TechSpot

[A] Tdx.sys got virus and put into chest. No internet

By BeezNeezy
Jan 10, 2012
  1. The title pretty much says it all. I have no idea what to do and could use some help.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  3. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Farbar Service Scanner
    Ran by Matt (administrator) on 11-01-2012 at 06:53:03
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    tdx Service is not running. Checking service configuration:
    The start type of tdx service is OK.
    The ImagePath of tdx service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll
    [2010-04-02 18:29] - [2009-04-11 01:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

    C:\Windows\system32\cryptsvc.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please run Farbar Service Scanner.
    Type the following in the edit box after "Search:".

    tdx.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.
     
  5. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Farbar Service Scanner
    Ran by Matt (administrator) on 11-01-2012 at 13:45:50
    Windows Vista (TM) Home Premium Service Pack 2 (X86)

    ************************************************
    ================== Search: "tdx.sys" ===================

    C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
    [2008-01-20 21:24] - [2008-01-20 21:24] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download following batch file: http://www.filedropper.com/fix_7
    Double click on it to run the fix.
    Command prompt window will open briefly.

    Restart computer, check on internet connection, post new FSS log.
     
  7. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Still no internet. It just says identifying local access only.

    Farbar Service Scanner
    Ran by Matt (administrator) on 11-01-2012 at 14:35:01
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    tdx Service is not running. Checking service configuration:
    The start type of tdx service is OK.
    The ImagePath of tdx service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    Windows Update:
    ===========
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll
    [2010-04-02 18:29] - [2009-04-11 01:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

    C:\Windows\system32\cryptsvc.dll
    [2010-04-02 18:30] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Something keep removing that file.

    Your computer must be still infected.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  9. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Here are the logs.

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.24.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Matt :: MATT-PC [administrator]

    Protection: Enabled

    1/11/2012 3:21:22 PM
    mbam-log-2012-01-11 (15-30-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 183027
    Time elapsed: 7 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 21
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> No action taken.
    HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBAF53D4-11FE-482D-B516-B3103BC71F87} (Trojan.BHO) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

    Registry Values Detected: 3
    HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Matt\AppData\Local\qrb.exe" -a "%1" %* -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\Matt\AppData\Local\Temp\csrss.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Matt\AppData\Roaming\dwm.exe -> No action taken.

    Registry Data Items Detected: 4
    HKCR\.exe| (PUM.HijackExefiles) -> Bad: (t1) Good: (exefile) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Matt\AppData\Local\qrb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Matt\AppData\Local\qrb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Matt\AppData\Local\qrb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Detected: 10
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

    Files Detected: 1
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

    (end)
     
  10. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-11 16:24:19
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: pwicbcgb.exe; Driver: C:\Users\Matt\AppData\Local\Temp\kxldypow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91EDF7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91EDF5CC]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_22
    Run by Matt at 16:26:16 on 2012-01-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1943 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:55293
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [conhost] c:\users\matt\appdata\roaming\microsoft\conhost.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{3040888C-3CDA-4C02-8E8F-B0886B591632} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\1ntqig7q.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 55293
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\matt\appdata\roaming\mozilla\firefox\profiles\1ntqig7q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\matt\appdata\roaming\mozilla\firefox\profiles\1ntqig7q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\matt\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\matt\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\matt\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-10 310320]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-12 314456]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-10 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-10 467592]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100520.001\IDSvix86.sys [2009-10-28 343088]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-12 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-12 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-12 44768]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-11 652872]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-11 20464]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-12 435032]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-11 20:20:08 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
    2012-01-11 20:19:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-11 20:19:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-11 20:19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-10 20:18:08 -------- d-----w- c:\program files\DLLSuite
    2012-01-05 18:04:33 -------- d-----w- c:\programdata\AVAST Software
    2012-01-05 15:17:39 -------- d-----w- c:\users\matt\appdata\roaming\Internet Chess Club
    2012-01-05 15:17:35 -------- d-----w- c:\program files\Internet Chess Club
    2012-01-03 06:36:44 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7e7e09b2-5d54-49a5-b8d8-36346553799c}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
    .
    ============= FINISH: 16:27:02.26 ===============
     
  11. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/28/2010 9:45:09 PM
    System Uptime: 1/11/2012 3:32:09 PM (1 hours ago)
    .
    Motherboard: Wistron | | 3612
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 5.508 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.76 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is FIXED (FAT32) - 466 GiB total, 38.847 GiB free.
    H: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AC3Filter (remove only)
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.12
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia Backup
    Atheros Driver Installation Program
    avast! Free Antivirus
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneDVD2
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink DVD Suite
    CyberLink YouCam
    DivX Setup
    DLL Suite 1.0
    ESU for Microsoft Vista
    Free Audio Convert Wizard 3.7.2.1
    Google Chrome
    Google Talk Plugin
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Quick Launch Buttons 6.40 H2
    HP Support Assistant
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPTCSSetup
    Intel(R) Graphics Media Accelerator Driver
    Intertops Poker
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    JEOPARDY! (remove only)
    Juno Preloader
    K-Lite Codec Pack 6.5.0 (Basic)
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes Anti-Malware version 1.60.0.1800
    Media Player Codec Pack 3.9.6
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Live Search Toolbar
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetWaiting
    NetZero Preloader
    Norton Internet Security
    Out of the Park 8
    PokerStars
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Rhapsody
    Roxio Media Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Skype Toolbars
    Spelling Dictionaries Support For Adobe Reader 9
    SPORE Creature Creator Trial Edition
    Sportsbook.com
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    Trader's Little Helper 2.6.0
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Office 2007 (KB934528)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.7
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    .
    ==== End Of File ===========================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  13. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    I must have saved the log before taking action on the problems. Hereis the new scan. I will be removing Norton while i wait for the next instruction.

