TechSpot

Iexplore.exe running in processes while internet explorer not running

By zekezagura
Nov 25, 2011
  1. iexplore.exe has been running in processes taking up a lot of CPU while internet explorer is not and internet explorer sometimes opens up by itself at a random web site.

    Malware
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8243

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/25/2011 9:51:42 PM
    mbam-log-2011-11-25 (21-51-42).txt

    Scan type: Quick scan
    Objects scanned: 184210
    Time elapsed: 5 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Zeke\downloads\WSOP-USA.exe (PUP.Casino) -> Quarantined and deleted successfully.
     
  2. zekezagura

    zekezagura TS Rookie Topic Starter

    dds

    So yah didnt add gmer cause it is HUGE! here is dds file

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by Zeke at 23:08:54 on 2011-11-25
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1803 [GMT -5:00]
    .
    AV: Trend Micro AntiVirus *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Trend Micro AntiVirus *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Prevx\prevx.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RAVCpl64.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\SysWOW64\conime.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = Preserve
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Google Update] "C:\Users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
    mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
    TCP: Interfaces\{8AFFF85F-01E5-44A8-BB60-FEB924CAE264} : DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNow Toolbar Helper - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
    mRun-x64: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110830
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
    R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-3-31 14904]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-11-23 6746280]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-31 2214504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
    R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 135664]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-24 89920]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-2-20 900360]
    S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-11-26 02:43:40 -------- d-----w- C:\Users\Zeke\AppData\Roaming\Malwarebytes
    2011-11-26 02:43:21 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-26 02:43:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-26 02:29:20 -------- d-----w- C:\ProgramData\AVAST Software
    2011-11-26 02:29:20 -------- d-----w- C:\Program Files\AVAST Software
    2011-11-24 20:36:59 466432 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
    2011-11-24 20:35:53 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-24 20:35:53 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2011-11-24 19:14:21 -------- d-----w- C:\ProgramData\VS
    2011-11-24 03:16:13 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
    2011-11-24 03:16:13 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
    2011-11-24 03:16:13 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
    2011-11-24 03:16:12 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
    2011-11-24 03:16:12 -------- d-----w- C:\Program Files\Prevx
    2011-11-24 03:15:44 -------- d-----w- C:\ProgramData\PrevxCSI
    2011-11-23 00:14:33 -------- d-----w- C:\Program Files\CCleaner
    2011-11-23 00:08:45 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-11-23 00:08:45 -------- d-----w- C:\Program Files (x86)\STOPzilla!
    2011-11-23 00:08:45 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2011-11-22 22:49:53 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    2011-11-22 15:39:08 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2011-11-22 15:39:08 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2011-11-22 15:39:08 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2011-11-22 15:39:08 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2011-11-22 15:39:08 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2011-11-22 15:39:06 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2011-11-22 15:39:06 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2011-11-22 15:39:06 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2011-11-22 15:39:06 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2011-11-22 15:39:06 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2011-11-22 15:39:06 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2011-11-22 15:39:06 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2011-11-15 23:05:37 -------- d-----w- C:\Program Files\iPod
    2011-11-15 23:05:33 -------- d-----w- C:\Program Files\iTunes
    2011-11-14 21:33:23 -------- d-----w- C:\Windows\Hewlett-Packard
    2011-11-13 17:06:34 633816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2011-11-13 17:06:34 555992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2011-11-13 17:06:34 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2011-11-13 17:06:34 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-11-11 20:38:57 995383 ----a-w- C:\Windows\SysWow64\temp.001
    2011-11-11 20:38:57 295000 ----a-w- C:\Windows\SysWow64\temp.000
    2011-11-11 20:38:55 -------- d-----w- C:\Program Files (x86)\ClubWPT
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2011-11-10 00:16:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2011-11-10 00:16:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-10 00:16:17 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-10 00:16:16 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-10 00:16:16 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-10 00:16:16 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
    2011-11-09 02:36:40 -------- d-----w- C:\AmericasCardroom.net
    2011-11-08 01:00:37 -------- d-----w- C:\Users\Zeke\AppData\Roaming\Microsoft Corporation
    2011-11-04 18:28:19 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-11-04 18:28:19 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-24 20:37:08 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2011-11-24 20:37:08 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-24 20:37:04 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2011-11-24 20:37:03 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2011-11-24 20:37:03 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
    2011-11-24 20:37:03 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
    2011-11-24 20:37:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
    2011-11-13 00:05:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
    2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys
    2011-09-22 02:33:36 627600 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-09-14 01:09:07 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
    2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2008-07-02 02:28:38 61440 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    .
    ============= FINISH: 23:18:11.17 ===============
     
