43C0-8045-9D6FAD221BA0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{7C0F7429-202E-46E2-80D9-4D7E47C9A150}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{81FF1589-0387-44BC-B548-E657EF0E903B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{91656F3E-9D65-4DAF-B400-C32BA48E375F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{98108D81-C37F-4522-A3C5-5C6DA2440CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{A3436916-3F54-487E-A3A2-6FB8A2441AA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AE8A3360-2EC9-4AD4-8E97-BFE1DBE89CDB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
    "{B918AE5C-01FB-4EF3-A008-80D0EAF2E4E5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{BA783515-278F-449D-980A-C98445A1A86F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{BBBA5929-8618-4E89-8D5C-2CF6E5306DD2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{BDE235F3-5EE3-435A-81D6-CA54218DDF53}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{C1EDB7D7-8E18-455F-8E06-991D41559D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
    "{C221AC16-CE5F-4995-AE57-076EF9B3FC4A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{C7BC1944-C41A-4352-ADA8-C9B4DCAAEF4A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
    "{CE371470-E1B4-431C-AF48-63CA425AF53F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D5615054-61AB-436F-A77E-B6F0DD211D9E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{D8288971-3782-49CA-B484-98E2EAC2547D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{E48C0F62-69E6-4322-A853-DADF50D448A7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{EBE6F9FE-2E08-45EB-93A2-C4AF3F5ACB01}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{EFDED1D1-C7AF-4E86-9FEF-E7895193A939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{F6AC0120-D707-40E9-ACB8-8581CECFBC80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{F6E65A7B-D9ED-4DD0-A730-EEB2FF7A8AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FC1D0EBA-CA98-41FB-B996-9A37A056071D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "TCP Query User{14916D64-5377-4B40-9E5C-90603565B51E}C:\program files (x86)\gametap web player\bin\release\gametapplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gametap web player\bin\release\gametapplayer.exe |
    "TCP Query User{2019AC2A-0A08-4691-9B3F-649DBB53B008}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
    "TCP Query User{35DA967F-3B6D-4B78-8C5D-48A6EB144310}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
    "TCP Query User{38A2B337-BCB3-40CE-8AF0-4AD29837D3D1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{63C3A516-4978-4A5B-834F-CEBD77146C4A}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
    "TCP Query User{715D38EC-67B9-4CA2-9F04-E31205FE4CD3}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "TCP Query User{A0470866-2D5E-425C-A68A-04454F1D7ABF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{A58B696C-A32F-46DE-ACC0-99076269AFA4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "TCP Query User{A9E24135-1A00-4090-AFC1-84FC8926BF95}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "TCP Query User{BA760534-626A-454A-B1A2-3A0D2D1AFDCB}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{BF8FA628-0424-44A3-AC70-0004487A584A}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
    "TCP Query User{CA5C4730-F35E-4C2B-B9D1-54AAEEF72A8F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "TCP Query User{D4EAF05D-E554-443E-BAD7-C3128917F1BA}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{E00B2C1B-3958-4FC3-91A4-FB9ECADE4FDD}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "TCP Query User{E1BB573A-D420-43CD-BB42-02C23DE1B404}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
    "TCP Query User{F10321BB-37AF-480F-92DB-1D9431F3B1FC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{F34D849F-29E6-466A-8D78-82B1CFEAB761}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "UDP Query User{3056AB67-416C-4732-BD6B-DD3AC592E92F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{56F9C27E-6158-4799-8483-5418B606A423}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "UDP Query User{5BFA07D1-B7B4-405F-A553-54B756DB8148}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{6B852927-3B80-4880-90F0-7A2AD47F07DA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{70853AF6-B175-4001-90A6-B7C0E9647549}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{70D45061-473F-4B5F-A4D6-E4E32042B8B0}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "UDP Query User{74602464-45C2-4C2C-911A-D056A7AFD21D}C:\program files (x86)\gametap web player\bin\release\gametapplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gametap web player\bin\release\gametapplayer.exe |