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.24.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Matt :: MATT-PC [administrator]

    Protection: Enabled

    1/11/2012 6:32:28 PM
    mbam-log-2012-01-11 (18-32-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 183153
    Time elapsed: 9 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Tried to run 2 times. I get messages about rootkit.allaccess or something and the combofix needs to reboot machine.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Did you let it?
     
  17. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Yeah. 2 times now. It is asking me to verify date and is telling me combofix has expired. PED is not recognized as a internal or external command,operable program or batch file
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You need to delete your Combofix file and download fresh one.
     
  19. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    It is repeatedly happening. I get new Combofix file. It detects rootkit and reboots
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.


    ===========================================================

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  21. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    Here we go.

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-12 15:28:22
    -----------------------------
    15:28:22.658 OS Version: Windows 6.0.6002 Service Pack 2
    15:28:22.658 Number of processors: 2 586 0x170A
    15:28:22.658 ComputerName: MATT-PC UserName: Matt
    15:28:25.435 Initialize success
    15:28:25.840 AVAST engine defs: 12010800
    15:28:44.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:28:44.264 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
    15:28:44.264 Disk 0 MBR read successfully
    15:28:44.279 Disk 0 MBR scan
    15:28:44.279 Disk 0 unknown MBR code
    15:28:44.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
    15:28:44.326 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
    15:28:44.326 Disk 0 scanning sectors +625135616
    15:28:44.389 Disk 0 scanning C:\Windows\system32\drivers
    15:28:51.861 Service scanning
    15:28:53.515 Modules scanning
    15:28:58.741 Disk 0 trace - called modules:
    15:28:58.756 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    15:28:59.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869d5ac8]
    15:28:59.271 3 CLASSPNP.SYS[82e128b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862bfb98]
    15:29:00.909 AVAST engine scan C:\Windows
    15:29:04.357 AVAST engine scan C:\Windows\system32
    15:30:21.779 AVAST engine scan C:\Windows\system32\drivers
    15:30:31.015 AVAST engine scan C:\Users\Matt
    15:35:27.040 File: C:\Users\Matt\AppData\Roaming\Adobe\Flash Player\NativeCache\C78F5AA78574B5A91AC9111ED93FCB8E\6169bc5e\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
    15:51:49.747 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    15:51:49.747 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-12 15:53:40
    -----------------------------
    15:53:40.834 OS Version: Windows 6.0.6002 Service Pack 2
    15:53:40.834 Number of processors: 2 586 0x170A
    15:53:40.834 ComputerName: MATT-PC UserName: Matt
    15:53:42.955 Initialize success
    15:53:43.049 AVAST engine defs: 12010800
    15:53:48.556 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:53:48.571 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
    15:53:48.681 Disk 0 MBR read successfully
    15:53:48.696 Disk 0 MBR scan
    15:53:48.696 Disk 0 unknown MBR code
    15:53:48.727 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
    15:53:48.759 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
    15:53:48.852 Disk 0 scanning sectors +625135616
    15:53:49.039 Disk 0 scanning C:\Windows\system32\drivers
    15:54:03.376 Service scanning
    15:54:05.014 Modules scanning
    15:54:31.549 Disk 0 trace - called modules:
    15:54:31.581 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    15:54:32.095 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869d5ac8]
    15:54:32.095 3 CLASSPNP.SYS[82e128b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862bfb98]
    15:54:34.139 AVAST engine scan C:\Windows
    15:54:58.631 AVAST engine scan C:\Windows\system32
    15:58:31.337 AVAST engine scan C:\Windows\system32\drivers
    15:59:15.095 AVAST engine scan C:\Users\Matt
    16:08:36.851 File: C:\Users\Matt\AppData\Roaming\Adobe\Flash Player\NativeCache\C78F5AA78574B5A91AC9111ED93FCB8E\6169bc5e\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
    16:58:57.229 AVAST engine scan C:\ProgramData
    17:07:42.575 Scan finished successfully
    17:12:34.123 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    17:12:34.155 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...


    ListParts by Farbar
    Ran by Matt on 12-01-2012 at 17:16:51
    Windows Vista (X86)
    Running From: C:\Users\Matt\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 41%
    Total physical RAM: 3002.45 MB
    Available physical RAM: 1760.57 MB
    Total Pagefile: 6237.15 MB
    Available Pagefile: 4918.18 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1960.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:287.21 GB) (Free:8.72 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.79 GB) FAT
    5 Drive g: (HITACHI) (Fixed) (Total:465.65 GB) (Free:38.85 GB) FAT32
    6 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 466 GB 0 B
    Disk 2 Online 1954 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 287 GB 32 KB
    Partition 2 Primary 11 GB 287 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 287 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D RECOVERY NTFS Partition 11 GB Healthy

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 32 KB

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G HITACHI FAT32 Partition 466 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1953 MB 123 KB

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F FAT Removable 1953 MB Healthy