  3. zekezagura

    zekezagura TS Rookie Topic Starter

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/31/2009 12:21:40 AM
    System Uptime: 11/25/2011 10:39:47 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G50VT
    Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz | Socket 478 | 2133/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 102.333 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ????????????
    7-Zip 9.22beta
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    AmericasCardroom.net
    Apple Application Support
    Apple Software Update
    ASUS CopyProtect
    ASUS Data Security Manager
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    BitZipper 2010
    BufferChm
    Cisco Connect
    ClubWPT
    Cockatrice
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Crystal Reports for Visual Studio
    CyberLink LabelPrint
    CyberLink Power2Go
    D1600
    DAEMON Tools Pro
    DeviceDiscovery
    Direct Console 2.0
    DivX Setup
    DJ_SF_06_D1600_SW_Min
    EasyBits GO
    Express Gate
    Galapago
    Geek Squad 24 Hour Computer Support
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hitman: Blood Money
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Photo Creations
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    ITECIR
    Java Auto Updater
    Java(TM) 6 Update 27
    League of Legends
    LightScribe System Software 1.14.17.1
    LoJack Factory Installer
    Magic Online
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    Microsoft Works
    Minitab 15 English
    Mozilla Firefox 9.0 (x86 en-US)
    myPhotoMovie (remove only)
    NB Probe
    nFringe 1.1 (1.1.34.193)
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Update
    Pando Media Booster
    Peggle Deluxe
    Picasa 2
    Poker Night at the Inventory
    PokerStars
    PokerStars.net
    Post Apocalyptic Mayhem
    PSPad editor
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    RegZooka
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.5
    SmartWebPrinting
    SolutionCenter
    Star Wars: The Old Republic
    StarCraft II
    StartNow Toolbar
    Status
    Steam
    STOPzilla
    System Requirements Lab
    System Requirements Lab CYRI
    Toolbox
    TrayApp
    UnCodeX
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WCF RIA Services V1.0 SP1
    WebReg
    Windows Live Sign-in Assistant
    Windows Media Player Firefox Plugin
    WinFlash
    WinFtp Client 1.5
    WinZip 15.5
    Wireless Console 2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/25/2011 10:42:53 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    11/25/2011 10:42:53 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    11/25/2011 10:40:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    11/25/2011 10:40:21 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8AFFF85F-01E5-44A8-BB60-FEB924CAE264} because another computer on the network has the same name. The server could not start.
    11/25/2011 10:40:21 PM, Error: netbt [4321] - The name "ZEKE-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
    11/25/2011 10:40:21 PM, Error: netbt [4321] - The name "ZEKE-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
    11/25/2011 10:39:12 PM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/24/2011 4:33:49 PM, Error: EventLog [6008] - The previous system shutdown at 4:32:26 PM on 11/24/2011 was unexpected.
    11/23/2011 6:46:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    11/23/2011 6:46:14 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/23/2011 4:43:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/23/2011 4:04:54 PM, Error: netbt [4321] - The name "ZEKE-PC :20" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
    11/23/2011 4:04:54 PM, Error: netbt [4321] - The name "ZEKE-PC :0" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
    11/23/2011 4:04:44 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.21 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/22/2011 10:44:32 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
    11/19/2011 4:20:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Vista64.
    11/19/2011 3:36:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
    11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/19/2011 3:33:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.21 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 172.18.40.253 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    You're running three AV programs, Trend Micro, AVG and Prevx.
    TWO of them have to go.
    If one of them is AVG make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Upload GMER log here: http://www.filedropper.com/
    Post download link (copy URL: link):
    [​IMG]
     