    "UDP Query User{97A30CCC-3FF1-4952-BB32-33D94A66821A}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
    "UDP Query User{9A0F4034-DA59-40A5-8B96-167348767256}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{A094D029-A5DF-48D3-89A6-42EA7102DA99}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
    "UDP Query User{A4772159-974F-42AA-A23F-73468717E532}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "UDP Query User{B4BD80B0-0983-4F63-A6CF-D53D98C3807D}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{BCCA1715-5917-4078-9175-E88C892D9DE2}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
    "UDP Query User{CFFCD387-6573-4911-8523-3B074DB8C444}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "UDP Query User{E4E18AA5-FF54-4062-B64E-E79CC341CE59}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
    "UDP Query User{F41EA200-8420-40F2-85E9-2089DF25E568}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
    "UDP Query User{F53E25A5-6873-4AE6-99C5-37CBD471E68A}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
    "{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
    "{C0B50C99-24B0-4728-A82E-8A69DCC31A7E}" = XPS Thermal Monitor
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
    "{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
    "{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
    "{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
    "{1EEAEAD7-95F3-489C-AB71-D188D530A951}" = Wireless USB Card
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
    "{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
    "{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
    "{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
    "{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
    "{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
    "{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
    "{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
    "{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
    "{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
    "{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming 1.0
    "{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
    "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_BASICR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
    "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
    "{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B41069C7-7E24-473F-B400-BF48B82D9948}" = AMD OverDrive
    "{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
    "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
    "{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
    "{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
    "{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
    "{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
    "{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
    "{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
    "{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
    "{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
    "{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
    "{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "BASICR" = Microsoft Office Basic 2007
    "BFGC" = Big Fish Games Client
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat (remove only)
    "Google Chrome" = Google Chrome
    "InstallShield_{C0B50C99-24B0-4728-A82E-8A69DCC31A7E}" = XPS Thermal Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP3 Rocket" = MP3 Rocket
    "PunkBusterSvc" = PunkBuster Services
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "StarCraft II" = StarCraft II
    "Steam App 201790" = Orcs Must Die! 2
    "Steam App 35700" = Trine
    "Steam App 41500" = Torchlight
    "Steam App 4560" = Company of Heroes
    "Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4069935306-1709804640-2620325657-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/14/2011 8:32:12 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:12 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:14 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:15 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:18 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:19 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:20 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:20 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:20 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    Error - 10/14/2011 8:32:26 PM | Computer Name = Maegan-PC | Source = MsiInstaller | ID = 1041
    Description =