    ****** End Of Log ******
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  23. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    21:44:19.0592 2516 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
    21:44:19.0670 2516 ============================================================
    21:44:19.0670 2516 Current date / time: 2012/01/12 21:44:19.0670
    21:44:19.0670 2516 SystemInfo:
    21:44:19.0670 2516
    21:44:19.0670 2516 OS Version: 6.0.6002 ServicePack: 2.0
    21:44:19.0670 2516 Product type: Workstation
    21:44:19.0670 2516 ComputerName: MATT-PC
    21:44:19.0670 2516 UserName: Matt
    21:44:19.0670 2516 Windows directory: C:\Windows
    21:44:19.0670 2516 System windows directory: C:\Windows
    21:44:19.0670 2516 Processor architecture: Intel x86
    21:44:19.0670 2516 Number of processors: 2
    21:44:19.0670 2516 Page size: 0x1000
    21:44:19.0670 2516 Boot type: Normal boot
    21:44:19.0670 2516 ============================================================
    21:44:20.0715 2516 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
    21:44:20.0793 2516 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:44:25.0208 2516 Drive \Device\Harddisk2\DR3 - Size: 0x7A1D1C00, SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:44:25.0348 2516 Initialize success
    21:44:49.0934 1148 ============================================================
    21:44:49.0934 1148 Scan started
    21:44:49.0934 1148 Mode: Manual;
    21:44:49.0934 1148 ============================================================
    21:44:50.0807 1148 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:44:50.0807 1148 ACPI - ok
    21:44:50.0885 1148 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    21:44:50.0885 1148 adp94xx - ok
    21:44:50.0901 1148 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    21:44:50.0917 1148 adpahci - ok
    21:44:50.0932 1148 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    21:44:50.0948 1148 adpu160m - ok
    21:44:50.0963 1148 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    21:44:50.0979 1148 adpu320 - ok
    21:44:51.0041 1148 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:44:51.0041 1148 AFD - ok
    21:44:51.0088 1148 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    21:44:51.0088 1148 agp440 - ok
    21:44:51.0104 1148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:44:51.0104 1148 aic78xx - ok
    21:44:51.0135 1148 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    21:44:51.0135 1148 aliide - ok
    21:44:51.0166 1148 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    21:44:51.0166 1148 amdagp - ok
    21:44:51.0197 1148 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    21:44:51.0197 1148 amdide - ok
    21:44:51.0213 1148 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    21:44:51.0213 1148 AmdK7 - ok
    21:44:51.0244 1148 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    21:44:51.0244 1148 AmdK8 - ok
    21:44:51.0275 1148 AnyDVD (7e0323162c933dce87d2bbf11a255174) C:\Windows\system32\Drivers\AnyDVD.sys
    21:44:51.0291 1148 AnyDVD - ok
    21:44:51.0369 1148 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    21:44:51.0369 1148 arc - ok
    21:44:51.0400 1148 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    21:44:51.0400 1148 arcsas - ok
    21:44:51.0431 1148 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
    21:44:51.0431 1148 aswFsBlk - ok
    21:44:51.0463 1148 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
    21:44:51.0463 1148 aswMonFlt - ok
    21:44:51.0494 1148 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
    21:44:51.0494 1148 aswRdr - ok
    21:44:51.0556 1148 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
    21:44:51.0556 1148 aswSnx - ok
    21:44:51.0603 1148 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
    21:44:51.0603 1148 aswSP - ok
    21:44:51.0634 1148 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
    21:44:51.0634 1148 aswTdi - ok
    21:44:51.0681 1148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:44:51.0681 1148 AsyncMac - ok
    21:44:51.0712 1148 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:44:51.0712 1148 atapi - ok
    21:44:51.0790 1148 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
    21:44:51.0837 1148 athr - ok
    21:44:51.0899 1148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:44:51.0899 1148 Beep - ok
    21:44:51.0931 1148 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    21:44:51.0931 1148 blbdrive - ok
    21:44:51.0993 1148 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:44:51.0993 1148 bowser - ok
    21:44:52.0024 1148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:44:52.0024 1148 BrFiltLo - ok
    21:44:52.0055 1148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:44:52.0055 1148 BrFiltUp - ok
    21:44:52.0087 1148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:44:52.0087 1148 Brserid - ok
    21:44:52.0118 1148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:44:52.0133 1148 BrSerWdm - ok
    21:44:52.0149 1148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:44:52.0165 1148 BrUsbMdm - ok
    21:44:52.0180 1148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:44:52.0180 1148 BrUsbSer - ok
    21:44:52.0196 1148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:44:52.0211 1148 BTHMODEM - ok
    21:44:52.0289 1148 catchme - ok
    21:44:52.0321 1148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:44:52.0336 1148 cdfs - ok
    21:44:52.0383 1148 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:44:52.0383 1148 cdrom - ok
    21:44:52.0414 1148 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    21:44:52.0414 1148 circlass - ok
    21:44:52.0461 1148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:44:52.0477 1148 CLFS - ok
    21:44:52.0539 1148 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:44:52.0539 1148 CmBatt - ok
    21:44:52.0555 1148 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    21:44:52.0555 1148 cmdide - ok
    21:44:52.0617 1148 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
    21:44:52.0617 1148 CnxtHdAudService - ok
    21:44:52.0648 1148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:44:52.0648 1148 Compbatt - ok
    21:44:52.0679 1148 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    21:44:52.0679 1148 crcdisk - ok
    21:44:52.0695 1148 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    21:44:52.0695 1148 Crusoe - ok
    21:44:52.0757 1148 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:44:52.0757 1148 DfsC - ok
    21:44:52.0820 1148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:44:52.0820 1148 disk - ok
    21:44:52.0851 1148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:44:52.0867 1148 drmkaud - ok
    21:44:52.0898 1148 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:44:52.0929 1148 DXGKrnl - ok
    21:44:52.0976 1148 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:44:52.0976 1148 E1G60 - ok
    21:44:53.0038 1148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:44:53.0038 1148 Ecache - ok
    21:44:53.0085 1148 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
    21:44:53.0085 1148 ElbyCDIO - ok
    21:44:53.0132 1148 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    21:44:53.0147 1148 elxstor - ok
    21:44:53.0179 1148 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    21:44:53.0179 1148 ErrDev - ok
    21:44:53.0225 1148 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:44:53.0241 1148 exfat - ok
    21:44:53.0272 1148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:44:53.0272 1148 fastfat - ok
    21:44:53.0335 1148 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    21:44:53.0335 1148 fdc - ok
    21:44:53.0381 1148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:44:53.0381 1148 FileInfo - ok
    21:44:53.0413 1148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:44:53.0413 1148 Filetrace - ok
    21:44:53.0444 1148 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:44:53.0444 1148 flpydisk - ok
    21:44:53.0491 1148 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:44:53.0491 1148 FltMgr - ok
    21:44:53.0506 1148 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    21:44:53.0506 1148 Fs_Rec - ok
    21:44:53.0537 1148 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    21:44:53.0537 1148 gagp30kx - ok
    21:44:53.0584 1148 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:44:53.0584 1148 GEARAspiWDM - ok
    21:44:53.0631 1148 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:44:53.0631 1148 HdAudAddService - ok
    21:44:53.0678 1148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:44:53.0709 1148 HDAudBus - ok
    21:44:53.0740 1148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:44:53.0740 1148 HidBth - ok
    21:44:53.0771 1148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:44:53.0771 1148 HidIr - ok
    21:44:53.0803 1148 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    21:44:53.0803 1148 HidUsb - ok
    21:44:53.0834 1148 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    21:44:53.0834 1148 HpCISSs - ok
    21:44:53.0865 1148 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    21:44:53.0865 1148 HpqKbFiltr - ok
    21:44:53.0959 1148 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    21:44:53.0990 1148 HSF_DPV - ok
    21:44:54.0021 1148 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    21:44:54.0037 1148 HSXHWAZL - ok
    21:44:54.0068 1148 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    21:44:54.0083 1148 HTTP - ok
    21:44:54.0115 1148 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    21:44:54.0115 1148 i2omp - ok