  5. zekezagura

    zekezagura TS Rookie Topic Starter

  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. zekezagura

    zekezagura TS Rookie Topic Starter

    log

    ComboFix 11-11-26.04 - Zeke 11/26/2011 20:55:24.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2420 [GMT -5:00]
    Running from: c:\users\Zeke\Desktop\ComboFix.exe
    AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
    SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
    SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
    c:\users\Zeke\AppData\Roaming\Install.dat
    c:\users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\searchplugins\bing-zugo.xml
    c:\windows\SysWow64\drivers\dfg.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-27 02:43 . 2011-11-27 02:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF46A644-4DC3-456E-94A4-B57549AA37A2}\offreg.dll
    2011-11-27 02:39 . 2011-11-27 02:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-27 02:39 . 2011-11-27 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-26 17:20 . 2011-11-26 17:20 -------- d-----w- c:\users\Zeke\AppData\Local\SWTOR
    2011-11-26 16:56 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF46A644-4DC3-456E-94A4-B57549AA37A2}\mpengine.dll
    2011-11-26 15:41 . 2011-11-26 15:41 -------- d-----w- C:\a108254b35ec78337912
    2011-11-26 06:19 . 2011-11-26 06:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\users\Zeke\AppData\Roaming\Malwarebytes
    2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-26 02:29 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-26 02:29 . 2011-11-26 02:40 -------- d-----w- c:\programdata\AVAST Software
    2011-11-26 02:29 . 2011-11-26 02:29 -------- d-----w- c:\program files\AVAST Software
    2011-11-24 20:36 . 2011-11-24 20:36 466432 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
    2011-11-24 20:35 . 2011-11-24 20:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-24 20:35 . 2011-11-24 20:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-24 19:14 . 2011-11-24 19:14 -------- d-----w- c:\programdata\VS
    2011-11-24 03:16 . 2011-11-24 03:16 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2011-11-24 03:16 . 2011-11-24 03:16 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
    2011-11-24 03:16 . 2011-11-24 03:16 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
    2011-11-24 03:16 . 2011-11-24 03:16 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
    2011-11-24 03:16 . 2011-11-24 03:16 -------- d-----w- c:\program files\Prevx
    2011-11-24 03:15 . 2011-11-27 02:17 -------- d-----w- c:\programdata\PrevxCSI
    2011-11-23 00:14 . 2011-11-23 00:14 -------- d-----w- c:\program files\CCleaner
    2011-11-23 00:08 . 2011-11-26 02:49 -------- d-----w- c:\programdata\STOPzilla!
    2011-11-23 00:08 . 2011-11-23 00:08 -------- d-----w- c:\program files (x86)\STOPzilla!
    2011-11-23 00:08 . 2011-11-23 00:08 -------- d-----w- c:\program files (x86)\Common Files\iS3
    2011-11-22 22:49 . 2011-11-22 22:49 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2011-11-22 22:49 . 2011-11-22 22:49 -------- d-----w- c:\program files (x86)\Electronic Arts
    2011-11-22 15:39 . 2011-11-22 15:39 547880 ----a-r- c:\windows\SysWow64\SZComp5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 482344 ----a-r- c:\windows\SysWow64\SZBase5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 30248 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 24616 ----a-r- c:\windows\SysWow64\SZIO5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 134184 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 740392 ----a-r- c:\windows\SysWow64\IS3Base5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 68648 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 457768 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 392232 ----a-r- c:\windows\SysWow64\IS3UI5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 232488 ----a-r- c:\windows\SysWow64\IS3Win325.dll
    2011-11-22 15:39 . 2011-11-22 15:39 105512 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
    2011-11-22 15:39 . 2011-11-22 15:39 101416 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
    2011-11-22 02:55 . 2011-11-22 02:55 -------- d-----w- c:\users\Zeke\AppData\Roaming\HPAppData
    2011-11-15 23:05 . 2011-11-15 23:05 -------- d-----w- c:\program files\iPod
    2011-11-15 23:05 . 2011-11-15 23:06 -------- d-----w- c:\program files\iTunes
    2011-11-14 21:33 . 2011-11-14 21:33 -------- d-----w- c:\windows\Hewlett-Packard
    2011-11-13 17:06 . 2011-11-26 03:00 633816 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-11-13 17:06 . 2011-11-26 03:00 555992 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-11-13 17:06 . 2011-11-26 03:00 486360 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-11-13 17:06 . 2011-11-26 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-11-13 00:05 . 2011-11-13 00:05 -------- d-----w- c:\windows\system32\Macromed
    2011-11-11 20:38 . 2002-03-25 15:31 295000 ----a-w- c:\windows\SysWow64\temp.000
    2011-11-11 20:38 . 2002-03-25 15:30 995383 ----a-w- c:\windows\SysWow64\temp.001
    2011-11-11 20:38 . 2011-11-11 20:39 -------- d-----w- c:\program files (x86)\ClubWPT
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2011-11-10 22:49 . 2011-11-10 22:49 -------- d-----w- c:\program files (x86)\QuickTime
    2011-11-10 00:16 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-10 00:16 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-10 00:16 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-10 00:16 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 00:16 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
    2011-11-10 00:16 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 02:36 . 2011-11-25 07:02 -------- d-----w- C:\AmericasCardroom.net
    2011-11-08 01:00 . 2011-11-08 01:00 -------- d-----w- c:\users\Zeke\AppData\Roaming\Microsoft Corporation
    2011-11-04 18:28 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-11-04 18:28 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-26 15:44 . 2011-07-11 22:32 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-11-24 19:55 . 2011-07-11 22:32 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2011-11-13 00:05 . 2011-05-13 12:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\SZKG64.sys
    2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\is3srv64.sys
    2011-09-22 02:33 . 2011-09-22 02:33 627600 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-14 01:09 . 2011-02-20 22:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2011-09-06 13:56 . 2011-10-12 23:08 2764288 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-02 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2008-08-20 2705976]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
    "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
    "P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 135664]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 135664]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
    S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-11-24 6746280]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
    S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:07]
    .
    2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:07]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000Core.job
    - c:\users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:26]
    .
    2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000UA.job
    - c:\users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:26]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]
    "combofix"="c:\combofix\CF32335.3XE" [2008-01-21 363008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110830
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    AddRemove-RegZooka - c:\program files (x86)\RegZooka\uninstall.exe
    AddRemove-????????????_is1 - c:\program files (x86)\?????????\????????????\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-26 22:07:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-27 03:07
    .
    Pre-Run: 108,707,586,048 bytes free
    Post-Run: 110,229,159,936 bytes free
    .
    - - End Of File - - D50064DF5C507ADCEDD8808C67088057
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    How is computer doing?

