TechSpot

[A] Hard drive clusters damaged virus

By BuzzLightYear
Jan 2, 2012
  1. Sirs,

    I have encountered this virus and would greatly appreciate any help possible. I have found this thread: http://www.techspot.com/vb/topic172736.html and will follow the instructions therein as I am seemingly having the same issue.

    Thank you in advance for your help.

    - Buzz
     
  2. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    MB Log:

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.02.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    [administrator]

    Protection: Enabled

    1/2/2012 1:20:25 AM
    mbam-log-2012-01-02 (01-20-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 316905
    Time elapsed: 6 minute(s), 4 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\uiuKBUNRte.exe (Rogue.FakeHDD) -> 4776 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uiuKBUNRte.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\uiuKBUNRte.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\ProgramData\uiuKBUNRte.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\Users\***\AppData\Local\Temp\oiu0.32442432596112136.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\***\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
    C:\Users\***\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
    C:\Users\***\AppData\Local\Temp\wera0.7761111678477934.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
    C:\Users\***\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\***\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

    (end)
     
  3. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Gmer.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-02 03:20:15
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xF8 0x08 0xF8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xD8 0x40 0xA7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4C 0x91 0xFB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xF8 0x08 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xD8 0x40 0xA7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0x4C 0x91 0xFB ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Installer\MSI1119.tmp 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Point of Interest...

    While posting the Gmer info, I got multiple notifications from MB, stating the following:

    2012/01/02 03:22:22 -0500 USERNAME-DT User Name IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50933, Process: svchost.exe)

    All on multiple differing ports, to multiple, differing IPs.
     
  5. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    DDS Log "DDS.txt"

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by User Name at 3:27:35 on 2012-01-02
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6142.3819 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    -netsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    mRun: [<NO NAME>]
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &D&ownload &with BitComet
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet
    IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: xpect-software.com\xpectsoftwarellc
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{87D79DB6-D195-4F59-B967-B94E954FB93A} : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [(Default)]
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - component: C:\Users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - component: C:\Users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-4 375176]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-2 652872]
    R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-4-28 2060192]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-26 2253120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
    R2 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
    R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-1 1153368]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 136176]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Windows\system32\SWGvcSvc.exe --> C:\Windows\system32\SWGvcSvc.exe [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-12-21 616400]
    S4 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-21 342480]
    S4 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-21 86224]
    S4 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-21 110032]
    S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-12-21 463824]
    .
    =============== Created Last 30 ================
    .
    2012-01-02 08:08:20 1095010 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
    2012-01-02 06:19:31 -------- d-----w- C:\Users\UserName\AppData\Roaming\Malwarebytes
    2012-01-02 06:19:15 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-02 06:19:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-01-02 06:19:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-02 05:16:21 356864 ---ha-w- C:\ProgramData\Z4ok6TwKlW3VO5.exe
    2012-01-02 03:18:03 20480 ----a-w- C:\Windows\svchost.exe
    2011-12-31 18:09:09 626688 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-31 18:09:09 548864 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-31 18:09:09 479232 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-31 18:09:09 43992 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-28 20:49:34 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2011-12-21 14:24:26 -------- d--h--w- C:\Users\UserName\AppData\Roaming\Avira
    2011-12-21 14:23:56 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-12-21 14:23:56 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-12-21 14:23:56 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys
    2011-12-21 14:23:55 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys
    2011-12-21 14:23:55 -------- d--h--w- C:\ProgramData\Avira
    2011-12-21 14:23:55 -------- d--h--w- C:\Program Files (x86)\Avira
    2011-12-20 10:59:13 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E55EB8CB-281E-42D8-8496-6948528C11F6}\mpengine.dll
    2011-12-19 03:56:31 -------- d--h--w- C:\Users\UserName\AppData\Local\ESN Sonar
    2011-12-15 03:14:35 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 03:14:35 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 03:14:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 03:14:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 03:14:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 03:14:31 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2012-01-01 20:08:11 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-01-01 20:08:11 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-01-01 19:45:22 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-12-18 08:24:32 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2011-12-18 08:24:31 80768 ----a-w- C:\Windows\System32\LMIinit.dll
    2011-12-18 08:24:31 34688 ----a-w- C:\Windows\System32\LMIport.dll
    2011-12-07 20:50:44 75136 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-28 02:02:36 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-18 23:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2011-10-18 22:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll
    2011-10-18 17:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2011-10-18 17:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll
    2011-10-18 15:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2011-10-17 21:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2011-10-15 04:54:52 321856 ---ha-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-10-14 17:43:48 1873920 ----a-w- C:\Windows\System32\RCoRes64.dat
    2011-10-12 14:22:48 72080 ---ha-w- C:\Users\UserName\g2mdlhlpx.exe
    2011-10-06 14:55:29 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    .
    ============= FINISH: 3:28:21.91 ===============
     
  6. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Any and all help is greatly appreciated. Please let me know what I can do!

    Best
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    I still need Attach.txt part of DDS.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    DDS Log "Attach.txt"

    Great and thank you. Here is the "Attach.txt" file and I am running the others now. Will report asap.

    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/6/2009 10:01:54 PM
    System Uptime: 1/2/2012 1:23:26 PM (0 hours ago)
    .
    Motherboard: Gateway | | G33M05G1
    Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 295.735 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: eHome Infrared Receiver (USBCIR)
    Device ID: USB\VID_147A&PID_E034\00000000
    Manufacturer: Microsoft
    Name: eHome Infrared Receiver (USBCIR)
    PNP Device ID: USB\VID_147A&PID_E034\00000000
    Service: usbcir
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SonicWALL Virtual NIC
    Device ID: ROOT\SWVNIC\0000
    Manufacturer: SonicWALL
    Name: SonicWALL Virtual NIC
    PNP Device ID: ROOT\SWVNIC\0000
    Service: SWVNIC
    .
    ==== System Restore Points ===================
    .
    RP428: 12/15/2011 3:00:16 AM - Windows Update
    RP429: 12/20/2011 5:58:46 AM - Windows Update
    RP430: 12/22/2011 3:00:10 AM - Windows Update
    RP431: 12/30/2011 12:00:10 AM - Scheduled Checkpoint
    RP432: 1/2/2012 3:00:16 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AC3Filter 1.63b
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.7 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader 9.4.6
    Apple Application Support
    Apple Software Update
    Audacity 1.2.6
    Auto Gordian Knot 2.55
    avi.NET 2.7.0.0
    Avira Internet Security 2012
    AviSynth 2.5
    Battlefield 3™
    Battlelog Web Plugins
    BlackBerry Desktop Software 6.1
    BlackBerry Smartphone Simulators 4.6.0.150 (9000)
    BlackBerry Smartphone Simulators 6.0.0.246 (9800-ATT)
    BlackBerry Smartphone Simulators 6.0.0.431 (9330-Verizon)
    Camtasia Studio 6
    Convert VOB to AVI 1.7
    Core FTP LE 2.1
    D3DX10
    DAEMON Tools Lite
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DVD Decrypter (Remove Only)
    Epson Print CD
    ESN Sonar
    FaceVACS-SDK 8.2.1
    Fences
    Google Earth
    Google SketchUp 8
    Google Update Helper
    GoToMeeting 4.8.0.723
    iCamSource
    J2SE Development Kit 5.0 Update 22
    J2SE Runtime Environment 5.0 Update 22
    Java Auto Updater
    Java(TM) 6 Update 20
    LAME v3.98.2 for Audacity
    LogMeIn
    Macrobject Word-2-CHM 2009.3.114.2408
    Magic ISO Maker v5.5 (build 0265)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (SQLEXPRESS)
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server 2008 R2 Report Builder 3.0
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NGRAIN Viewer 4.0
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Origin
    PDF Settings CS5
    PunkBuster Services
    PxMergeModule
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RocketDock 1.3.5
    Rosetta Stone 2.2.0.0A
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype™ 5.5
    SnagIt 8
    Spybot - Search & Destroy
    System Requirements Lab
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VideoLAN Movie Creator
    VirtualLab Client 6.0.4
    VLC media player 1.1.8
    VobSub v2.23 (Remove Only)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    XviD MPEG4 Video Codec (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 4:05:07 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.
    12/29/2011 6:00:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    12/28/2011 11:31:15 PM, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
    1/2/2012 2:46:59 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    1/2/2012 2:43:58 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:42:49 AM, Error: Service Control Manager [7001] - The Windows Mobile-2003-based device connectivity service depends on the Windows Mobile-based device connectivity service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:41:20 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:40:44 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:40:39 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:40:39 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:40:31 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 2:38:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/2/2012 2:38:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/2/2012 2:38:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/2/2012 2:38:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avfwot avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vmm Wanarpv6 WfpLwf ws2ifsl
    1/2/2012 2:38:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    1/2/2012 2:37:35 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    1/2/2012 2:36:54 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    1/2/2012 12:18:52 AM, Error: volsnap [14] - The shadow copies of volume I: were aborted because of an IO failure on volume I:.
    1/2/2012 12:18:52 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Maxtor [1TB].
    1/2/2012 12:18:45 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    1/2/2012 10:32:47 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer UserName-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{87D79DB6-D195-4F59-B967-B94E954FB93A}. The master browser is stopping or an election is being forced.
    1/2/2012 1:25:41 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
    1/2/2012 1:25:41 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
    1/2/2012 1:25:41 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
    1/2/2012 1:24:44 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    1/2/2012 1:24:23 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    1/2/2012 1:24:18 PM, Error: Service Control Manager [7000] - The SQL Server FullText Search (MSSQLSERVER) service failed to start due to the following error: The system cannot find the file specified.
    1/2/2012 1:23:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000400000002, 0xfffff880033bda68, 0xfffff880033bd2c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010212-28189-01.
    1/1/2012 10:21:17 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 10:19:07 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/1/2012 10:18:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    1/1/2012 10:18:41 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  9. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    aswMBR Log