    21:44:54.0161 1148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:44:54.0161 1148 i8042prt - ok
    21:44:54.0193 1148 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    21:44:54.0208 1148 iaStorV - ok
    21:44:54.0473 1148 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:44:54.0676 1148 igfx - ok
    21:44:54.0723 1148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:44:54.0739 1148 iirsp - ok
    21:44:54.0785 1148 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
    21:44:54.0785 1148 IntcHdmiAddService - ok
    21:44:54.0817 1148 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    21:44:54.0817 1148 intelide - ok
    21:44:54.0848 1148 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:44:54.0848 1148 intelppm - ok
    21:44:54.0879 1148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:44:54.0879 1148 IpFilterDriver - ok
    21:44:54.0895 1148 IpInIp - ok
    21:44:54.0926 1148 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    21:44:54.0941 1148 IPMIDRV - ok
    21:44:54.0973 1148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:44:54.0988 1148 IPNAT - ok
    21:44:55.0019 1148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:44:55.0019 1148 IRENUM - ok
    21:44:55.0051 1148 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    21:44:55.0051 1148 isapnp - ok
    21:44:55.0097 1148 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:44:55.0097 1148 iScsiPrt - ok
    21:44:55.0113 1148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:44:55.0129 1148 iteatapi - ok
    21:44:55.0144 1148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:44:55.0144 1148 iteraid - ok
    21:44:55.0160 1148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:44:55.0175 1148 kbdclass - ok
    21:44:55.0191 1148 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    21:44:55.0191 1148 kbdhid - ok
    21:44:55.0238 1148 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    21:44:55.0253 1148 KSecDD - ok
    21:44:55.0300 1148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:44:55.0300 1148 lltdio - ok
    21:44:55.0331 1148 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    21:44:55.0347 1148 LSI_FC - ok
    21:44:55.0363 1148 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    21:44:55.0363 1148 LSI_SAS - ok
    21:44:55.0378 1148 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    21:44:55.0378 1148 LSI_SCSI - ok
    21:44:55.0409 1148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:44:55.0409 1148 luafv - ok
    21:44:55.0441 1148 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    21:44:55.0441 1148 MBAMProtector - ok
    21:44:55.0472 1148 MCSTRM - ok
    21:44:55.0534 1148 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    21:44:55.0534 1148 mdmxsdk - ok
    21:44:55.0565 1148 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    21:44:55.0565 1148 megasas - ok
    21:44:55.0612 1148 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    21:44:55.0612 1148 MegaSR - ok
    21:44:55.0643 1148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:44:55.0643 1148 Modem - ok
    21:44:55.0675 1148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:44:55.0675 1148 monitor - ok
    21:44:55.0690 1148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:44:55.0690 1148 mouclass - ok
    21:44:55.0706 1148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    21:44:55.0721 1148 mouhid - ok
    21:44:55.0737 1148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:44:55.0737 1148 MountMgr - ok
    21:44:55.0753 1148 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    21:44:55.0753 1148 mpio - ok
    21:44:55.0784 1148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:44:55.0784 1148 mpsdrv - ok
    21:44:55.0799 1148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:44:55.0799 1148 Mraid35x - ok
    21:44:55.0846 1148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:44:55.0846 1148 MRxDAV - ok
    21:44:55.0893 1148 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:44:55.0893 1148 mrxsmb - ok
    21:44:55.0940 1148 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:44:55.0940 1148 mrxsmb10 - ok
    21:44:55.0955 1148 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:44:55.0955 1148 mrxsmb20 - ok
    21:44:56.0002 1148 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    21:44:56.0002 1148 msahci - ok
    21:44:56.0049 1148 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    21:44:56.0049 1148 msdsm - ok
    21:44:56.0080 1148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:44:56.0080 1148 Msfs - ok
    21:44:56.0111 1148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:44:56.0111 1148 msisadrv - ok
    21:44:56.0158 1148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:44:56.0158 1148 MSKSSRV - ok
    21:44:56.0189 1148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:44:56.0189 1148 MSPCLOCK - ok
    21:44:56.0221 1148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:44:56.0221 1148 MSPQM - ok
    21:44:56.0267 1148 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:44:56.0267 1148 MsRPC - ok
    21:44:56.0299 1148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:44:56.0299 1148 mssmbios - ok
    21:44:56.0314 1148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:44:56.0314 1148 MSTEE - ok
    21:44:56.0345 1148 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:44:56.0361 1148 Mup - ok
    21:44:56.0408 1148 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:44:56.0408 1148 NativeWifiP - ok
    21:44:56.0455 1148 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:44:56.0486 1148 NDIS - ok
    21:44:56.0517 1148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:44:56.0533 1148 NdisTapi - ok
    21:44:56.0564 1148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:44:56.0564 1148 Ndisuio - ok
    21:44:56.0611 1148 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:44:56.0611 1148 NdisWan - ok
    21:44:56.0626 1148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:44:56.0642 1148 NDProxy - ok
    21:44:56.0657 1148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:44:56.0657 1148 NetBIOS - ok
    21:44:56.0704 1148 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:44:56.0704 1148 netbt - ok
    21:44:56.0798 1148 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    21:44:56.0860 1148 NETw3v32 - ok
    21:44:56.0860 1148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:44:56.0876 1148 nfrd960 - ok
    21:44:56.0891 1148 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:44:56.0891 1148 Npfs - ok
    21:44:56.0938 1148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:44:56.0938 1148 nsiproxy - ok
    21:44:57.0001 1148 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:44:57.0032 1148 Ntfs - ok
    21:44:57.0047 1148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:44:57.0047 1148 ntrigdigi - ok
    21:44:57.0079 1148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:44:57.0079 1148 Null - ok
    21:44:57.0110 1148 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    21:44:57.0110 1148 nvraid - ok
    21:44:57.0125 1148 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    21:44:57.0125 1148 nvstor - ok
    21:44:57.0157 1148 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    21:44:57.0157 1148 nv_agp - ok
    21:44:57.0172 1148 NwlnkFlt - ok
    21:44:57.0188 1148 NwlnkFwd - ok
    21:44:57.0219 1148 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:44:57.0219 1148 ohci1394 - ok
    21:44:57.0250 1148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:44:57.0250 1148 Parport - ok
    21:44:57.0281 1148 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    21:44:57.0281 1148 partmgr - ok
    21:44:57.0313 1148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:44:57.0313 1148 Parvdm - ok
    21:44:57.0359 1148 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:44:57.0359 1148 pci - ok
    21:44:57.0391 1148 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    21:44:57.0391 1148 pciide - ok
    21:44:57.0406 1148 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    21:44:57.0422 1148 pcmcia - ok
    21:44:57.0469 1148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:44:57.0500 1148 PEAUTH - ok
    21:44:57.0578 1148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:44:57.0578 1148 PptpMiniport - ok
    21:44:57.0609 1148 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    21:44:57.0609 1148 Processor - ok
    21:44:57.0671 1148 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:44:57.0671 1148 PSched - ok
    21:44:57.0734 1148 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    21:44:57.0734 1148 PxHelp20 - ok
    21:44:57.0812 1148 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    21:44:57.0843 1148 ql2300 - ok
    21:44:57.0859 1148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:44:57.0859 1148 ql40xx - ok
    21:44:57.0890 1148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:44:57.0890 1148 QWAVEdrv - ok
    21:44:57.0905 1148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:44:57.0905 1148 RasAcd - ok
    21:44:57.0952 1148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:44:57.0952 1148 Rasl2tp - ok
    21:44:57.0999 1148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:44:57.0999 1148 RasPppoe - ok
    21:44:58.0030 1148 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:44:58.0030 1148 RasSstp - ok
    21:44:58.0077 1148 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:44:58.0077 1148 rdbss - ok
    21:44:58.0124 1148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:44:58.0124 1148 RDPCDD - ok
    21:44:58.0155 1148 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    21:44:58.0155 1148 rdpdr - ok