    [ System Events ]
    Error - 9/20/2012 2:16:07 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 9/20/2012 2:16:07 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/20/2012 2:16:07 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/20/2012 2:16:23 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Eor - 9/20/2012 2:16:24 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7001
    Description =
    Error - 9/20/2012 2:20:10 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 9/20/2012 4:39:26 PM | Computer Name = Maegan-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/20/2012 4:43:08 PM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 9/21/2012 8:59:53 AM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 9/21/2012 8:59:53 AM | Computer Name = Maegan-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  11. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    Part 1

    OTL logfile created on: 9/21/2012 7:34:39 AM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Maegan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.80% Memory free
    6.20 Gb Paging File | 4.63 Gb Available in Paging File | 74.68% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 463.70 Gb Total Space | 260.57 Gb Free Space | 56.19% Space Free | Partition Type: NTFS
    Drive D: | 2.00 Gb Total Space | 1.00 Gb Free Space | 49.81% Space Free | Partition Type: NTFS
    Drive E: | 6.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MAEGAN-PC | User Name: Maegan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/21 07:32:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Maegan\Desktop\OTL.exe
    PRC - [2012/09/19 14:11:10 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2012/08/29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/01/16 18:07:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2008/10/02 19:26:56 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    PRC - [2008/10/02 19:26:36 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    PRC - [2008/09/24 05:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    PRC - [2008/09/24 05:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    PRC - [2008/09/04 05:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe
    PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/20 16:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/30 06:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
    SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/19 13:31:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2011/01/16 18:07:00 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/13 06:24:30 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
    SRV - [2008/10/02 19:26:36 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 06:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 04:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
    DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/05/07 17:51:34 | 000,448,088 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/23 11:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/11/18 03:20:12 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2007/07/27 17:27:22 | 000,437,248 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
    DRV:64bit: - [2007/06/29 15:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
    DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UsbFltr.sys -- (UsbFltr)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77df1e66&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-msgr
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes,DefaultScope = {C2ED5ED7-0D85-4FC8-92BD-12E0A7B590A8}
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=7AAD4BD8-802E-4BAD-926E-B5B5455D6A69
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77df1e66&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{C2ED5ED7-0D85-4FC8-92BD-12E0A7B590A8}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=MP3R3
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fptb-msgr"
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/08/31 22:45:54 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/08/31 22:45:54 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Maegan\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Maegan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/19 13:46:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files (x86)\Retrogamer_2z\bar\1.bin [2012/09/19 19:36:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/19 13:46:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/19 14:59:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/19 14:35:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Maegan\AppData\Roaming\Move Networks [2009/12/07 12:29:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Maegan\Program Files (x86)\DNA

    [2012/09/19 14:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maegan\AppData\Roaming\Mozilla\Extensions
    [2012/09/19 14:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maegan\AppData\Roaming\Mozilla\Firefox\Profiles\9yektyh8.default\extensions
    [2012/09/19 14:40:48 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\Maegan\AppData\Roaming\Mozilla\Firefox\Profiles\9yektyh8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/09/19 14:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/19 14:59:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Maegan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Maegan\Program Files (x86)\DNA\plugins\npbtdna.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: avast! WebRep = C:\Users\Maegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
     