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-02 13:34:32
    -----------------------------
    13:34:32.055 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:32.056 Number of processors: 4 586 0x1707
    13:34:32.056 ComputerName: UserName-DT UserName: UserName
    13:34:33.200 Initialize success
    13:35:03.845 AVAST engine defs: 12010200
    13:35:11.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    13:35:11.553 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
    13:35:11.555 Device \Driver\atapi -> MajorFunction fffffa8006c8b5c4
    13:35:11.557 Disk 0 MBR read successfully
    13:35:11.560 Disk 0 MBR scan
    13:35:11.564 Disk 0 MBR:pihar-C [Rtk]
    13:35:11.567 Disk 0 TDL4@MBR code has been found
    13:35:11.569 Disk 0 Windows 7 default MBR code found via API
    13:35:11.572 Disk 0 MBR hidden
    13:35:11.590 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610478 MB offset 2048
    13:35:11.595 Disk 0 MBR [TDL4] **ROOTKIT**
    13:35:11.599 Disk 0 trace - called modules:
    13:35:11.603 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006c8b5c4]<<
    13:35:11.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064a6060]
    13:35:11.613 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80061cae40]
    13:35:11.618 5 ACPI.sys[fffff880011ac7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061e5060]
    13:35:11.622 \Driver\atapi[0xfffffa80063bb990] -> IRP_MJ_CREATE -> 0xfffffa8006c8b5c4
    13:35:14.272 AVAST engine scan C:\Windows
    13:35:16.690 AVAST engine scan C:\Windows\system32
    13:36:50.834 AVAST engine scan C:\Windows\system32\drivers
    13:37:01.659 AVAST engine scan C:\Users\UserName
    13:46:46.972 AVAST engine scan C:\ProgramData
    13:50:25.860 File: C:\ProgramData\Z4ok6TwKlW3VO5.exe **INFECTED** Win32:Malware-gen
    13:50:27.389 Scan finished successfully
    13:51:12.837 Disk 0 MBR has been saved successfully to "C:\Users\UserName\Desktop\VD1\MBR.dat"
    13:51:12.842 The log file has been saved successfully to "C:\Users\UserName\Desktop\VD1\aswMBR.txt"
     
  10. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    ComboFix.txt Log

    ComboFix 12-01-02.01 - User Name 01/02/2012 14:03:20.1.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6142.3914 [GMT -5:00]
    Running from: C:\Users\User Name\Desktop\VD1\ComboFix.exe
    AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
  11. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    RKill Log

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/02/2012 at 14:20:52.
    Operating System: Windows 7 Enterprise


    Processes terminated by Rkill or while it was running:

    \\.\globalroot\systemroot\svchost.exe


    Rkill completed on 01/02/2012 at 14:21:00.

    ***Also worth noting that I am unable to start my AV software (Avira); "Access is denied". And I removed Kaspersky about a month ago and it is apparently still lingering around ***
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  13. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    TDSS Killer Report