    21:44:58.0171 1148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:44:58.0171 1148 RDPENCDD - ok
    21:44:58.0217 1148 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    21:44:58.0217 1148 RDPWD - ok
    21:44:58.0295 1148 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    21:44:58.0295 1148 RimUsb - ok
    21:44:58.0311 1148 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    21:44:58.0327 1148 RimVSerPort - ok
    21:44:58.0358 1148 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    21:44:58.0358 1148 ROOTMODEM - ok
    21:44:58.0420 1148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:44:58.0420 1148 rspndr - ok
    21:44:58.0467 1148 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:44:58.0467 1148 RTL8169 - ok
    21:44:58.0514 1148 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
    21:44:58.0514 1148 RTSTOR - ok
    21:44:58.0545 1148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:44:58.0545 1148 sbp2port - ok
    21:44:58.0592 1148 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    21:44:58.0592 1148 sdbus - ok
    21:44:58.0623 1148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:44:58.0623 1148 secdrv - ok
    21:44:58.0670 1148 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:44:58.0670 1148 Serenum - ok
    21:44:58.0685 1148 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:44:58.0701 1148 Serial - ok
    21:44:58.0732 1148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:44:58.0732 1148 sermouse - ok
    21:44:58.0779 1148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    21:44:58.0779 1148 sffdisk - ok
    21:44:58.0810 1148 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    21:44:58.0810 1148 sffp_mmc - ok
    21:44:58.0826 1148 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    21:44:58.0826 1148 sffp_sd - ok
    21:44:58.0857 1148 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:44:58.0857 1148 sfloppy - ok
    21:44:58.0904 1148 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    21:44:58.0904 1148 sisagp - ok
    21:44:58.0935 1148 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    21:44:58.0935 1148 SiSRaid2 - ok
    21:44:58.0951 1148 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    21:44:58.0951 1148 SiSRaid4 - ok
    21:44:59.0013 1148 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:44:59.0013 1148 Smb - ok
    21:44:59.0060 1148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:44:59.0060 1148 spldr - ok
    21:44:59.0122 1148 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:44:59.0122 1148 srv - ok
    21:44:59.0153 1148 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:44:59.0169 1148 srv2 - ok
    21:44:59.0216 1148 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:44:59.0216 1148 srvnet - ok
    21:44:59.0263 1148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:44:59.0263 1148 swenum - ok
    21:44:59.0294 1148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:44:59.0294 1148 Symc8xx - ok
    21:44:59.0309 1148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:44:59.0325 1148 Sym_hi - ok
    21:44:59.0341 1148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:44:59.0341 1148 Sym_u3 - ok
    21:44:59.0387 1148 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    21:44:59.0387 1148 SynTP - ok
    21:44:59.0465 1148 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    21:44:59.0481 1148 Tcpip - ok
    21:44:59.0512 1148 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    21:44:59.0528 1148 Tcpip6 - ok
    21:44:59.0559 1148 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:44:59.0559 1148 tcpipreg - ok
    21:44:59.0590 1148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:44:59.0590 1148 TDPIPE - ok
    21:44:59.0621 1148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:44:59.0621 1148 TDTCP - ok
    21:44:59.0637 1148 tdx - ok
    21:44:59.0668 1148 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:44:59.0668 1148 TermDD - ok
    21:44:59.0715 1148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:44:59.0715 1148 tssecsrv - ok
    21:44:59.0746 1148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:44:59.0746 1148 tunmp - ok
    21:44:59.0777 1148 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:44:59.0777 1148 tunnel - ok
    21:44:59.0793 1148 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    21:44:59.0793 1148 uagp35 - ok
    21:44:59.0855 1148 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:44:59.0855 1148 udfs - ok
    21:44:59.0887 1148 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    21:44:59.0902 1148 uliagpkx - ok
    21:44:59.0949 1148 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    21:44:59.0949 1148 uliahci - ok
    21:44:59.0965 1148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:44:59.0980 1148 UlSata - ok
    21:44:59.0996 1148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:45:00.0011 1148 ulsata2 - ok
    21:45:00.0043 1148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:45:00.0043 1148 umbus - ok
    21:45:00.0074 1148 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
    21:45:00.0074 1148 UMPass - ok
    21:45:00.0121 1148 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    21:45:00.0121 1148 USBAAPL - ok
    21:45:00.0167 1148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:45:00.0167 1148 usbccgp - ok
    21:45:00.0199 1148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:45:00.0199 1148 usbcir - ok
    21:45:00.0245 1148 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:45:00.0245 1148 usbehci - ok
    21:45:00.0277 1148 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:45:00.0292 1148 usbhub - ok
    21:45:00.0308 1148 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    21:45:00.0308 1148 usbohci - ok
    21:45:00.0339 1148 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    21:45:00.0339 1148 usbprint - ok
    21:45:00.0355 1148 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:45:00.0370 1148 USBSTOR - ok
    21:45:00.0386 1148 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:45:00.0386 1148 usbuhci - ok
    21:45:00.0433 1148 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:45:00.0433 1148 usbvideo - ok
    21:45:00.0464 1148 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:45:00.0464 1148 vga - ok
    21:45:00.0495 1148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:45:00.0495 1148 VgaSave - ok
    21:45:00.0511 1148 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    21:45:00.0511 1148 viaagp - ok
    21:45:00.0542 1148 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    21:45:00.0542 1148 ViaC7 - ok
    21:45:00.0573 1148 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    21:45:00.0573 1148 viaide - ok
    21:45:00.0589 1148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:45:00.0604 1148 volmgr - ok
    21:45:00.0651 1148 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:45:00.0667 1148 volmgrx - ok
    21:45:00.0713 1148 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:45:00.0713 1148 volsnap - ok
    21:45:00.0745 1148 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    21:45:00.0745 1148 vsmraid - ok
    21:45:00.0776 1148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:45:00.0776 1148 WacomPen - ok
    21:45:00.0807 1148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:45:00.0807 1148 Wanarp - ok
    21:45:00.0823 1148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:45:00.0823 1148 Wanarpv6 - ok
    21:45:00.0838 1148 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    21:45:00.0854 1148 Wd - ok
    21:45:00.0885 1148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:45:00.0901 1148 Wdf01000 - ok
    21:45:00.0963 1148 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    21:45:00.0994 1148 winachsf - ok
    21:45:01.0041 1148 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:45:01.0041 1148 WmiAcpi - ok
    21:45:01.0119 1148 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:45:01.0119 1148 WpdUsb - ok
    21:45:01.0150 1148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:45:01.0150 1148 ws2ifsl - ok
    21:45:01.0197 1148 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    21:45:01.0213 1148 XAudio - ok
    21:45:01.0244 1148 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    21:45:01.0259 1148 yukonwlh - ok
    21:45:01.0291 1148 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
    21:45:01.0322 1148 \Device\Harddisk0\DR0 - ok
    21:45:01.0337 1148 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    21:45:01.0337 1148 \Device\Harddisk1\DR1 - ok
    21:45:01.0337 1148 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR3
    21:45:01.0353 1148 \Device\Harddisk2\DR3 - ok
    21:45:01.0353 1148 Boot (0x1200) (edd76105b63c03b69f32fc505b5fc26e) \Device\Harddisk0\DR0\Partition0
    21:45:01.0353 1148 \Device\Harddisk0\DR0\Partition0 - ok
    21:45:01.0369 1148 Boot (0x1200) (f1069842f8d83a2b7ce136237728daaf) \Device\Harddisk0\DR0\Partition1
    21:45:01.0369 1148 \Device\Harddisk0\DR0\Partition1 - ok
    21:45:01.0384 1148 Boot (0x1200) (4ca4e218892037f5f1b07f0d47eb4c1d) \Device\Harddisk1\DR1\Partition0
    21:45:01.0384 1148 \Device\Harddisk1\DR1\Partition0 - ok
    21:45:01.0384 1148 Boot (0x1200) (cb06605e73f4018481da1b187bdfc39c) \Device\Harddisk2\DR3\Partition0
    21:45:01.0384 1148 \Device\Harddisk2\DR3\Partition0 - ok
    21:45:01.0384 1148 ============================================================
    21:45:01.0384 1148 Scan finished
    21:45:01.0384 1148 ============================================================
    21:45:01.0400 2788 Detected object count: 0
    21:45:01.0400 2788 Actual detected object count: 0
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. BeezNeezy