  12. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    Part 2


    O1 HOSTS File: ([2012/09/20 12:57:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00236BE0-C00A-456E-A9D8-FBE530456BA9}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECFCBA76-06FD-4E48-AF3F-8B233B41DC7A}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Maegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Maegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/09 17:43:15 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/21 07:50:07 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\Maegan\Desktop\ccsetup322.exe
    [2012/09/21 07:31:27 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Maegan\Desktop\OTL.exe
    [2012/09/20 20:15:19 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Roaming\runic games
    [2012/09/20 16:12:52 | 000,000,000 | ---D | C] -- C:\Users\Maegan\Documents\Shiner
    [2012/09/20 12:58:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/20 12:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/20 12:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/20 12:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/20 12:16:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/20 12:13:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/20 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Maegan\Desktop\malware virus removal
    [2012/09/20 08:44:03 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Local\Macromedia
    [2012/09/20 08:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/09/19 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/19 15:00:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/09/19 15:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/09/19 15:00:33 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/09/19 15:00:24 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/09/19 15:00:22 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/09/19 15:00:19 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/09/19 15:00:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/09/19 15:00:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/09/19 14:59:32 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/09/19 14:59:32 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/09/19 14:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/19 14:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/09/19 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/09/19 14:44:17 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Roaming\WinPatrol
    [2012/09/19 14:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    [2012/09/19 14:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/09/19 14:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
    [2012/09/19 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Roaming\Mozilla
    [2012/09/19 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Local\Mozilla
    [2012/09/19 14:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/19 14:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/19 14:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2012/09/19 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
    [2012/09/19 13:47:17 | 000,000,000 | ---D | C] -- C:\Users\Maegan\Documents\ForceField Shared Files
    [2012/09/19 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\Maegan\AppData\Roaming\CheckPoint
    [2012/09/19 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2012/09/19 13:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    [2012/09/19 13:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2012/09/19 13:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2012/09/19 13:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/09/19 13:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2009/07/23 22:31:58 | 008,293,568 | ---- | C] (Dell, Inc. ) -- C:\Users\Maegan\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/09/21 07:50:31 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Users\Maegan\Desktop\ccsetup322.exe
    [2012/09/21 07:41:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/21 07:32:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Maegan\Desktop\OTL.exe
    [2012/09/21 07:29:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/21 07:29:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/21 07:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/20 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2012/09/20 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/09/20 15:48:23 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/20 15:48:23 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/20 15:48:23 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/20 15:42:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/20 15:41:29 | 3216,957,440 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/20 15:15:51 | 000,000,222 | ---- | M] () -- C:\Users\Maegan\Desktop\Orcs Must Die! 2.url
    [2012/09/20 12:57:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/19 15:20:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/19 15:11:22 | 000,721,800 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/19 15:00:35 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/19 15:00:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/09/19 14:35:21 | 000,000,914 | ---- | M] () -- C:\Users\Maegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/19 14:35:21 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/19 13:50:49 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2012/09/19 13:45:31 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    [2012/09/19 13:39:59 | 000,000,974 | ---- | M] () -- C:\Users\Maegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/09/19 13:39:59 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/19 12:56:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/09/20 15:15:51 | 000,000,222 | ---- | C] () -- C:\Users\Maegan\Desktop\Orcs Must Die! 2.url
    [2012/09/20 13:18:28 | 3216,957,440 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/20 12:32:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/20 12:32:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/20 12:32:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/20 12:32:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/20 12:32:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/19 15:12:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/19 15:11:22 | 000,721,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/19 15:00:35 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/19 15:00:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/09/19 14:35:21 | 000,000,914 | ---- | C] () -- C:\Users\Maegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/19 14:35:21 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/19 14:35:21 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/19 13:46:21 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2012/09/19 13:45:31 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    [2012/09/19 13:39:59 | 000,000,974 | ---- | C] () -- C:\Users\Maegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/09/19 13:39:59 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/19 13:28:26 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/10/31 12:33:56 | 000,270,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/10/31 12:33:55 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/10/31 12:33:55 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/04/28 23:25:52 | 000,012,498 | -HS- | C] () -- C:\Users\Maegan\AppData\Local\6EUB
    [2010/04/28 23:25:52 | 000,012,498 | -HS- | C] () -- C:\ProgramData\6EUB
    [2009/08/14 20:40:28 | 000,001,460 | ---- | C] () -- C:\Users\Maegan\AppData\Local\d3d9caps64.dat
    [2009/02/25 23:29:11 | 000,000,000 | ---- | C] () -- C:\Users\Maegan\jagex_runescape_preferences.dat
    [2009/02/25 20:18:00 | 000,007,052 | ---- | C] () -- C:\Users\Maegan\AppData\Local\d3d9caps.dat
    [2009/01/25 19:42:13 | 000,037,888 | ---- | C] () -- C:\Users\Maegan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2011/03/20 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\ivdb0dj0.2q2\xkhhymir.ios\1\l
    [2009/07/08 07:09:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\games\flash\u
    [2010/09/16 18:07:42 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\mirror\flash\l
    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    ========== LOP Check ==========

    [2012/09/19 15:24:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CheckPoint
    [2010/01/13 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Helios
    [2009/02/02 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\iolo
    [2012/09/19 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WinPatrol
    [2012/09/20 08:22:50 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\CheckPoint
    [2012/09/20 08:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kelsey\AppData\Roaming\WinPatrol
    [2010/01/12 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\acccore
    [2012/09/19 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\CheckPoint
    [2010/02/05 05:35:52 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\DriverCure
    [2009/10/16 11:03:39 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\ERS G-Studio
    [2010/06/27 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\FOG Downloader
    [2012/03/21 18:54:20 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\Helios
    [2012/09/19 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\iolo
    [2010/03/06 08:07:37 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\mp3rocket
    [2012/09/20 20:15:19 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\runic games
    [2009/04/11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\Skunk Studios
    [2012/09/19 14:54:54 | 000,000,000 | ---D | M] -- C:\Users\Maegan\AppData\Roaming\WinPatrol

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:737160C1
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5EF1AD34