    17:02:13.0538 6900 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    17:02:13.0830 6900 ============================================================
    17:02:13.0830 6900 Current date / time: 2012/01/02 17:02:13.0830
    17:02:13.0830 6900 SystemInfo:
    17:02:13.0830 6900
    17:02:13.0831 6900 OS Version: 6.1.7601 ServicePack: 1.0
    17:02:13.0831 6900 Product type: Workstation
    17:02:13.0831 6900 ComputerName: UserName-DT
    17:02:13.0831 6900 UserName: UserName
    17:02:13.0831 6900 Windows directory: C:\Windows
    17:02:13.0831 6900 System windows directory: C:\Windows
    17:02:13.0831 6900 Running under WOW64
    17:02:13.0831 6900 Processor architecture: Intel x64
    17:02:13.0831 6900 Number of processors: 4
    17:02:13.0831 6900 Page size: 0x1000
    17:02:13.0831 6900 Boot type: Normal boot
    17:02:13.0831 6900 ============================================================
    17:02:15.0489 6900 Initialize success
    17:09:26.0097 4904 ============================================================
    17:09:26.0097 4904 Scan started
    17:09:26.0097 4904 Mode: Manual;
    17:09:26.0097 4904 ============================================================
    17:09:27.0888 4904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:09:27.0890 4904 1394ohci - ok
    17:09:27.0912 4904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:09:27.0916 4904 ACPI - ok
    17:09:27.0948 4904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:09:27.0949 4904 AcpiPmi - ok
    17:09:27.0984 4904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:09:27.0999 4904 adp94xx - ok
    17:09:28.0036 4904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:09:28.0040 4904 adpahci - ok
    17:09:28.0059 4904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:09:28.0061 4904 adpu320 - ok
    17:09:28.0115 4904 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    17:09:28.0122 4904 AFD - ok
    17:09:28.0153 4904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:09:28.0154 4904 agp440 - ok
    17:09:28.0207 4904 aksdf (bc569a6c209d94f6643ee35710aec1f6) C:\Windows\system32\DRIVERS\aksdf.sys
    17:09:28.0208 4904 aksdf - ok
    17:09:28.0226 4904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:09:28.0227 4904 aliide - ok
    17:09:28.0237 4904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:09:28.0238 4904 amdide - ok
    17:09:28.0256 4904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:09:28.0257 4904 AmdK8 - ok
    17:09:28.0268 4904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:09:28.0269 4904 AmdPPM - ok
    17:09:28.0293 4904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:09:28.0295 4904 amdsata - ok
    17:09:28.0323 4904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:09:28.0326 4904 amdsbs - ok
    17:09:28.0340 4904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:09:28.0341 4904 amdxata - ok
    17:09:28.0406 4904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:09:28.0408 4904 AppID - ok
    17:09:28.0464 4904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:09:28.0466 4904 arc - ok
    17:09:28.0489 4904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:09:28.0490 4904 arcsas - ok
    17:09:28.0537 4904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:09:28.0538 4904 AsyncMac - ok
    17:09:28.0574 4904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:09:28.0574 4904 atapi - ok
    17:09:28.0613 4904 avfwim (886ceddeb9e347f7c37263ca234eae65) C:\Windows\system32\DRIVERS\avfwim.sys
    17:09:28.0614 4904 avfwim - ok
    17:09:28.0659 4904 avfwot (10ce27cb8e47feb48f557e0cd8d1874d) C:\Windows\system32\DRIVERS\avfwot.sys
    17:09:28.0661 4904 avfwot - ok
    17:09:28.0794 4904 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    17:09:28.0795 4904 avgntflt - ok
    17:09:28.0806 4904 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
    17:09:28.0808 4904 avipbb - ok
    17:09:28.0843 4904 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
    17:09:28.0844 4904 avkmgr - ok
    17:09:28.0882 4904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:09:28.0897 4904 b06bdrv - ok
    17:09:28.0962 4904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:09:28.0965 4904 b57nd60a - ok
    17:09:29.0005 4904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:09:29.0006 4904 Beep - ok
    17:09:29.0050 4904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:09:29.0051 4904 blbdrive - ok
    17:09:29.0111 4904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:09:29.0112 4904 bowser - ok
    17:09:29.0144 4904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:09:29.0145 4904 BrFiltLo - ok
    17:09:29.0159 4904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:09:29.0160 4904 BrFiltUp - ok
    17:09:29.0178 4904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:09:29.0181 4904 Brserid - ok
    17:09:29.0217 4904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:09:29.0218 4904 BrSerWdm - ok
    17:09:29.0249 4904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:09:29.0250 4904 BrUsbMdm - ok
    17:09:29.0267 4904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:09:29.0268 4904 BrUsbSer - ok
    17:09:29.0285 4904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:09:29.0286 4904 BTHMODEM - ok
    17:09:29.0328 4904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:09:29.0329 4904 cdfs - ok
    17:09:29.0372 4904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:09:29.0375 4904 cdrom - ok
    17:09:29.0411 4904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:09:29.0412 4904 circlass - ok
    17:09:29.0445 4904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:09:29.0449 4904 CLFS - ok
    17:09:29.0513 4904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:09:29.0514 4904 CmBatt - ok
    17:09:29.0548 4904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:09:29.0549 4904 cmdide - ok
    17:09:29.0579 4904 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    17:09:29.0584 4904 CNG - ok
    17:09:29.0601 4904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:09:29.0602 4904 Compbatt - ok
    17:09:29.0636 4904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:09:29.0637 4904 CompositeBus - ok
    17:09:29.0652 4904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:09:29.0657 4904 crcdisk - ok
    17:09:29.0718 4904 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    17:09:29.0726 4904 CSC - ok
    17:09:29.0767 4904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:09:29.0769 4904 DfsC - ok
    17:09:29.0782 4904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:09:29.0783 4904 discache - ok
    17:09:29.0821 4904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:09:29.0823 4904 Disk - ok
    17:09:29.0961 4904 DNE (ea4eb746ff1e364dad5cbc9cb8dcdbf2) C:\Windows\system32\DRIVERS\dne64x.sys
    17:09:29.0963 4904 DNE - ok
    17:09:29.0995 4904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:09:29.0996 4904 drmkaud - ok
    17:09:30.0039 4904 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    17:09:30.0042 4904 dtsoftbus01 - ok
    17:09:30.0092 4904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:09:30.0109 4904 DXGKrnl - ok
    17:09:30.0141 4904 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
    17:09:30.0144 4904 e1express - ok
    17:09:30.0209 4904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:09:30.0261 4904 ebdrv - ok
    17:09:30.0304 4904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:09:30.0322 4904 elxstor - ok
    17:09:30.0377 4904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:09:30.0377 4904 ErrDev - ok
    17:09:30.0399 4904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:09:30.0402 4904 exfat - ok
    17:09:30.0416 4904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:09:30.0419 4904 fastfat - ok
    17:09:30.0444 4904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:09:30.0445 4904 fdc - ok
    17:09:30.0478 4904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:09:30.0479 4904 FileInfo - ok
    17:09:30.0495 4904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:09:30.0496 4904 Filetrace - ok
    17:09:30.0547 4904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:09:30.0548 4904 flpydisk - ok
    17:09:30.0585 4904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:09:30.0589 4904 FltMgr - ok
    17:09:30.0631 4904 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
    17:09:30.0632 4904 FlyUsb - ok
    17:09:30.0656 4904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:09:30.0665 4904 FsDepends - ok
    17:09:30.0681 4904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:09:30.0682 4904 Fs_Rec - ok
    17:09:30.0714 4904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:09:30.0717 4904 fvevol - ok
    17:09:30.0736 4904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:09:30.0738 4904 gagp30kx - ok
    17:09:30.0777 4904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:09:30.0778 4904 GEARAspiWDM - ok
    17:09:30.0892 4904 Hardlock (d8bf3c594bd17a37960362e6c6739b90) C:\Windows\system32\drivers\hardlock.sys
    17:09:30.0895 4904 Hardlock - ok
    17:09:30.0932 4904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:09:30.0933 4904 hcw85cir - ok
    17:09:30.0982 4904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:09:30.0986 4904 HdAudAddService - ok
    17:09:31.0106 4904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:09:31.0107 4904 HDAudBus - ok
    17:09:31.0135 4904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:09:31.0136 4904 HidBatt - ok
    17:09:31.0154 4904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:09:31.0155 4904 HidBth - ok
    17:09:31.0171 4904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:09:31.0172 4904 HidIr - ok
    17:09:31.0211 4904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:09:31.0212 4904 HidUsb - ok
    17:09:31.0248 4904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:09:31.0249 4904 HpSAMD - ok
    17:09:31.0288 4904 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    17:09:31.0289 4904 HTCAND64 - ok
    17:09:31.0342 4904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:09:31.0359 4904 HTTP - ok
    17:09:31.0413 4904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:09:31.0414 4904 hwpolicy - ok
    17:09:31.0450 4904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:09:31.0452 4904 i8042prt - ok
    17:09:31.0479 4904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:09:31.0484 4904 iaStorV - ok
    17:09:31.0519 4904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:09:31.0521 4904 iirsp - ok
    17:09:31.0642 4904 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
    17:09:31.0719 4904 IntcAzAudAddService - ok
    17:09:31.0750 4904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:09:31.0751 4904 intelide - ok
    17:09:31.0774 4904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:09:31.0774 4904 intelppm - ok
    17:09:31.0810 4904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:09:31.0811 4904 IpFilterDriver - ok
    17:09:31.0869 4904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:09:31.0871 4904 IPMIDRV - ok
    17:09:31.0885 4904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:09:31.0886 4904 IPNAT - ok
    17:09:31.0935 4904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:09:31.0936 4904 IRENUM - ok
    17:09:31.0974 4904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:09:31.0975 4904 isapnp - ok
    17:09:32.0003 4904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:09:32.0006 4904 iScsiPrt - ok
    17:09:32.0025 4904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:09:32.0026 4904 kbdclass - ok
    17:09:32.0053 4904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:09:32.0054 4904 kbdhid - ok
    17:09:32.0074 4904 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    17:09:32.0075 4904 KSecDD - ok
    17:09:32.0113 4904 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:09:32.0115 4904 KSecPkg - ok
    17:09:32.0130 4904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:09:32.0131 4904 ksthunk - ok
    17:09:32.0256 4904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:09:32.0257 4904 lltdio - ok
    17:09:32.0294 4904 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    17:09:32.0295 4904 LMIInfo - ok
    17:09:32.0319 4904 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
    17:09:32.0320 4904 lmimirr - ok
    17:09:32.0327 4904 LMIRfsClientNP - ok
    17:09:32.0357 4904 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
    17:09:32.0358 4904 LMIRfsDriver - ok
    17:09:32.0391 4904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:09:32.0393 4904 LSI_FC - ok
    17:09:32.0405 4904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:09:32.0407 4904 LSI_SAS - ok
    17:09:32.0424 4904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:09:32.0425 4904 LSI_SAS2 - ok
    17:09:32.0440 4904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:09:32.0442 4904 LSI_SCSI - ok
    17:09:32.0463 4904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:09:32.0465 4904 luafv - ok
    17:09:32.0506 4904 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
    17:09:32.0510 4904 LVRS64 - ok
    17:09:32.0607 4904 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
    17:09:32.0668 4904 LVUVC64 - ok
    17:09:32.0708 4904 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    17:09:32.0709 4904 MBAMProtector - ok
    17:09:32.0747 4904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:09:32.0748 4904 megasas - ok
    17:09:32.0765 4904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:09:32.0769 4904 MegaSR - ok
    17:09:32.0790 4904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:09:32.0791 4904 Modem - ok
    17:09:32.0825 4904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:09:32.0826 4904 monitor - ok
    17:09:32.0888 4904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:09:32.0889 4904 mouclass - ok
    17:09:32.0908 4904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:09:32.0909 4904 mouhid - ok
    17:09:32.0935 4904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:09:32.0936 4904 mountmgr - ok
    17:09:32.0979 4904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:09:32.0981 4904 mpio - ok
    17:09:33.0000 4904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:09:33.0001 4904 mpsdrv - ok
    17:09:33.0038 4904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:09:33.0040 4904 MRxDAV - ok
    17:09:33.0075 4904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:09:33.0077 4904 mrxsmb - ok
    17:09:33.0105 4904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:09:33.0109 4904 mrxsmb10 - ok
    17:09:33.0125 4904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:09:33.0127 4904 mrxsmb20 - ok
    17:09:33.0141 4904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:09:33.0142 4904 msahci - ok
    17:09:33.0174 4904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:09:33.0176 4904 msdsm - ok
    17:09:33.0198 4904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:09:33.0199 4904 Msfs - ok
    17:09:33.0293 4904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:09:33.0294 4904 mshidkmdf - ok
    17:09:33.0307 4904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:09:33.0308 4904 msisadrv - ok
    17:09:33.0426 4904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:09:33.0427 4904 MSKSSRV - ok
    17:09:33.0465 4904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:09:33.0466 4904 MSPCLOCK - ok
    17:09:33.0479 4904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:09:33.0480 4904 MSPQM - ok
    17:09:33.0517 4904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:09:33.0522 4904 MsRPC - ok
    17:09:33.0554 4904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:09:33.0555 4904 mssmbios - ok
    17:09:33.0588 4904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:09:33.0588 4904 MSTEE - ok