    BeezNeezy TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 1/13/2012 7:30:49 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matt\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.31% Memory free
    6.09 Gb Paging File | 4.84 Gb Available in Paging File | 79.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.21 Gb Total Space | 8.19 Gb Free Space | 2.85% Space Free | Partition Type: NTFS
    Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
    Drive F: | 1.91 Gb Total Space | 1.79 Gb Free Space | 93.73% Space Free | Partition Type: FAT
    Drive G: | 465.65 Gb Total Space | 38.85 Gb Free Space | 8.34% Space Free | Partition Type: FAT32
    Drive H: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/13 07:15:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/07/19 18:19:18 | 000,153,600 | ---- | M] () -- C:\Windows\System32\AI_ContextMenu.dll
    MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/08/02 11:13:06 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/03/18 11:45:47 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2008/10/03 02:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55293

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 55293
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/05 21:26:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 11:38:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 19:25:19 | 000,000,000 | ---D | M]

    [2010/04/18 20:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
    [2011/12/06 15:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\1ntqig7q.default\extensions
    [2010/07/23 20:38:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\1ntqig7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/06 15:17:12 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\1ntqig7q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2012/01/12 09:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/01 15:32:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/12/05 21:26:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2011/11/15 11:38:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/02 10:02:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/15 11:38:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