    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77df1e66&psa=&st=sb&searchfor={searchTerms}
      IE - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=7AAD4BD8-802E-4BAD-926E-B5B5455D6A69
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
      O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
      O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-4069935306-1709804640-2620325657-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
      O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
      O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/03/20 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\ivdb0dj0.2q2\xkhhymir.ios\1\l
      [2009/07/08 07:09:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\games\flash\u
      [2010/09/16 18:07:42 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\mirror\flash\l
      [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:737160C1
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
      @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5EF1AD34
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ======================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    OTL Log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
    Registry key HKEY_USERS\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-4069935306-1709804640-2620325657-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
    C:\Windows\Downloaded Program Files\PhotoUploader5.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
    Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
    C:\Windows\Downloaded Program Files\PhotoUploader55.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Starting removal of ActiveX control {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
    C:\Windows\Downloaded Program Files\MySpaceUploader2.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Guest\AppData\LocalLow\Microsoft\Silverlight\is\ivdb0dj0.2q2\xkhhymir.ios\1\l folder moved successfully.
    C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\games\flash\u\uphill_rush\uphill_rush_agame_com.swf folder moved successfully.
    C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\games\flash\u\uphill_rush folder moved successfully.
    C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\games\flash\u folder moved successfully.
    C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\mirror\flash\l\learntofly.swf folder moved successfully.
    C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SFNNYWB\www8.agame.com\mirror\flash\l folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    ADS C:\ProgramData\TEMP:737160C1 deleted successfully.
    ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
    ADS C:\ProgramData\TEMP:5EF1AD34 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 538299354 bytes
    ->Java cache emptied: 31540580 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 340135 bytes

    User: Kelsey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 0 bytes

    User: Maegan
    ->Temp folder emptied: 4289549 bytes
    ->Temporary Internet Files folder emptied: 5750104 bytes
    ->Java cache emptied: 28373161 bytes
    ->FireFox cache emptied: 68181578 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 523 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2328404 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782730 bytes
    RecycleBin emptied: 3928510 bytes

    Total Files Cleaned = 686.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Kelsey

    User: Maegan
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Kelsey

    User: Maegan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.65.1 log created on 09232012_134703

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF31EA.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF31FF.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF6FD3.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF7323.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF760C.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF785A.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF7F8B.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DF7FFC.tmp not found!
    C:\Users\Maegan\AppData\Local\Temp\~DF9D03.tmp moved successfully.
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DFA20B.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DFA80C.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DFD741.tmp not found!
    File\Folder C:\Users\Maegan\AppData\Local\Temp\~DFDA8A.tmp not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\hsperfdata_MAEGAN-PC$\2212 not found!
    File\Folder C:\Windows\temp\ZLT066a5.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  15. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    Results of screen317's Security Check version 0.99.51
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 4.6
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java 7 Update 7
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.4.402.278
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    WinPatrol winpatrol.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    BillP Studios WinPatrol WinPatrol.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 10 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  16. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    Farbar Service Scanner Version: 19-09-2012
    Ran by Maegan (administrator) on 24-09-2012 at 07:10:00
    Running from "C:\Users\Maegan\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 13:25] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-13 21:27] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

    C:\Windows\System32\dnsrslvr.dll
    [2011-04-15 20:48] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

    C:\Windows\System32\mpssvc.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

    C:\Windows\System32\bfe.dll
    [2009-09-23 22:37] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-09-23 22:38] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

    C:\Windows\System32\wscsvc.dll
    [2009-09-23 22:37] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

    C:\Windows\System32\es.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

    C:\Windows\System32\cryptsvc.dll
    [2012-06-12 22:26] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-09-23 22:38] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



    **** End of log ****
     
  17. kozmyk

    kozmyk TS Rookie Topic Starter Posts: 19

    # AdwCleaner v2.003 - Logfile created 09/24/2012 at 07:13:04
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Maegan - MAEGAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Maegan\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\InstallMate
    File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Maegan\AppData\Roaming\Mozilla\Firefox\Profiles\9yektyh8.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\95gzfown.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2789 octets] - [24/09/2012 07:13:04]

    ########## EOF - C:\AdwCleaner[S1].txt - [2849 octets] ##########
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Still waiting for Eset scan log.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...