    17:09:33.0606 4904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:09:33.0607 4904 MTConfig - ok
    17:09:33.0628 4904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:09:33.0629 4904 Mup - ok
    17:09:33.0659 4904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:09:33.0663 4904 NativeWifiP - ok
    17:09:33.0715 4904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:09:33.0733 4904 NDIS - ok
    17:09:33.0762 4904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:09:33.0764 4904 NdisCap - ok
    17:09:33.0778 4904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:09:33.0779 4904 NdisTapi - ok
    17:09:33.0809 4904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:09:33.0810 4904 Ndisuio - ok
    17:09:33.0845 4904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:09:33.0848 4904 NdisWan - ok
    17:09:33.0884 4904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:09:33.0886 4904 NDProxy - ok
    17:09:33.0897 4904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:09:33.0899 4904 NetBIOS - ok
    17:09:33.0929 4904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:09:33.0932 4904 NetBT - ok
    17:09:33.0990 4904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:09:33.0991 4904 nfrd960 - ok
    17:09:34.0007 4904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:09:34.0009 4904 Npfs - ok
    17:09:34.0019 4904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:09:34.0020 4904 nsiproxy - ok
    17:09:34.0091 4904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:09:34.0117 4904 Ntfs - ok
    17:09:34.0141 4904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:09:34.0142 4904 Null - ok
    17:09:34.0187 4904 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
    17:09:34.0189 4904 NVHDA - ok
    17:09:34.0426 4904 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:09:34.0729 4904 nvlddmkm - ok
    17:09:34.0768 4904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:09:34.0770 4904 nvraid - ok
    17:09:34.0784 4904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:09:34.0786 4904 nvstor - ok
    17:09:34.0836 4904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:09:34.0837 4904 nv_agp - ok
    17:09:34.0874 4904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:09:34.0875 4904 ohci1394 - ok
    17:09:34.0928 4904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:09:34.0929 4904 Parport - ok
    17:09:34.0958 4904 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:09:34.0959 4904 partmgr - ok
    17:09:34.0974 4904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:09:34.0976 4904 pci - ok
    17:09:34.0992 4904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:09:34.0993 4904 pciide - ok
    17:09:35.0011 4904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:09:35.0014 4904 pcmcia - ok
    17:09:35.0032 4904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:09:35.0033 4904 pcw - ok
    17:09:35.0053 4904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:09:35.0071 4904 PEAUTH - ok
    17:09:35.0205 4904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:09:35.0207 4904 PptpMiniport - ok
    17:09:35.0219 4904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:09:35.0221 4904 Processor - ok
    17:09:35.0266 4904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:09:35.0267 4904 Psched - ok
    17:09:35.0313 4904 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    17:09:35.0315 4904 PxHlpa64 - ok
    17:09:35.0356 4904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:09:35.0381 4904 ql2300 - ok
    17:09:35.0404 4904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:09:35.0406 4904 ql40xx - ok
    17:09:35.0425 4904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:09:35.0426 4904 QWAVEdrv - ok
    17:09:35.0448 4904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:09:35.0449 4904 RasAcd - ok
    17:09:35.0468 4904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:09:35.0470 4904 RasAgileVpn - ok
    17:09:35.0504 4904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:09:35.0506 4904 Rasl2tp - ok
    17:09:35.0526 4904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:09:35.0528 4904 RasPppoe - ok
    17:09:35.0542 4904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:09:35.0543 4904 RasSstp - ok
    17:09:35.0578 4904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:09:35.0582 4904 rdbss - ok
    17:09:35.0597 4904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:09:35.0598 4904 rdpbus - ok
    17:09:35.0612 4904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:09:35.0613 4904 RDPCDD - ok
    17:09:35.0649 4904 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    17:09:35.0652 4904 RDPDR - ok
    17:09:35.0782 4904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:09:35.0782 4904 RDPENCDD - ok
    17:09:35.0800 4904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:09:35.0801 4904 RDPREFMP - ok
    17:09:35.0843 4904 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    17:09:35.0844 4904 RdpVideoMiniport - ok
    17:09:35.0879 4904 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:09:35.0882 4904 RDPWD - ok
    17:09:35.0918 4904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:09:35.0921 4904 rdyboost - ok
    17:09:35.0973 4904 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    17:09:35.0974 4904 RimUsb - ok
    17:09:36.0009 4904 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    17:09:36.0010 4904 RimVSerPort - ok
    17:09:36.0041 4904 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    17:09:36.0042 4904 ROOTMODEM - ok
    17:09:36.0059 4904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:09:36.0061 4904 rspndr - ok
    17:09:36.0087 4904 RTSTOR (fe1d4924e1680a192f9617c5eca19c93) C:\Windows\system32\drivers\RTSTOR64.SYS
    17:09:36.0087 4904 RTSTOR - ok
    17:09:36.0118 4904 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    17:09:36.0119 4904 s3cap - ok
    17:09:36.0156 4904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:09:36.0158 4904 sbp2port - ok
    17:09:36.0201 4904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:09:36.0202 4904 scfilter - ok
    17:09:36.0225 4904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:09:36.0226 4904 secdrv - ok
    17:09:36.0243 4904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:09:36.0244 4904 Serenum - ok
    17:09:36.0263 4904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:09:36.0265 4904 Serial - ok
    17:09:36.0295 4904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:09:36.0296 4904 sermouse - ok
    17:09:36.0336 4904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:09:36.0337 4904 sffdisk - ok
    17:09:36.0374 4904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:09:36.0375 4904 sffp_mmc - ok
    17:09:36.0392 4904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:09:36.0393 4904 sffp_sd - ok
    17:09:36.0407 4904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:09:36.0408 4904 sfloppy - ok
    17:09:36.0428 4904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:09:36.0429 4904 SiSRaid2 - ok
    17:09:36.0446 4904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:09:36.0447 4904 SiSRaid4 - ok
    17:09:36.0474 4904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:09:36.0476 4904 Smb - ok
    17:09:36.0502 4904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:09:36.0503 4904 spldr - ok
    17:09:36.0603 4904 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    17:09:36.0604 4904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    17:09:36.0616 4904 sptd ( LockedFile.Multi.Generic ) - warning
    17:09:36.0616 4904 sptd - detected LockedFile.Multi.Generic (1)
    17:09:36.0702 4904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:09:36.0720 4904 srv - ok
    17:09:36.0745 4904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:09:36.0762 4904 srv2 - ok
    17:09:36.0804 4904 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
    17:09:36.0818 4904 SrvHsfPCI - ok
    17:09:36.0865 4904 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:09:36.0974 4904 SrvHsfV92 - ok
    17:09:36.0998 4904 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:09:37.0015 4904 SrvHsfWinac - ok
    17:09:37.0041 4904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:09:37.0043 4904 srvnet - ok
    17:09:37.0082 4904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:09:37.0084 4904 stexstor - ok
    17:09:37.0129 4904 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    17:09:37.0130 4904 storflt - ok
    17:09:37.0155 4904 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    17:09:37.0156 4904 storvsc - ok
    17:09:37.0175 4904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:09:37.0176 4904 swenum - ok
    17:09:37.0219 4904 SWIPsec (221643f720160fddc3c46989edb1bfe8) C:\Windows\system32\Drivers\SWIPsec.sys
    17:09:37.0221 4904 SWIPsec - ok
    17:09:37.0283 4904 SWVNIC (d1c6bea0cff4850fade172a4b2434359) C:\Windows\system32\DRIVERS\swvnic.sys
    17:09:37.0285 4904 SWVNIC - ok
    17:09:37.0292 4904 Synth3dVsc - ok
    17:09:37.0355 4904 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:09:37.0390 4904 Tcpip - ok
    17:09:37.0478 4904 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:09:37.0488 4904 TCPIP6 - ok
    17:09:37.0522 4904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:09:37.0524 4904 tcpipreg - ok
    17:09:37.0554 4904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:09:37.0556 4904 TDPIPE - ok
    17:09:37.0576 4904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:09:37.0577 4904 TDTCP - ok
    17:09:37.0621 4904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:09:37.0623 4904 tdx - ok
    17:09:37.0662 4904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:09:37.0663 4904 TermDD - ok
    17:09:37.0710 4904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:09:37.0713 4904 tssecsrv - ok
    17:09:37.0746 4904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:09:37.0748 4904 TsUsbFlt - ok
    17:09:37.0757 4904 tsusbhub - ok
    17:09:37.0801 4904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:09:37.0803 4904 tunnel - ok
    17:09:37.0823 4904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:09:37.0824 4904 uagp35 - ok
    17:09:37.0861 4904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:09:37.0865 4904 udfs - ok
    17:09:38.0435 4904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:09:38.0437 4904 uliagpkx - ok
    17:09:38.0598 4904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    17:09:38.0600 4904 umbus - ok
    17:09:38.0733 4904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:09:38.0734 4904 UmPass - ok
    17:09:38.0781 4904 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    17:09:38.0782 4904 USBAAPL64 - ok
    17:09:38.0803 4904 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:09:38.0805 4904 usbaudio - ok
    17:09:38.0827 4904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:09:38.0829 4904 usbccgp - ok
    17:09:38.0864 4904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:09:38.0865 4904 usbcir - ok
    17:09:38.0886 4904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:09:38.0887 4904 usbehci - ok
    17:09:38.0923 4904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:09:38.0927 4904 usbhub - ok
    17:09:38.0941 4904 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    17:09:38.0942 4904 usbohci - ok
    17:09:38.0955 4904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:09:38.0957 4904 usbprint - ok
    17:09:38.0980 4904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:09:38.0981 4904 USBSTOR - ok
    17:09:38.0997 4904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:09:38.0998 4904 usbuhci - ok
    17:09:39.0023 4904 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:09:39.0026 4904 usbvideo - ok
    17:09:39.0061 4904 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    17:09:39.0062 4904 usb_rndisx - ok
    17:09:39.0105 4904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:09:39.0106 4904 vdrvroot - ok
    17:09:39.0125 4904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:09:39.0126 4904 vga - ok
    17:09:39.0146 4904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:09:39.0147 4904 VgaSave - ok
    17:09:39.0154 4904 VGPU - ok
    17:09:39.0192 4904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:09:39.0196 4904 vhdmp - ok
    17:09:39.0212 4904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:09:39.0213 4904 viaide - ok
    17:09:39.0243 4904 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    17:09:39.0246 4904 vmbus - ok
    17:09:39.0262 4904 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    17:09:39.0263 4904 VMBusHID - ok
    17:09:39.0311 4904 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
    17:09:39.0314 4904 vmm - ok
    17:09:39.0328 4904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:09:39.0330 4904 volmgr - ok
    17:09:39.0365 4904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:09:39.0369 4904 volmgrx - ok
    17:09:39.0394 4904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:09:39.0399 4904 volsnap - ok
    17:09:39.0430 4904 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
    17:09:39.0431 4904 VPCNetS2 - ok
    17:09:39.0452 4904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:09:39.0455 4904 vsmraid - ok
    17:09:39.0478 4904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    17:09:39.0480 4904 vwifibus - ok
    17:09:39.0504 4904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:09:39.0505 4904 WacomPen - ok
    17:09:39.0635 4904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:09:39.0637 4904 WANARP - ok
    17:09:39.0644 4904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:09:39.0645 4904 Wanarpv6 - ok
    17:09:39.0689 4904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:09:39.0690 4904 Wd - ok
    17:09:39.0720 4904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:09:39.0737 4904 Wdf01000 - ok
    17:09:39.0787 4904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:09:39.0788 4904 WfpLwf - ok
    17:09:39.0803 4904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:09:39.0814 4904 WIMMount - ok
    17:09:39.0882 4904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:09:39.0884 4904 WinUsb - ok
    17:09:39.0935 4904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:09:39.0936 4904 WmiAcpi - ok
    17:09:39.0969 4904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:09:39.0970 4904 ws2ifsl - ok
    17:09:40.0031 4904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:09:40.0033 4904 WudfPf - ok
    17:09:40.0062 4904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:09:40.0065 4904 WUDFRd - ok
    17:09:40.0085 4904 XHASP - ok
    17:09:40.0135 4904 xpvcom - ok
    17:09:40.0180 4904 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    17:09:40.0205 4904 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    17:09:40.0205 4904 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    17:09:40.0231 4904 Boot (0x1200) (6d563c8dbdb28f7fbee960ecb7d8b63a) \Device\Harddisk0\DR0\Partition0
    17:09:40.0233 4904 \Device\Harddisk0\DR0\Partition0 - ok
    17:09:40.0234 4904 ============================================================
    17:09:40.0234 4904 Scan finished
    17:09:40.0234 4904 ============================================================
    17:09:40.0245 4296 Detected object count: 2
    17:09:40.0245 4296 Actual detected object count: 2
    17:10:08.0759 4296 sptd ( LockedFile.Multi.Generic ) - skipped by user
    17:10:08.0759 4296 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    17:10:08.0785 4296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    17:10:08.0785 4296 \Device\Harddisk0\DR0 - ok
    17:10:08.0786 4296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    17:10:11.0383 6836 Deinitialize success
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Post new aswMBR log.