    Hosts file not found
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [combofix] "C:\ComboFix\CF21512.3XE" /c "C:\ComboFix\C.bat" File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKCU..\Run: [conhost] C:\Users\Matt\AppData\Roaming\Microsoft\conhost.exe File not found
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3040888C-3CDA-4C02-8E8F-B0886B591632}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/12/11 15:03:59 | 000,000,277 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{95e688bd-7460-11df-b32f-001f16781eb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{95e688bd-7460-11df-b32f-001f16781eb4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2006/12/07 13:45:13 | 001,095,224 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/13 07:24:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/01/12 21:43:40 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
    [2012/01/12 17:14:14 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Matt\Desktop\boot_cleaner.exe
    [2012/01/12 15:27:57 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/01/12 15:02:40 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/01/12 12:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/12 12:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/11 16:25:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
    [2012/01/11 15:20:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
    [2012/01/11 15:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/11 15:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/11 15:19:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/11 15:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/11 15:19:01 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/10 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 1.0
    [2012/01/10 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
    [2012/01/05 13:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/05 13:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/05 10:17:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Internet Chess Club
    [2012/01/05 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Chess Club
    [2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/13 07:21:10 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-568452235-1909360619-582799849-1000UA.job
    [2012/01/13 07:15:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/01/13 07:05:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/13 07:05:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 21:42:34 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
    [2012/01/12 17:12:34 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/01/12 15:28:13 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/12 15:28:13 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/12 15:25:56 | 000,302,267 | ---- | M] () -- C:\Users\Matt\Desktop\ListParts.exe
    [2012/01/12 15:20:00 | 000,044,607 | ---- | M] () -- C:\Users\Matt\Desktop\bootkit_remover.zip
    [2012/01/12 15:18:36 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/01/12 15:05:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/12 15:05:09 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/12 14:21:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-568452235-1909360619-582799849-1000Core.job
    [2012/01/12 12:11:27 | 000,193,536 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/11 15:20:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/11 15:16:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
    [2012/01/11 15:13:46 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/11 06:46:00 | 000,334,125 | ---- | M] () -- C:\Users\Matt\Desktop\FSS.exe
    [2012/01/10 15:31:06 | 000,000,627 | ---- | M] () -- C:\Users\Matt\Desktop\tdx.zip
    [2012/01/10 15:18:12 | 000,000,890 | ---- | M] () -- C:\Users\Matt\Desktop\DllSuite.lnk
    [2012/01/06 23:22:57 | 000,002,037 | ---- | M] () -- C:\Users\Matt\Desktop\Google Chrome.lnk
    [2012/01/06 23:22:57 | 000,001,999 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/01/05 13:44:41 | 000,008,944 | -HS- | M] () -- C:\Users\Matt\AppData\Local\185eex12f105lx52h4dqo8s043728x64b8132
    [2012/01/05 13:44:41 | 000,008,944 | -HS- | M] () -- C:\ProgramData\185eex12f105lx52h4dqo8s043728x64b8132
    [2012/01/05 13:04:53 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/05 13:04:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/01/05 10:28:11 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job