    Uninstall STOPzilla as well. It's a company with rather shady reutation.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. zekezagura

    zekezagura TS Rookie Topic Starter

    OTL

    So my computer is running much better however iexplore.exe still seems to appear in processes every so often though not taking near the amount of cpu as it was, from 70-95% down to around 0-5%, it is still there though :(

    OTL logfile created on: 11/26/2011 11:45:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeke\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.91% Memory free
    8.17 Gb Paging File | 6.27 Gb Available in Paging File | 76.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.37 Gb Total Space | 102.62 Gb Free Space | 35.84% Space Free | Partition Type: NTFS

    Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
    PRC - [2011/05/21 01:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2011/03/17 03:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    PRC - [2008/09/02 19:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2008/06/18 00:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2008/04/01 01:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    PRC - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    PRC - [2007/03/29 14:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    PRC - [2006/11/02 10:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/07/18 21:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2007/06/15 12:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
    MOD - [2007/06/01 19:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/23 22:16:12 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
    SRV:64bit: - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV:64bit: - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
    SRV - [2011/11/20 23:50:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2011/05/21 01:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/06 12:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/23 22:16:13 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
    DRV:64bit: - [2011/11/23 22:16:13 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
    DRV:64bit: - [2011/11/23 22:16:12 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/04/30 22:25:06 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys -- (nvoclk64)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2008/09/12 00:48:25 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/08/28 10:57:23 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/06/24 15:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/06/03 01:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2008/05/29 12:21:00 | 000,016,440 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
    DRV:64bit: - [2008/05/02 00:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/04/01 04:59:19 | 001,878,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
    DRV:64bit: - [2007/12/18 19:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
    DRV:64bit: - [2007/12/06 05:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007/08/10 22:19:44 | 000,034,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
    DRV:64bit: - [2007/08/02 23:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
    DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
    DRV:64bit: - [2006/10/27 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 64 6A C4 EC AA CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z192&install_date=20110830"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/06 23:00:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/06 23:00:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/21 22:33:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 22:00:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:49:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/21 22:33:25 | 000,000,000 | ---D | M]

    [2011/02/22 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Extensions
    [2011/11/05 13:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions
    [2011/02/24 08:09:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/08/29 20:37:57 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2011/11/05 12:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/03/08 14:52:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/09/14 18:24:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2011/11/25 22:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    () (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OEQLKDPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OEQLKDPX.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2011/11/25 22:00:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/11/03 06:13:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/05/09 03:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/11/03 06:13:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/11/26 21:44:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AFFF85F-01E5-44A8-BB60-FEB924CAE264}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Zeke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Zeke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/26 23:44:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
    [2011/11/26 23:09:22 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Desktop\New Folder
    [2011/11/26 22:08:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/26 21:44:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/26 20:47:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/26 20:47:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/26 20:47:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/26 20:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/26 20:46:09 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/26 20:39:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/26 20:35:17 | 004,309,325 | R--- | C] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
    [2011/11/26 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Local\SWTOR
    [2011/11/26 12:20:14 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Documents\HeroBlade Logs
    [2011/11/26 11:56:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
    [2011/11/26 10:41:06 | 000,000,000 | ---D | C] -- C:\a108254b35ec78337912
    [2011/11/26 01:19:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2011/11/25 22:43:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zeke\Desktop\dds.scr
    [2011/11/25 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\Malwarebytes
    [2011/11/25 21:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/25 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/25 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/25 21:29:52 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/11/25 21:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/11/25 21:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/11/24 14:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
    [2011/11/24 14:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    [2011/11/24 14:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
    [2011/11/23 22:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
    [2011/11/23 22:16:13 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
    [2011/11/23 22:16:13 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
    [2011/11/23 22:16:13 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
    [2011/11/23 22:16:12 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
    [2011/11/23 22:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
    [2011/11/23 22:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