    Then, delete your Combofix file, download fresh one and run it again.
     
  15. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    ComboFix Log

    Broni,
    I was unable to get aswMBR to run. I received multiple "Avast Stopped Working" error messages, even when run as admin. I was however able to get ComboFix to run successfully, log below.

    ComboFix 11-12-27.01 - UserName 01/03/2012 12:58:10.2.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6142.3945 [GMT -5:00]
    Running from: c:\users\UserName\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\UserName\AppData\Roaming\chrtmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\UpdatusUser.UserName-DT\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\Mcx2-UserName-DT\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\Mcx1-UserName-DT\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-01-03 18:00 . 2012-01-03 18:00 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2012-01-02 08:08 . 2012-01-02 08:08 1095010 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\users\UserName\AppData\Roaming\Malwarebytes
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-02 06:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-02 05:16 . 2012-01-02 05:16 356864 ----a-w- c:\programdata\Z4ok6TwKlW3VO5.exe
    2011-12-31 18:09 . 2011-12-31 18:09 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-28 20:49 . 2009-08-20 04:50 24416 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-12-21 14:24 . 2011-12-21 14:24 -------- d-----w- c:\users\UserName\AppData\Roaming\Avira
    2011-12-21 14:23 . 2011-12-15 19:52 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-21 14:23 . 2011-12-15 19:52 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-21 14:23 . 2011-12-15 19:52 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
    2011-12-21 14:23 . 2011-12-15 19:52 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-12-21 14:23 . 2011-12-21 14:24 -------- d-----w- c:\programdata\Avira
    2011-12-21 14:23 . 2011-12-21 14:23 -------- d-----w- c:\program files (x86)\Avira
    2011-12-21 14:23 . 2011-12-15 19:52 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
    2011-12-20 10:59 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E55EB8CB-281E-42D8-8496-6948528C11F6}\mpengine.dll
    2011-12-19 03:56 . 2011-12-19 19:03 -------- d-----w- c:\users\UserNamee\AppData\Local\ESN Sonar
    2011-12-15 03:14 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 03:14 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 03:14 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 03:14 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 03:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 03:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-01 20:08 . 2011-10-26 01:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-01-01 20:08 . 2010-10-06 05:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-01-01 19:45 . 2010-10-06 05:07 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-18 08:24 . 2009-12-07 03:49 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-12-18 08:24 . 2009-12-07 03:49 34688 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-18 08:24 . 2009-12-07 03:49 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2011-12-14 16:11 . 2009-12-18 14:43 165232 ----a-w- c:\users\UserName\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-12-07 20:50 . 2011-10-26 01:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-12-04 15:36 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2011-10-28 02:02 . 2011-06-18 20:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-28 01:52 . 2011-10-28 01:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-10-28 01:52 . 2011-10-28 01:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-10-28 01:52 . 2011-10-28 01:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-10-28 01:52 . 2011-10-28 01:52 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-10-28 01:52 . 2011-10-28 01:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-10-28 01:52 . 2011-10-28 01:52 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-10-28 01:52 . 2011-10-28 01:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-10-28 01:52 . 2011-10-28 01:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-10-28 01:52 . 2011-10-28 01:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-10-28 01:52 . 2011-10-28 01:52 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-10-28 01:52 . 2011-10-28 01:52 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-10-28 01:52 . 2011-10-28 01:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-10-28 01:52 . 2011-10-28 01:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-10-28 01:52 . 2011-10-28 01:52 448512 ----a-w- c:\windows\system32\html.iec
    2011-10-28 01:52 . 2011-10-28 01:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-10-28 01:52 . 2011-10-28 01:52 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-10-28 01:52 . 2011-10-28 01:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-10-28 01:52 . 2011-10-28 01:52 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-10-28 01:52 . 2011-10-28 01:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-10-28 01:52 . 2011-10-28 01:52 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-10-28 01:52 . 2011-10-28 01:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-10-28 01:52 . 2011-10-28 01:52 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-10-28 01:52 . 2011-10-28 01:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-10-28 01:52 . 2011-10-28 01:52 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-10-28 01:52 . 2011-10-28 01:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-10-28 01:52 . 2011-10-28 01:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-10-28 01:52 . 2011-10-28 01:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-10-28 01:52 . 2011-10-28 01:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-10-28 01:52 . 2011-10-28 01:52 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-10-28 01:52 . 2011-10-28 01:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-10-28 01:52 . 2011-10-28 01:52 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-10-28 01:52 . 2011-10-28 01:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-10-28 01:52 . 2011-10-28 01:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-10-28 01:52 . 2011-10-28 01:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-10-18 23:53 . 2011-10-31 17:51 2957544 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2011-10-18 22:10 . 2011-10-31 17:51 99432 ----a-w- c:\windows\system32\RCoInst64.dll
    2011-10-18 17:55 . 2011-10-31 17:51 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2011-10-18 17:47 . 2011-10-31 17:51 1914472 ----a-w- c:\windows\system32\RtkApi64.dll
    2011-10-18 15:05 . 2011-10-31 17:51 2528872 ----a-w- c:\windows\system32\RtPgEx64.dll
    2011-10-17 21:30 . 2011-10-31 17:51 3213928 ----a-w- c:\windows\system32\RtkAPO64.dll
    2011-10-15 08:53 . 2011-10-27 01:43 7581504 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-15 08:53 . 2011-10-27 01:43 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-10-15 08:53 . 2011-10-27 01:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-15 08:53 . 2011-10-27 01:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-10-15 08:53 . 2011-10-27 01:43 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-15 08:53 . 2011-10-27 01:43 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-15 08:53 . 2011-10-27 01:43 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-10-15 08:53 . 2011-10-27 01:43 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-10-15 08:53 . 2011-10-27 01:43 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-10-15 08:53 . 2011-10-27 01:43 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-10-15 08:53 . 2011-10-27 01:43 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-10-15 08:53 . 2011-10-27 01:14 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-10-15 08:53 . 2011-10-27 01:14 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-10-15 08:53 . 2011-10-27 01:14 222528 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2011-10-27 01:14 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2011-10-27 01:14 137536 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2011-10-27 01:14 10406208 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2011-10-27 00:58 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-10-15 08:53 . 2011-10-27 00:58 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-10-15 08:53 . 2011-10-26 02:29 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-10-15 08:53 . 2011-10-26 02:29 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-10-15 08:53 . 2010-04-04 02:55 2808128 ----a-w- c:\windows\system32\nvapi64.dll
    2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2011-10-14 17:43 . 2011-10-31 17:51 1873920 ----a-w- c:\windows\system32\RCoRes64.dat
    2011-10-12 14:22 . 2011-10-12 14:22 72080 ----a-w- c:\users\UserName\g2mdlhlpx.exe
    2011-10-06 14:55 . 2009-12-07 03:49 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 136176]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SWGVCSvc;SonicWALL Global VPN Client Service;c:\windows\system32\SWGvcSvc.exe [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [x]
    R4 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-12-15 616400]
    R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-15 342480]
    R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
    R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-18 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 2060192]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
    S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{171adfc7-e4ee-11de-9fe3-001fe201ee1e}]
    \shell\AutoRun\command - J:\AUTORUN.EXE
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215c95eb-e702-11de-b91e-001fe201ee1e}]
    \shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f25dea9-9b98-11e0-8889-001fe201ee1e}]
    \shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{973d0cee-537e-11e0-9e01-001fe201ee1e}]
    \shell\AutoRun\command - J:\/files/openindex.exe index.hta
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5788e51-59c4-11e0-8638-001fe201ee1e}]
    \shell\AutoRun\command - K:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 04:55]
    .
    2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 04:55]
    .
    .
    --------- x86-64 -----------
    .
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: ********** [work Intranet address]*********
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    AddRemove-avi.NET 2.7.0.0 - i:\movies\Magpul Dynamics - The Art of the Tactical Carbine DVDRip\AOTC II DVD\Disk 1\MP4\avi.NET\Uninstall.exe
    AddRemove-VirtualLab 7 Client_is1 - c:\program files (x86)\BinaryBiz\VirtualLab6\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$SQLEXPRESS]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:17,92,8a,e2,fb,a1,e2,7e,f9,10,25,77,29,a3,4f,45,d4,3a,7b,f6,ab,
    be,1d,73,02,58,72,4d,56,28,bb,f6,57,85,f5,9b,d8,bb,2d,1e,58,6b,9b,6d,64,e7,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:5f,77,b1,e4,1c,17,c5,86,d7,2e,d8,7a,98,ae,cb,50,d9,4f,00,9c,a7,
    49,fd,11,64,65,5b,07,71,e8,a3,66,bd,5a,6c,9b,c2,55,4b,a6,be,ca,88,50,c6,ed,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:17,92,8a,e2,fb,a1,e2,7e,f9,10,25,77,29,a3,4f,45,d4,3a,7b,f6,ab,
    be,1d,73,02,58,72,4d,56,28,bb,f6,57,85,f5,9b,d8,bb,2d,1e,58,6b,9b,6d,64,e7,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:5f,77,b1,e4,1c,17,c5,86,d7,2e,d8,7a,98,ae,cb,50,d9,4f,00,9c,a7,
    49,fd,11,64,65,5b,07,71,e8,a3,66,bd,5a,6c,9b,c2,55,4b,a6,be,ca,88,50,c6,ed,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-03 13:02:43
    ComboFix-quarantined-files.txt 2012-01-03 18:02
    .
    Pre-Run: 198,483,521,536 bytes free
    Post-Run: 198,827,917,312 bytes free
    .
    - - End Of File - - 5B4951C3C67CCF9313E7C208EF9EB65A
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You didn't get fresh copy of Combofix.
    Please redo.

    Also...

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  17. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Bookkit Report

    Broni,

    I did delete and reinstall ComboFix last report, not sure what happened there....
    I deleted and downloaded it again, ran it, and it hung up. Three times.
    I'm running it as admin and have disabled net adapters.

    Be Advised: I am getting the following Warning!! when I initialize ComboFix:

    ComboFiz has detected the following real time scanner(s) to be active:
    antivirus: Kaspersky Internet Security
    antispyware: Kaspersky Internet Security

    Antivirus and intrusion prevention programs are known to interfere with ComboFiz's running. This may lead to unpredictable results or possible machine damage.

    Please disable these scanners before clocking 'OK'.


    I re-ran the Kaspersky TDSS Killer and it detected a Locked File; Service : sptd "suspicious object, medium risk. I left the drop down on Skip and continued, then exited. I took no action.


    I'll attempt again and post report. The BK report is attached, didn't want to leave you waiting for info.