    ========== Files Created - No Company Name ==========

    [2012/01/12 17:16:37 | 000,302,267 | ---- | C] () -- C:\Users\Matt\Desktop\ListParts.exe
    [2012/01/12 17:14:09 | 000,044,607 | ---- | C] () -- C:\Users\Matt\Desktop\bootkit_remover.zip
    [2012/01/12 15:51:49 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/01/12 12:50:50 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/11 15:20:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/11 06:52:46 | 000,334,125 | ---- | C] () -- C:\Users\Matt\Desktop\FSS.exe
    [2012/01/10 15:33:16 | 000,000,627 | ---- | C] () -- C:\Users\Matt\Desktop\tdx.zip
    [2012/01/10 15:18:12 | 000,000,890 | ---- | C] () -- C:\Users\Matt\Desktop\DllSuite.lnk
    [2012/01/05 12:47:53 | 000,008,944 | -HS- | C] () -- C:\Users\Matt\AppData\Local\185eex12f105lx52h4dqo8s043728x64b8132
    [2012/01/05 12:47:53 | 000,008,944 | -HS- | C] () -- C:\ProgramData\185eex12f105lx52h4dqo8s043728x64b8132
    [2011/04/08 01:10:36 | 000,000,004 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\12CF8C
    [2011/04/08 01:10:35 | 000,870,128 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mcs.rma
    [2010/11/30 18:07:02 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
    [2010/11/24 10:40:14 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/10/24 15:39:56 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2010/08/09 08:03:50 | 000,153,600 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
    [2010/07/01 15:38:47 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
    [2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
    [2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
    [2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
    [2010/05/24 14:33:00 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
    [2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
    [2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
    [2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
    [2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
    [2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
    [2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
    [2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
    [2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
    [2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
    [2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
    [2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
    [2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
    [2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
    [2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
    [2010/05/19 15:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
    [2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
    [2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
    [2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
    [2010/05/19 15:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
    [2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
    [2010/05/19 15:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
    [2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
    [2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
    [2010/04/02 18:30:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/04/02 18:30:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/03/29 08:43:45 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/03/28 23:09:14 | 000,193,536 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/28 20:58:17 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
    [2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
    [2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/10/23 04:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
    [2008/07/06 15:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,348,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2010/05/19 14:53:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Amazon
    [2010/10/21 08:41:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
    [2010/10/20 06:07:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG10
    [2010/06/29 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG9
    [2010/06/02 23:49:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\B452AA9A33AA4A7E260778EB69F676EB
    [2012/01/09 13:09:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
    [2010/11/04 10:26:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BonkEnc
    [2010/11/04 10:43:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Free Audio Convert Wizard
    [2010/04/05 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\funkitron
    [2012/01/05 10:17:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Internet Chess Club
    [2010/08/17 09:37:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ludia
    [2010/06/10 02:18:55 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Music Editor Free
    [2010/05/06 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Out of the Park Developments
    [2010/11/30 18:18:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Research In Motion
    [2010/04/09 19:35:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\StreamTorrent
    [2010/10/24 14:49:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SystemRequirementsLab
    [2010/04/05 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WildTangent
    [2012/01/12 15:04:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/01/12 15:05:09 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/12 15:05:08 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/24 06:37:09 | 000,006,130 | ---- | M] () -- C:\scramble.log
    [2010/08/31 17:50:14 | 000,000,184 | ---- | M] () -- C:\setup.log
    [2012/01/12 21:47:42 | 000,075,904 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_12.01.2012_21.44.19_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/12/12 07:38:17 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/09 01:57:48 | 000,000,574 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/12 15:18:36 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Matt\Desktop\boot_cleaner.exe
    [2012/01/11 06:46:00 | 000,334,125 | ---- | M] () -- C:\Users\Matt\Desktop\FSS.exe
    [2012/01/12 15:25:56 | 000,302,267 | ---- | M] () -- C:\Users\Matt\Desktop\ListParts.exe
    [2012/01/11 15:13:46 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/13 07:15:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/01/12 21:42:34 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/01/05 10:24:13 | 000,000,402 | -HS- | M] () -- C:\Users\Matt\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/03/29 08:47:34 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012/01/05 13:44:41 | 000,008,944 | -HS- | M] () -- C:\ProgramData\185eex12f105lx52h4dqo8s043728x64b8132
    [2011/04/27 10:49:29 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/03/28 21:01:28 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2008/10/23 05:50:48 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/03/28 21:00:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2008/10/23 05:46:04 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/03/28 20:59:16 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/03/28 21:01:08 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2008/10/23 05:44:36 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2008/10/23 05:50:23 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/03/28 21:01:37 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2009/07/10 00:05:02 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Windows\Installer\BBMediaSyncUninstall.exe
    [3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 81 bytes -> C:\Program Files\Intertops Poker:MID
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
    @Alternate Data Stream - 550 bytes -> C:\Windows\System32\drivers\wxlouynp.sys:changelist
    @Alternate Data Stream - 550 bytes -> C:\Windows\System32\drivers\wqzesxap.sys:changelist
    @Alternate Data Stream - 412 bytes -> C:\Windows\System32\drivers\sjbwyvel.sys:changelist
    @Alternate Data Stream - 320 bytes -> C:\Windows\System32\drivers\yzqeidpi.sys:changelist
    @Alternate Data Stream - 320 bytes -> C:\Windows\System32\drivers\soupffpv.sys:changelist
    @Alternate Data Stream - 320 bytes -> C:\Windows\System32\drivers\lawiueac.sys:changelist
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

    < End of report >
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...