    [2011/11/22 19:23:55 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe
    [2011/11/22 19:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/11/22 19:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/11/22 17:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
    [2011/11/22 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
    [2011/11/22 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2011/11/21 21:55:17 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\HPAppData
    [2011/11/20 19:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/11/15 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/11/15 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/11/15 18:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/11/14 16:33:23 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2011/11/12 19:05:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2011/11/11 15:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClubWPT
    [2011/11/10 17:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/11/10 17:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/11/08 21:36:40 | 000,000,000 | ---D | C] -- C:\AmericasCardroom.net
    [2011/11/07 20:00:37 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\Microsoft Corporation
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
    [2011/11/26 23:43:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 23:43:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 23:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/26 23:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000UA.job
    [2011/11/26 21:44:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/26 21:43:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/26 21:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/26 21:43:30 | 4294,168,576 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/26 20:35:22 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
    [2011/11/26 12:20:19 | 000,007,916 | ---- | M] () -- C:\Users\Zeke\AppData\Local\d3d9caps.dat
    [2011/11/26 12:20:00 | 000,000,512 | ---- | M] () -- C:\Users\Zeke\Desktop\MBR.dat
    [2011/11/26 11:56:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
    [2011/11/26 01:19:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2011/11/26 00:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000Core.job
    [2011/11/25 22:43:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\dds.scr
    [2011/11/25 21:43:22 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/25 21:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/11/24 15:37:40 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
    [2011/11/24 15:37:40 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
    [2011/11/24 15:37:40 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
    [2011/11/24 15:37:40 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
    [2011/11/24 15:36:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/24 15:36:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/23 22:16:13 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
    [2011/11/23 22:16:13 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
    [2011/11/23 22:16:13 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
    [2011/11/23 22:16:12 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
    [2011/11/22 20:30:20 | 000,000,901 | ---- | M] () -- C:\Users\Zeke\Desktop\StarCraft II - Shortcut.lnk
    [2011/11/22 19:14:34 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/11/22 17:50:06 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2011/11/22 12:06:52 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe
    [2011/11/21 10:03:18 | 000,002,044 | ---- | M] () -- C:\Users\Zeke\Desktop\Google Chrome.lnk
    [2011/11/15 18:06:04 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/15 17:58:46 | 000,848,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/15 17:58:46 | 000,706,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/15 17:58:46 | 000,143,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/11 15:38:56 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\ClubWPT.lnk
    [2011/11/10 17:49:48 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/11/08 21:36:47 | 000,001,551 | ---- | M] () -- C:\Users\Zeke\Desktop\AmericasCardroom.net.lnk
    [2011/11/05 12:53:42 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/26 20:47:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/26 20:47:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/26 20:47:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/26 20:47:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/26 20:47:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/26 12:20:00 | 000,000,512 | ---- | C] () -- C:\Users\Zeke\Desktop\MBR.dat
    [2011/11/26 01:19:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2011/11/25 21:43:22 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/25 21:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/11/24 15:36:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/11/24 15:36:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/11/22 20:30:20 | 000,000,901 | ---- | C] () -- C:\Users\Zeke\Desktop\StarCraft II - Shortcut.lnk
    [2011/11/22 19:14:34 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/11/22 17:50:06 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2011/11/15 18:06:04 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/11 15:38:56 | 000,001,661 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClubWPT.lnk
    [2011/11/11 15:38:56 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\ClubWPT.lnk
    [2011/11/10 17:49:48 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/11/08 21:36:47 | 000,001,551 | ---- | C] () -- C:\Users\Zeke\Desktop\AmericasCardroom.net.lnk
    [2011/11/05 12:53:42 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/10/11 22:47:21 | 000,000,732 | ---- | C] () -- C:\Users\Zeke\AppData\Local\d3d9caps64.dat
    [2011/08/29 20:38:48 | 000,000,050 | ---- | C] () -- C:\Windows\WinFTP.INI
    [2011/08/29 13:55:56 | 000,000,600 | ---- | C] () -- C:\Users\Zeke\AppData\Local\PUTTY.RND
    [2011/08/21 22:41:58 | 000,168,351 | ---- | C] () -- C:\Windows\hphins33.dat.temp
    [2011/08/21 22:41:58 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
    [2011/08/21 22:25:14 | 000,169,553 | ---- | C] () -- C:\Windows\hphins33.dat
    [2011/07/12 18:24:11 | 000,022,016 | ---- | C] () -- C:\Users\Zeke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/11 16:57:39 | 000,843,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/05/08 21:12:35 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/03/17 00:29:03 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
    [2011/03/08 14:53:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/25 15:22:23 | 000,007,916 | ---- | C] () -- C:\Users\Zeke\AppData\Local\d3d9caps.dat
    [2011/02/24 15:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/02/24 14:59:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/02/24 14:59:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/02/20 17:18:12 | 000,110,376 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/01/29 16:30:08 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
    [2009/03/31 00:12:50 | 000,110,376 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/03/30 23:40:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/03/30 23:17:55 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2009/03/30 23:15:28 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2008/09/19 06:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
    [2008/07/01 21:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    [2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========
     