    -Buzz


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Enterprise Edition Service Pack 1 (build 7601),
    64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  18. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    ComboFix Log

    Broni,

    Was finally able to get CF to run, report below:

    ComboFix 12-01-05.01 - UserName 01/05/2012 10:41:50.4.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.6142.4291 [GMT -5:00]
    Running from: c:\users\UserName\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~Z4ok6TwKlW3VO5
    c:\programdata\~Z4ok6TwKlW3VO5r
    c:\programdata\l443c523yh7jf53j1j6643
    c:\programdata\Z4ok6TwKlW3VO5
    c:\programdata\Z4ok6TwKlW3VO5.exe
    c:\users\UserName\AppData\Local\assembly\tmp
    c:\users\UserName\AppData\Roaming\Microsoft\Windows\Templates\l443c523yh7jf53j1j6643
    c:\users\UserName\AppData\Roaming\system32
    c:\users\UserName\Documents\~WRL3826.tmp
    c:\users\UserName\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\UpdatusUser.UserName-DT\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\Mcx2-UserName-DT\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\Mcx1-UserName-DT\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2012-01-05 16:03 . 2012-01-05 16:03 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2012-01-03 18:02 . 2012-01-03 18:02 -------- d-----w- c:\users\UserName
    2012-01-02 08:08 . 2012-01-02 08:08 1095010 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\users\UserName\AppData\Roaming\Malwarebytes
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-02 06:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-02 06:19 . 2012-01-02 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-31 18:09 . 2011-12-31 18:09 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-31 18:09 . 2011-12-31 18:09 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-28 20:49 . 2009-08-20 04:50 24416 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-12-21 14:24 . 2011-12-21 14:24 -------- d-----w- c:\users\UserName\AppData\Roaming\Avira
    2011-12-21 14:23 . 2011-12-15 19:52 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-21 14:23 . 2011-12-15 19:52 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-21 14:23 . 2011-12-15 19:52 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
    2011-12-21 14:23 . 2011-12-15 19:52 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-12-21 14:23 . 2011-12-21 14:24 -------- d-----w- c:\programdata\Avira
    2011-12-21 14:23 . 2011-12-21 14:23 -------- d-----w- c:\program files (x86)\Avira
    2011-12-21 14:23 . 2011-12-15 19:52 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
    2011-12-20 10:59 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E55EB8CB-281E-42D8-8496-6948528C11F6}\mpengine.dll
    2011-12-19 03:56 . 2011-12-19 19:03 -------- d-----w- c:\users\UserName\AppData\Local\ESN Sonar
    2011-12-15 03:14 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 03:14 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 03:14 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 03:14 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 03:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 03:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-01 20:08 . 2011-10-26 01:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-01-01 20:08 . 2010-10-06 05:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-01-01 19:45 . 2010-10-06 05:07 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-18 08:24 . 2009-12-07 03:49 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-12-18 08:24 . 2009-12-07 03:49 34688 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-18 08:24 . 2009-12-07 03:49 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2011-12-14 16:11 . 2009-12-18 14:43 165232 ----a-w- c:\users\UserName\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-12-07 20:50 . 2011-10-26 01:26 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-12-04 15:36 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2011-10-28 02:02 . 2011-06-18 20:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-28 01:52 . 2011-10-28 01:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-10-28 01:52 . 2011-10-28 01:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-10-28 01:52 . 2011-10-28 01:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-10-28 01:52 . 2011-10-28 01:52 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-10-28 01:52 . 2011-10-28 01:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-10-28 01:52 . 2011-10-28 01:52 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-10-28 01:52 . 2011-10-28 01:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-10-28 01:52 . 2011-10-28 01:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-10-28 01:52 . 2011-10-28 01:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-10-28 01:52 . 2011-10-28 01:52 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-10-28 01:52 . 2011-10-28 01:52 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-10-28 01:52 . 2011-10-28 01:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-10-28 01:52 . 2011-10-28 01:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-10-28 01:52 . 2011-10-28 01:52 448512 ----a-w- c:\windows\system32\html.iec
    2011-10-28 01:52 . 2011-10-28 01:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-10-28 01:52 . 2011-10-28 01:52 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-10-28 01:52 . 2011-10-28 01:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-10-28 01:52 . 2011-10-28 01:52 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-10-28 01:52 . 2011-10-28 01:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-10-28 01:52 . 2011-10-28 01:52 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-10-28 01:52 . 2011-10-28 01:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-10-28 01:52 . 2011-10-28 01:52 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-10-28 01:52 . 2011-10-28 01:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-10-28 01:52 . 2011-10-28 01:52 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-10-28 01:52 . 2011-10-28 01:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-10-28 01:52 . 2011-10-28 01:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-10-28 01:52 . 2011-10-28 01:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-10-28 01:52 . 2011-10-28 01:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-10-28 01:52 . 2011-10-28 01:52 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-10-28 01:52 . 2011-10-28 01:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-10-28 01:52 . 2011-10-28 01:52 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-10-28 01:52 . 2011-10-28 01:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-10-28 01:52 . 2011-10-28 01:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-10-28 01:52 . 2011-10-28 01:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-10-18 23:53 . 2011-10-31 17:51 2957544 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2011-10-18 22:10 . 2011-10-31 17:51 99432 ----a-w- c:\windows\system32\RCoInst64.dll
    2011-10-18 17:55 . 2011-10-31 17:51 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2011-10-18 17:47 . 2011-10-31 17:51 1914472 ----a-w- c:\windows\system32\RtkApi64.dll
    2011-10-18 15:05 . 2011-10-31 17:51 2528872 ----a-w- c:\windows\system32\RtPgEx64.dll
    2011-10-17 21:30 . 2011-10-31 17:51 3213928 ----a-w- c:\windows\system32\RtkAPO64.dll
    2011-10-15 08:53 . 2011-10-27 01:43 7581504 ----a-w- c:\windows\system32\nvcuda.dll
    2011-10-15 08:53 . 2011-10-27 01:43 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-10-15 08:53 . 2011-10-27 01:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-15 08:53 . 2011-10-27 01:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-10-15 08:53 . 2011-10-27 01:43 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-10-15 08:53 . 2011-10-27 01:43 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-10-15 08:53 . 2011-10-27 01:43 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-10-15 08:53 . 2011-10-27 01:43 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-10-15 08:53 . 2011-10-27 01:43 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-10-15 08:53 . 2011-10-27 01:43 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-10-15 08:53 . 2011-10-27 01:43 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-10-15 08:53 . 2011-10-27 01:43 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-10-15 08:53 . 2011-10-27 01:14 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-10-15 08:53 . 2011-10-27 01:14 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-10-15 08:53 . 2011-10-27 01:14 222528 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2011-10-27 01:14 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2011-10-27 01:14 137536 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2011-10-27 01:14 10406208 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2011-10-27 00:58 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-10-15 08:53 . 2011-10-27 00:58 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-10-15 08:53 . 2011-10-26 02:29 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-10-15 08:53 . 2011-10-26 02:29 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-10-15 08:53 . 2010-04-04 02:55 2808128 ----a-w- c:\windows\system32\nvapi64.dll
    2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2011-10-14 17:43 . 2011-10-31 17:51 1873920 ----a-w- c:\windows\system32\RCoRes64.dat
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-03_18.00.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-12-07 03:46 . 2012-01-05 15:39 51830 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-01-05 15:39 31218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-01-03 15:27 31218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-07 03:46 . 2012-01-05 15:39 20186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-865321313-1588324258-352885289-1001_UserData.bin
    - 2009-12-07 06:00 . 2012-01-03 15:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-07 06:00 . 2012-01-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-07 06:00 . 2012-01-03 15:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-07 06:00 . 2012-01-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-05 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-03 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-01-05 15:45 80344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-01-03 15:27 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
    + 2012-01-03 15:27 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2012-01-04 08:07 . 2012-01-04 08:07 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
    - 2012-01-03 15:25 . 2012-01-03 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-05 15:37 . 2012-01-05 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-03 15:25 . 2012-01-03 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-01-05 15:37 . 2012-01-05 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-01-05 15:11 894726 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-01-02 08:08 894726 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-01-05 15:11 200268 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-01-02 08:08 200268 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-01-05 15:36 554264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-01-03 15:24 554264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-03 15:27 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
    + 2012-01-03 15:27 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 559104 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\8db7e8f08987089d9ee764928116fd9d\Microsoft.Web.Management.Aspnet.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 354304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\3b70018db93a61d83b8f36bb8f0b5442\Microsoft.Web.Management.Ftp.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 657408 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Admin#\f7c1148305df94f8bd73c92b7b1ea3c7\Microsoft.Web.Administration.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 388096 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\8a8e4c4858475a8903a2b6565bdce60c\Microsoft.Web.Management.Aspnet.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 259072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\625c684fcb3f7cc81f6eacb3ff333e32\Microsoft.Web.Management.Ftp.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Admin#\a640a7d5cac4cd1f6ca06aba00d1a406\Microsoft.Web.Administration.ni.dll
    - 2009-07-14 04:45 . 2011-12-15 08:28 6844175 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2012-01-05 15:17 6844175 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-01-03 15:27 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
    + 2012-01-03 15:27 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
    + 2012-01-04 08:02 . 2012-01-04 08:02 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
    + 2012-01-04 08:02 . 2012-01-04 08:02 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
    + 2012-01-04 08:02 . 2012-01-04 08:02 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
    + 2012-01-04 08:02 . 2012-01-04 08:02 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
    + 2012-01-04 08:05 . 2012-01-04 08:05 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 3653120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\76364e1871f221eef9ce754eeda8ff4b\Microsoft.Web.Management.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 1620480 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\5b9400f99c8dad66891dd02a542451f6\Microsoft.Web.Management.AspnetClient.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 5541888 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\53fe25e83b868d6ad65838b133fb4402\Microsoft.Web.Management.IisClient.ni.dll
    + 2012-01-04 08:07 . 2012-01-04 08:07 1786368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Manag#\3c119671efbe57093ec7d72d1fd51561\Microsoft.Web.Management.Iis.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2012-01-04 08:05 . 2012-01-04 08:05 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
    + 2012-01-04 08:05 . 2012-01-04 08:05 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\d955463d0397605306d07d25c9c186fb\Microsoft.GroupPolicy.Reporting.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
    + 2012-01-04 08:04 . 2012-01-04 08:04 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1239040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\f9ca434196e9189cc5765dba6174e7ae\Microsoft.Web.Management.AspnetClient.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1212416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\d1f4bb7e5a0544edae9b68c5b05222d6\Microsoft.Web.Management.Iis.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 2690560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\ab164cbce340aa918cad5c7018165fff\Microsoft.Web.Management.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 4264448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Manag#\921ad8daf384ea10a80012824429253e\Microsoft.Web.Management.IisClient.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ce4585c5d5730daacd0d1e709a21efd2\Microsoft.Office.BusinessData.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\df2d7205594489b4f1a5336fcf9244e5\Microsoft.GroupPolicy.Reporting.ni.dll
    - 2011-04-13 05:25 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-03 15:27 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-03 15:27 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-01-03 15:27 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-04-28 14:34 . 2012-01-05 15:36 15163466 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-865321313-1588324258-352885289-1001-12288.dat
    + 2012-01-04 08:01 . 2012-01-04 08:01 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
    + 2012-01-04 08:05 . 2012-01-04 08:05 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
    + 2012-01-04 08:02 . 2012-01-04 08:02 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
    + 2012-01-04 08:06 . 2012-01-04 08:06 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    + 2012-01-04 08:03 . 2012-01-04 08:03 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
    + 2012-01-04 08:01 . 2012-01-04 08:01 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 136176]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SWGVCSvc;SonicWALL Global VPN Client Service;c:\windows\system32\SWGvcSvc.exe [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [x]
    R4 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-12-15 616400]
    R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-15 342480]
    R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
    R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-18 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 2060192]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
    S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 04:55]
    .
    2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-06 04:55]
    .
    .
    --------- x86-64 -----------
    .
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: ****work intranet url****
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$SQLEXPRESS]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:17,92,8a,e2,fb,a1,e2,7e,f9,10,25,77,29,a3,4f,45,d4,3a,7b,f6,ab,
    be,1d,73,02,58,72,4d,56,28,bb,f6,57,85,f5,9b,d8,bb,2d,1e,58,6b,9b,6d,64,e7,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:5f,77,b1,e4,1c,17,c5,86,d7,2e,d8,7a,98,ae,cb,50,d9,4f,00,9c,a7,
    49,fd,11,64,65,5b,07,71,e8,a3,66,bd,5a,6c,9b,c2,55,4b,a6,be,ca,88,50,c6,ed,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:17,92,8a,e2,fb,a1,e2,7e,f9,10,25,77,29,a3,4f,45,d4,3a,7b,f6,ab,
    be,1d,73,02,58,72,4d,56,28,bb,f6,57,85,f5,9b,d8,bb,2d,1e,58,6b,9b,6d,64,e7,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:5f,77,b1,e4,1c,17,c5,86,d7,2e,d8,7a,98,ae,cb,50,d9,4f,00,9c,a7,
    49,fd,11,64,65,5b,07,71,e8,a3,66,bd,5a,6c,9b,c2,55,4b,a6,be,ca,88,50,c6,ed,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-05 11:07:38
    ComboFix-quarantined-files.txt 2012-01-05 16:07
    ComboFix2.txt 2012-01-03 18:02
    .
    Pre-Run: 197,935,861,760 bytes free
    Post-Run: 197,845,508,096 bytes free
    .
    - - End Of File - - 3533249F09D303BCBD70D339F0083D78
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    OTL Log 1

    OTL logfile created on: 1/5/2012 8:42:14 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\UserName\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.08% Memory free
    11.99 Gb Paging File | 9.92 Gb Available in Paging File | 82.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.17 Gb Total Space | 197.30 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 258.73 Gb Free Space | 55.55% Space Free | Partition Type: NTFS

    Computer Name: UserName-DT | User Name: UserName | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/05 20:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
    PRC - [2011/12/31 13:09:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/07 15:50:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    PRC - [2006/04/18 01:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/31 13:09:09 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/10/21 11:06:48 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/10/14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/11/20 08:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/06/05 19:00:16 | 000,374,272 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\SWGvcSvc.exe -- (SWGVCSvc)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/18 03:24:54 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
    SRV - [2011/12/18 03:24:31 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/12/15 14:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/12/15 14:52:15 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
    SRV - [2011/12/15 14:52:13 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
    SRV - [2011/12/15 14:52:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/12/15 14:52:12 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
    SRV - [2011/12/07 15:50:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/12/21 11:44:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/01 19:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/04/18 01:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/18 03:24:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2011/12/15 14:52:40 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2011/12/15 14:52:39 | 000,139,512 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
    DRV:64bit: - [2011/12/15 14:52:39 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/12/15 14:52:39 | 000,113,768 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
    DRV:64bit: - [2011/12/15 14:52:39 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/04/01 00:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
    DRV:64bit: - [2011/04/01 00:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/03/21 07:38:39 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/06/09 18:09:08 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2009/12/19 03:00:27 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
    DRV:64bit: - [2009/12/09 13:08:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
    DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2008/06/05 19:03:04 | 000,027,672 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
    DRV:64bit: - [2008/06/05 19:02:58 | 000,099,864 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
    DRV:64bit: - [2008/05/25 10:51:18 | 000,151,824 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/04/30 22:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
    DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2006/12/13 17:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2006/12/04 09:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
    DRV - [2011/04/05 09:10:04 | 000,259,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\XHASP.sys -- (XHASP)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 0C A0 9E EB 76 CA 01 [binary data]
    IE - HKU\S-1-5-21-865321313-1588324258-352885289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-865321313-1588324258-352885289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?rls=ig"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.53
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
    FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.2.1
    FF - prefs.js..extensions.enabledItems: firefox@meebo.com:1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/03/30 20:34:20 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/03/30 20:34:20 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/12/21 10:52:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 13:09:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/21 19:10:44 | 000,000,000 | ---D | M]

    [2009/12/08 13:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\Mozilla\Extensions
    [2011/12/04 11:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\Mozilla\Firefox\Profiles\xtpz4cfm.default\extensions
    [2011/12/21 08:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\UserName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XTPZ4CFM.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    () (No name found) -- C:\USERS\UserName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XTPZ4CFM.DEFAULT\EXTENSIONS\FIRECOOKIE@JANODVARKO.CZ.XPI
    [2011/12/31 13:09:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2009/07/17 03:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
    [2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/31 13:09:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/12/31 13:09:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/01/05 11:03:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-865321313-1588324258-352885289-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-865321313-1588324258-352885289-1015..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-865321313-1588324258-352885289-1015..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-865321313-1588324258-352885289-1015\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
    O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
    O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
    O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: xpect-software.com ([xpectsoftwarellc] http in Trusted sites)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87D79DB6-D195-4F59-B967-B94E954FB93A}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  21. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    OTL Log 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/05 20:40:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
    [2012/01/05 14:10:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/01/05 11:27:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/05 10:34:31 | 004,370,492 | R--- | C] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
    [2012/01/05 10:18:25 | 000,000,000 | ---D | C] -- C:\Users\UserName\Desktop\bootkit_remover
    [2012/01/02 14:54:26 | 000,000,000 | ---D | C] -- C:\Users\UserName\Desktop\QT XFER
    [2012/01/02 14:00:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/02 14:00:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/02 14:00:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/02 14:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/02 13:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/02 01:19:31 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Malwarebytes
    [2012/01/02 01:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/02 01:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/02 01:19:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/02 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/02 00:17:23 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2011/12/28 15:49:34 | 000,024,416 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
    [2011/12/21 09:24:26 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Avira
    [2011/12/21 09:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/12/21 09:23:56 | 000,139,512 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
    [2011/12/21 09:23:56 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/12/21 09:23:56 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/12/21 09:23:56 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2011/12/21 09:23:55 | 000,113,768 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
    [2011/12/21 09:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/12/21 09:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/12/18 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\ESN Sonar
    [2011/12/15 03:02:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2011/12/15 03:02:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2011/12/15 03:02:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2011/12/15 03:02:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2011/12/15 03:02:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2011/12/15 03:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2011/12/15 03:02:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2011/12/15 03:02:22 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2011/12/15 03:02:22 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2011/12/15 03:02:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2011/12/15 03:02:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2011/12/14 22:14:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2011/12/14 22:14:34 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
    [2011/12/14 22:14:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
    [2011/12/07 15:50:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
    [2011/12/07 15:50:40 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
    [2011/12/07 15:50:40 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
    [2011/12/07 15:50:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
    [2011/12/07 15:50:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
    [2011/12/07 15:50:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
    [2011/12/07 15:50:37 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
    [2011/12/07 15:50:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
    [2011/12/07 15:50:37 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
    [2011/12/07 15:50:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
    [2011/12/07 15:50:36 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
    [2011/12/07 15:50:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
    [2011/12/07 15:50:35 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
    [2011/12/07 15:50:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
    [2011/12/07 15:50:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
    [2011/12/07 15:50:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
    [2011/12/07 15:50:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
    [2011/12/07 15:50:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
    [2011/12/07 15:50:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
    [2011/12/07 15:50:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
    [2011/12/07 15:50:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
    [2011/12/07 15:50:32 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
    [2011/12/07 15:50:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
    [2011/12/07 15:50:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/05 20:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
    [2012/01/05 20:30:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/05 16:25:49 | 001,098,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/05 16:25:49 | 000,894,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/05 16:25:49 | 000,200,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/05 16:19:42 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 16:19:42 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 16:12:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/05 16:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/05 16:12:09 | 535,437,311 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/05 14:20:35 | 000,001,500 | ---- | M] () -- C:\Users\UserName\Desktop\firefox.exe - Shortcut.lnk
    [2012/01/05 11:03:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/05 10:39:47 | 004,370,492 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
    [2012/01/02 14:06:17 | 944,470,189 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/02 00:17:37 | 000,000,677 | ---- | M] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/01 15:08:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/01/01 15:08:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/01/01 14:45:22 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011/12/31 13:09:20 | 000,002,052 | ---- | M] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/12/24 12:26:50 | 000,000,850 | -HS- | M] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
    [2011/12/18 03:24:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2011/12/18 03:24:31 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2011/12/18 03:24:31 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2011/12/15 14:52:40 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2011/12/15 14:52:39 | 000,139,512 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
    [2011/12/15 14:52:39 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/12/15 14:52:39 | 000,113,768 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
    [2011/12/15 14:52:39 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/12/15 03:25:36 | 005,292,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/12/07 15:50:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/05 14:20:35 | 000,001,500 | ---- | C] () -- C:\Users\UserName\Desktop\firefox.exe - Shortcut.lnk
    [2012/01/02 14:00:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/02 14:00:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/02 14:00:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/02 14:00:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/02 14:00:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/02 13:23:43 | 944,470,189 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/01/02 00:17:37 | 000,000,677 | ---- | C] () -- C:\Users\UserName\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/24 12:26:50 | 000,000,850 | -HS- | C] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
    [2011/10/25 20:26:35 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/10/25 20:26:32 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/10/24 08:23:23 | 000,214,336 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/05/26 23:54:37 | 000,000,132 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
    [2011/04/06 23:56:26 | 000,004,096 | ---- | C] () -- C:\Users\UserName\AppData\Local\keyfile3.drm
    [2011/04/05 09:10:04 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\drivers\XHASP.sys
    [2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/02/19 12:43:40 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/02/14 09:51:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/01/05 06:16:08 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/09 11:10:09 | 000,018,432 | ---- | C] () -- C:\Users\UserName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/23 04:39:21 | 000,000,132 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2010/08/26 04:11:59 | 000,007,605 | ---- | C] () -- C:\Users\UserName\AppData\Local\Resmon.ResmonCfg
    [2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
    [2010/03/11 00:16:43 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
    [2010/03/11 00:16:43 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2010/03/11 00:16:43 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
    [2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2009/12/11 13:07:39 | 000,000,636 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\AutoGK.ini
    [2009/12/09 23:50:17 | 001,116,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/12/09 13:24:18 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
    [2009/12/08 14:19:10 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2009/12/08 13:26:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/01/25 16:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/01/08 18:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2005/04/04 11:52:32 | 000,003,466 | ---- | C] () -- C:\Windows\SysWow64\Nethasp.ini
    [2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/12/06 22:49:41 | 000,001,024 | -H-- | M] () -- C:\.rnd
    [2011/02/14 12:23:59 | 000,000,632 | -H-- | M] () -- C:\bar.emf
    [2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/12/07 00:54:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/01/05 11:07:39 | 000,045,189 | ---- | M] () -- C:\ComboFix.txt
    [2012/01/05 16:12:09 | 535,437,311 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/05 16:12:13 | 2145,574,911 | -HS- | M] () -- C:\pagefile.sys
    [2012/01/05 10:32:37 | 000,083,658 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_10.29.33_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/10/27 21:01:44 | 000,000,221 | -HS- | M] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/05 10:39:47 | 004,370,492 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
    [2012/01/05 20:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
    [1 C:\Users\UserName\Desktop\*.tmp files -> C:\Users\UserName\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/10/31 12:52:40 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/10/31 12:52:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2010/07/02 09:51:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/07/02 09:51:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/10/31 12:52:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/13 06:20:40 | 000,000,402 | -HS- | M] () -- C:\Users\UserName\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/19 22:09:18 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1108 bytes -> C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1
    @Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu
    @Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa

    < End of report >
     
  22. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Extras Log 1

    OTL Extras logfile created on: 1/5/2012 8:42:14 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\UserName\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.08% Memory free
    11.99 Gb Paging File | 9.92 Gb Available in Paging File | 82.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.17 Gb Total Space | 197.30 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 258.73 Gb Free Space | 55.55% Space Free | Partition Type: NTFS

    Computer Name: UserName-DT | User Name: UserName | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{9DE00BF7-71F9-461B-9CEA-55CC6AE3F94C}" = SonicWALL Global VPN Client
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15C6A704-5583-4D59-B614-A8A722509391}" = BlackBerry Smartphone Simulators 4.6.0.150 (9000)
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
    "{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54F5F572-BEEF-4FDA-9957-2E86C77C9B3D}" = NGRAIN Viewer 4.0
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
    "{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
    "{60650813-6416-4322-B6A5-F834C2693258}" = NGRAIN Viewer 4.0
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6908A0A2-2B7C-403E-AC8C-79C3D6BA2E3D}" = Microsoft SQL Server 2008 R2 Report Builder 3.0
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{880A78D0-2714-456E-96B9-990190A85AD3}_is1" = Macrobject Word-2-CHM 2009.3.114.2408
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FDCD97E-9289-4ACC-B2D6-8BF3843865A3}" = iCamSource
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
    "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Audacity_is1" = Audacity 1.2.6
    "AutoGK" = Auto Gordian Knot 2.55
    "avi.NET 2.7.0.0" = avi.NET 2.7.0.0
    "Avira AntiVir Desktop" = Avira Internet Security 2012
    "AviSynth" = AviSynth 2.5
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "ESN Sonar-0.70.4" = ESN Sonar
    "Fences" = Fences
    "FVSDK_8_2_1" = FaceVACS-SDK 8.2.1
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "RocketDock_is1" = RocketDock 1.3.5
    "SystemRequirementsLab" = System Requirements Lab
    "VirtualLab 7 Client_is1" = VirtualLab Client 6.0.4
    "VISPROR" = Microsoft Office Visio Professional 2007
    "VLC media player" = VLC media player 1.1.8
    "VLMC" = VideoLAN Movie Creator
    "VobSub" = VobSub v2.23 (Remove Only)
    "WinLiveSuite" = Windows Live Essentials
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
     
  23. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    Extras Log 2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.8.0.723

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/4/2012 1:31:41 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_8.0-ipp_crtdll_g\libueye-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:42 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\liboutput-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:43 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_32\msc_9.0-ipp_crtdll_g\libueye-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_8.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_8.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:44 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\libbiospi-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:45 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\libfrsdk-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/4/2012 1:31:45 AM | Computer Name = UserName-DT | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\fvsdk_8_2_1\lib\x86_64\msc_9.0-ipp_crtdll_g\liboutput-8.2.1d.dll.Manifest".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApi.Set failed (LogId=273); Win32 GetLastError
    returned 0E
    Process: DefaultDomain
    Object Name: Media Center Guide


    Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApi.Set failed (LogId=230); Win32 GetLastError
    returned 0E
    Process: DefaultDomain
    Object Name: Media Center Guide


    Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApi.TimerRecord failed (LogId=28); Win32 GetLastError
    returned 0E
    Process: DefaultDomain
    Object Name: Media Center Guide


    Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApi.Set failed (LogId=58); Win32 GetLastError
    returned 0E
    Process: DefaultDomain
    Object Name: Media Center Guide


    Error - 1/5/2011 7:39:00 AM | Computer Name = UserName-DT | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApi.Set failed (LogId=30); Win32 GetLastError
    returned 0E
    Process: DefaultDomain
    Object Name: Media Center Guide


    Error - 2/21/2011 4:05:27 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
    Description = 3:05:26 AM - Error connecting to the internet. 3:05:26 AM - Unable
    to contact server..

    Error - 2/21/2011 5:06:08 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
    Description = 4:06:07 AM - Error connecting to the internet. 4:06:07 AM - Unable
    to contact server..

    Error - 2/21/2011 6:06:50 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
    Description = 5:06:50 AM - Error connecting to the internet. 5:06:50 AM - Unable
    to contact server..

    Error - 2/21/2011 7:07:32 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
    Description = 6:07:32 AM - Error connecting to the internet. 6:07:32 AM - Unable
    to contact server..

    Error - 2/26/2011 4:41:55 AM | Computer Name = UserName-DT | Source = MCUpdate | ID = 0
    Description = 3:41:54 AM - Error connecting to the internet. 3:41:54 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 4/14/2010 10:55:57 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/14/2010 10:59:13 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/14/2010 10:59:56 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/14/2010 11:00:03 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/14/2010 3:11:44 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/15/2010 11:35:41 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5103
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 4/20/2010 11:20:26 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5323
    seconds with 2700 seconds of active time. This session ended with a crash.

    Error - 4/27/2010 10:16:32 AM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5460
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 7/29/2010 5:35:03 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 243874
    seconds with 4380 seconds of active time. This session ended with a crash.

    Error - 6/9/2011 1:25:33 PM | Computer Name = UserName-DT | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 102771
    seconds with 1620 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/5/2012 2:15:11 PM | Computer Name = UserName-DT | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR7.

    Error - 1/5/2012 2:15:12 PM | Computer Name = UserName-DT | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR7.

    Error - 1/5/2012 2:15:48 PM | Computer Name = UserName-DT | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume Maxtor [1TB].

    Error - 1/5/2012 2:21:03 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
    Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
    due to the following error: %%2

    Error - 1/5/2012 2:21:04 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 1/5/2012 3:50:58 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
    Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
    due to the following error: %%2

    Error - 1/5/2012 3:50:58 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 1/5/2012 5:12:26 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7000
    Description = The SQL Server FullText Search (MSSQLSERVER) service failed to start
    due to the following error: %%2

    Error - 1/5/2012 5:12:27 PM | Computer Name = UserName-DT | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 1/5/2012 9:40:08 PM | Computer Name = UserName-DT | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I can't proceed.
    You didn't say:
     
  25. BuzzLightYear

    BuzzLightYear TS Rookie Topic Starter Posts: 23

    My apologies, got caught up in chopping logs!

    Seems better. MUCH better. MalWareBytes is no longer blocking outgoing (unknown) traffic and I've run a few stability checks and all seems to be well. I've noticed that a good amount of my files (including system) have been R/O or hidden. I manually restored most of them however I still seem to have missed something as all of my program folders are empty, though the exe's are able to be launched via CMD prompt and/or through the Program Files menus.

    All in all, system stability is MUCH improved. I will most assuredly be making a donation via your PP link and sending TechSpot a "much appreciated" letter on your behalf, as I'd have been lost in the sauce without your help, I can't say thank-you enough Broni!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...