  10. zekezagura

    zekezagura TS Rookie Topic Starter

    OTL cont.

    [2011/06/18 19:53:30 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\BitZipper
    [2011/11/22 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Pro
    [2011/06/30 16:00:29 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\go
    [2011/09/02 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\LolClient
    [2011/09/06 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\RIFT
    [2011/07/10 15:58:38 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\SystemRequirementsLab
    [2011/09/13 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\TuneUp Software
    [2011/02/20 19:52:37 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Wizards of the Coast
    [2011/11/26 21:42:26 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/11/27 21:10:54 | 000,000,016 | ---- | M] () -- C:\app14.log
    [2008/11/25 05:07:32 | 000,000,081 | ---- | M] () -- C:\app4.log
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/09/18 09:01:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/26 22:07:48 | 000,024,626 | ---- | M] () -- C:\ComboFix.txt
    [2009/03/31 00:29:01 | 000,018,708 | ---- | M] () -- C:\devlist.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2009/03/31 00:29:01 | 000,000,009 | ---- | M] () -- C:\Finish.log
    [2008/10/16 21:45:45 | 001,048,576 | RH-- | M] () -- C:\G50V.BIN
    [2008/10/20 03:26:02 | 000,000,014 | ---- | M] () -- C:\G50VT_VISTA.30
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/11/26 21:43:30 | 4294,168,576 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/31 00:14:09 | 021,168,128 | ---- | M] () -- C:\inject.log
    [2009/03/31 00:14:10 | 020,246,834 | ---- | M] () -- C:\inject.log.txt
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2008/09/19 06:33:21 | 000,000,003 | ---- | M] () -- C:\K522.txt
    [2008/08/08 02:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
    [2011/11/26 21:43:19 | 312,782,847 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/30 11:00:38 | 000,000,105 | ---- | M] () -- C:\Pass.txt
    [2009/02/22 21:38:44 | 000,003,188 | ---- | M] () -- C:\Patch.LOG
    [2008/10/08 23:52:50 | 000,000,019 | ---- | M] () -- C:\PCcillin.TXT
    [2008/10/20 03:26:02 | 000,000,007 | ---- | M] () -- C:\RECOVERY.DAT
    [2009/03/31 00:10:09 | 000,000,607 | ---- | M] () -- C:\RHDSetup.log
    [2011/11/21 22:06:32 | 000,000,460 | ---- | M] () -- C:\rkill.log
    [2009/03/31 00:26:23 | 000,000,163 | ---- | M] () -- C:\setup.log
    [2011/11/11 15:39:00 | 000,000,089 | ---- | M] () -- C:\SoftUpdate.log
    [2008/09/19 06:43:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/03/30 09:30:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/09/19 06:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/03/30 09:30:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/03/30 23:14:19 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
    [2009/03/30 23:13:55 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
    [2011/11/22 19:06:27 | 000,074,246 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_22.11.2011_19.04.51_log.txt
    [2011/11/22 19:24:36 | 000,074,308 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_22.11.2011_19.24.09_log.txt
    [2011/11/25 19:46:27 | 000,075,216 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_25.11.2011_19.46.03_log.txt
    [2009/02/11 22:50:06 | 000,000,025 | ---- | M] () -- C:\V622.TXT
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/06/05 13:24:55 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2009/03/30 23:54:50 | 000,088,694 | ---- | M] () -- C:\Windows\AsCD_Stage114.jpg
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/26 11:56:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
    [2011/11/26 20:35:22 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
    [2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
    [2011/08/28 16:15:26 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Zeke\Desktop\putty.exe
    [2011/11/22 12:06:52 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2007/06/12 12:34:50 | 000,035,822 | ---- | M] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico
    [2008/05/22 11:35:54 | 000,051,962 | ---- | M] () -- C:\Program Files (x86)\Common Files\banner.jpg
    [2008/07/01 21:28:38 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/03/17 00:29:09 | 000,000,402 | -HS- | M] () -- C:\Users\Zeke\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/08/21 22:55:54 | 000,001,126 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/05/31 17:25:06 | 000,110,376 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/05/01 01:49:57 | 000,000,929 | ---- | M] ()(C:\Users\Zeke\Desktop\????????????.lnk) -- C:\Users\Zeke\Desktop\車輪の国、悠久の少年少女.lnk
    [2011/05/01 01:49:57 | 000,000,929 | ---- | C] ()(C:\Users\Zeke\Desktop\????????????.lnk) -- C:\Users\Zeke\Desktop\車輪の国、悠久の少年少女.lnk
    [2011/05/01 01:47:16 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ
    [2011/05/01 01:47:16 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\あかべぇそふとつぅ
    (C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

    < End of report >
     
  11. zekezagura

    zekezagura TS Rookie Topic Starter

    Extras

    OTL Extras logfile created on: 11/26/2011 11:45:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeke\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.91% Memory free
    8.17 Gb Paging File | 6.27 Gb Available in Paging File | 76.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.37 Gb Total Space | 102.62 Gb Free Space | 35.84% Space Free | Partition Type: NTFS

    Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = D7 3C 23 52 CB 23 CC 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6C540116-85A3-44C2-886B-A133A9F723F6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8E745CB8-D94D-448B-9A6A-B1F212A072FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{A3527C6B-0553-46B5-931D-239A8D80CC68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00851D1F-7A42-4D9A-96E8-A7006F22276F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{07E90BA1-489D-4253-8A33-4F6EC1FDACDE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{0986C642-7E01-44FA-8D49-4AC9DCB5830C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{162360C2-7881-45E7-998D-C4FBFB92D3DA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{16C1B8CB-BCDB-4798-8211-8753FFB17AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{1A0B6E2F-92EA-45D2-8479-0DE27D424407}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{27E3502F-1BB5-4F7F-9A5A-C8CC264E815D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2C6C6B8F-4A30-4FE2-8D6E-7D465E3D384F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{318E36EC-B709-41B9-918D-DEA99A5F6070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{414D621B-9601-47A1-BC08-207F2A5FD0E5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4FF98DFB-CB58-4461-B5F3-F54FE572A191}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{5369A470-7C79-4158-814F-9ACD1EDE0067}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{54F624C7-0209-4BDA-A1EE-A18D06C834B6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{5553EAA7-3535-4024-9F22-0CBB0DB1ECAF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{58537C8B-619E-4532-875E-6ABF40AF2DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{6185EA95-4186-4F3F-BE15-53CE348066D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{68491107-308C-4F66-9F02-076A305ABFCA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{70EB202F-9B08-440F-A335-4F7A7AE170B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{76F86F72-EB6B-49CA-BBF3-5C5A95CA68DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{78C9FC06-995A-45EC-A967-98956CEF0FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{7DBD1F39-5874-490B-99D2-F3F3B09549C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{88DCB273-F9CD-419B-94F2-E685019A2FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{90FDD92C-8496-47A5-9E46-BC06E0D110CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{A1A7EF43-502A-4720-9448-EDD496860BBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
    "{A89D246B-8A4F-4E66-AE4B-D45EDB693323}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{ADF4E6D6-C0B1-4EC4-8CCA-9798ED0BF032}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{B0F26889-B784-4A5D-8D74-D5848AD319B6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{B153DC57-349A-4D13-B11A-42ABE78EBD8F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{BA582FA6-96BF-42FB-9582-DCC22F99ACC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{BE42EF48-EF65-4D72-B08F-92256035B83B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C3FF6D31-2BF0-42A3-A0E9-223B58AF2D40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{C75CA9C2-7B6C-4422-9E68-596B98F6B820}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
    "{C8CBFE82-EAAB-4E37-A63F-1BADC5C892E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{C9EB88CC-4484-430E-BEF2-D2994F79EDDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{D1D43FDC-7306-4A60-B04D-8C2C1097F6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{D32636C5-074C-43B1-AEC8-07C49CFCC4A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
    "{D346D51A-A361-4616-804E-0FD603B621C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |
    "{D65CDFEF-DB6B-4183-BD35-BCCC34DA56CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{E24EF638-DBAD-4681-9254-EBFA5410244B}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{E501132F-2588-4D34-ABAD-DABCF5719E77}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{E6C6B49F-FBD8-44FE-BD30-DEC34CA8BEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{F60D5492-EEFB-4420-A367-A4EC2E584DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |
    "{FB9805AA-002C-4358-BFB1-E04C4968449E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{FF808269-4E31-4586-BFAD-C6114ABE3756}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "TCP Query User{1EF8447C-53D9-4231-9F4E-E2105F3AB07A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{1F814492-5B35-4F4E-B18D-F37B4222AD18}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{4DF69C4D-2368-46FB-BCA5-9400968A121E}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
    "TCP Query User{5CC60946-9FF0-46BF-ADE6-5D3564E67986}C:\udk\udk-2011-09\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-09\binaries\win64\udk.exe |
    "TCP Query User{76BEBD8D-1217-44DD-A837-E45398D6769E}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "TCP Query User{93A46A8F-D857-428D-9BE2-37F958AA45C1}C:\users\zeke\downloads\mtgoiii_helper (1).exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper (1).exe |
    "TCP Query User{A6907680-40D4-4993-A8D5-A306E104A7D0}C:\udk\udk-2011-09\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-09\binaries\win32\udk.exe |
    "TCP Query User{B80212CF-9BBD-458A-9EBB-DCE79D064FE5}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "TCP Query User{B8938770-E0F9-479E-9CB6-FE087FE12AFD}C:\users\zeke\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\starcraft_2_na_en-us.exe |
    "TCP Query User{DDAB4DE7-D6B2-4FD6-9C2B-FE1C15FCA2B5}C:\users\zeke\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper.exe |
    "UDP Query User{3E241BBB-7925-4ED1-A0B6-C7F10B9428DB}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "UDP Query User{77C2000E-9B34-49CB-B8C5-4B0AA0F326A4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{7A6E2E16-8E41-4457-812B-C2D025E1ADA1}C:\users\zeke\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper.exe |
    "UDP Query User{80F4AFC6-D280-4A90-BC00-E5754734F310}C:\udk\udk-2011-09\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-09\binaries\win32\udk.exe |
    "UDP Query User{9123F22A-C634-4421-B7B6-10E5B60A1CF9}C:\users\zeke\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\starcraft_2_na_en-us.exe |
    "UDP Query User{93E24765-9A85-4B64-920D-F8AAE8C0E0EB}C:\udk\udk-2011-09\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-09\binaries\win64\udk.exe |
    "UDP Query User{9A649CB1-A982-4398-932B-CC04FC1093AD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "UDP Query User{E7390416-1BEE-4C59-9A07-BB74898B4D64}C:\users\zeke\downloads\mtgoiii_helper (1).exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper (1).exe |
    "UDP Query User{F7428FBB-FAAA-41DD-936D-A68FB70D4C1C}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
    "UDP Query User{F7478FC7-4B9E-4120-9282-034B85FC0420}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
    "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
    "NVIDIA Drivers" = NVIDIA Drivers
    "PCSI" = Prevx
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "UDK-07d0d7d7-ccc2-42ac-b653-5fd22df729ad" = Sanctum Demo
    "UDK-1fcfd887-3dea-4549-88fc-637ce191f6ec" = Unreal Development Kit: 2011-09
    "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 27
    "{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
    "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
    "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
    "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{C018B886-B05B-4B13-B750-AC5956465548}" = nFringe 1.1 (1.1.34.193)
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
    "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E616A5EE-B7F4-4807-800B-79EB4EB2182B}" = Direct Console 2.0
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1" = UnCodeX
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.22beta
    "AVCPhotoStudio_Wrapper" = myPhotoMovie (remove only)
    "BitZipper_is1" = BitZipper 2010
    "Cisco Connect" = Cisco Connect
    "ClubWPT" = ClubWPT
    "Cockatrice" = Cockatrice
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "DivX Setup.divx.com" = DivX Setup
    "E6AC23B5-9FFE-4CB9-8F68-46CB19197C29" = AmericasCardroom.net
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Peggle Deluxe" = Peggle Deluxe
    "Picasa2" = Picasa 2
    "PokerStars" = PokerStars
    "PokerStars.net" = PokerStars.net
    "PSPad editor_is1" = PSPad editor
    "RegZooka" = RegZooka
    "StarCraft II" = StarCraft II
    "StartNow Toolbar" = StartNow Toolbar
    "Steam App 31280" = Poker Night at the Inventory
    "Steam App 6860" = Hitman: Blood Money
    "Steam App 91900" = Post Apocalyptic Mayhem
    "SystemRequirementsLab" = System Requirements Lab
    "WinFtp Client_is1" = WinFtp Client 1.5
    "車輪の国、悠久の少年少女_is1" = 車輪の国、悠久の少年少女

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I just noticed that you didn't give me aswMBR log.
     
  13. zekezagura

    zekezagura TS Rookie Topic Starter

    how do i post that when it is .dat form?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    MBR.dat is a copy of your MBR. It's not the log I need.
    Re-read my instruction and redo steps to create correct log
     
  15. zekezagura

    zekezagura TS Rookie Topic Starter

    Sorry about that

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-26 11:57:56
    -----------------------------
    11:57:56.103 OS Version: Windows x64 6.0.6002 Service Pack 2
    11:57:56.103 Number of processors: 2 586 0x1706
    11:57:56.104 ComputerName: ZEKE-PC UserName: Zeke
    11:57:59.373 Initialize success
    11:58:54.321 AVAST engine defs: 11112600
    11:59:03.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:59:03.743 Disk 0 Vendor: ST932042 SD14 Size: 305245MB BusType: 3
    11:59:03.759 Disk 0 MBR read successfully
    11:59:03.761 Disk 0 MBR scan
    11:59:03.764 Disk 0 MBR:Alureon-I [Rtk]
    11:59:03.767 Disk 0 TDL4@MBR code has been found
    11:59:03.769 Disk 0 MBR hidden
    11:59:03.773 Disk 0 MBR [TDL4] **ROOTKIT**
    11:59:03.775 Disk 0 trace - called modules:
    11:59:03.782 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006dc2254]<<
    11:59:03.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f6f790]
    11:59:03.787 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa80040d4040]
    11:59:03.790 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aae050]
    11:59:03.795 \Driver\iaStor[0xfffffa80040ce9b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006dc2254
    11:59:05.859 AVAST engine scan C:\Windows
    11:59:13.765 AVAST engine scan C:\Windows\system32
    12:02:01.474 AVAST engine scan C:\Windows\system32\drivers
    12:02:32.040 AVAST engine scan C:\Users\Zeke
    12:14:19.032 AVAST engine scan C:\ProgramData
    12:18:34.900 Scan finished successfully
    12:20:00.815 Disk 0 MBR has been saved successfully to "C:\Users\Zeke\Desktop\MBR.dat"
    12:20:00.820 The log file has been saved successfully to "C:\Users\Zeke\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-27 01:48:13
    -----------------------------
    01:48:13.157 OS Version: Windows x64 6.0.6002 Service Pack 2
    01:48:13.157 Number of processors: 2 586 0x1706
    01:48:13.158 ComputerName: ZEKE-PC UserName: Zeke
    01:48:22.531 Initialize success
    01:49:27.170 AVAST engine defs: 11112601
    01:52:35.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    01:52:35.192 Disk 0 Vendor: ST932042 SD14 Size: 305245MB BusType: 3
    01:52:35.231 Disk 0 MBR read successfully
    01:52:35.234 Disk 0 MBR scan
    01:52:35.237 Disk 0 MBR:Alureon-I [Rtk]
    01:52:35.240 Disk 0 TDL4@MBR code has been found
    01:52:35.242 Disk 0 MBR hidden
    01:52:35.245 Disk 0 MBR [TDL4] **ROOTKIT**
    01:52:35.248 Disk 0 trace - called modules:
    01:52:35.257 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006d87254]<<
    01:52:35.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f79790]
    01:52:35.264 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80040d5bf0]
    01:52:35.267 5 acpi.sys[fffffa60008fdfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a75050]
    01:52:35.302 \Driver\iaStor[0xfffffa80040c99b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006d87254
    01:52:43.762 AVAST engine scan C:\Windows
    01:53:12.787 AVAST engine scan C:\Windows\system32
    01:56:21.704 AVAST engine scan C:\Windows\system32\drivers
    01:57:11.853 AVAST engine scan C:\Users\Zeke
    02:09:31.336 AVAST engine scan C:\ProgramData
    02:14:19.864 Scan finished successfully
    02:20:20.133 Disk 0 MBR has been saved successfully to "C:\Users\Zeke\Desktop\MBR.dat"
    02:20:20.167 The log file has been saved successfully to "C:\Users\Zeke\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. zekezagura

    zekezagura TS Rookie Topic Starter

    tds

    No infections were found here is the log

    12:05:50.0085 2316 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    12:05:51.0603 2316 ============================================================
    12:05:51.0603 2316 Current date / time: 2011/11/27 12:05:51.0603
    12:05:51.0603 2316 SystemInfo:
    12:05:51.0603 2316
    12:05:51.0603 2316 OS Version: 6.0.6002 ServicePack: 2.0
    12:05:51.0603 2316 Product type: Workstation
    12:05:51.0604 2316 ComputerName: ZEKE-PC
    12:05:51.0604 2316 UserName: Zeke
    12:05:51.0604 2316 Windows directory: C:\Windows
    12:05:51.0604 2316 System windows directory: C:\Windows
    12:05:51.0604 2316 Running under WOW64
    12:05:51.0604 2316 Processor architecture: Intel x64
    12:05:51.0604 2316 Number of processors: 2
    12:05:51.0604 2316 Page size: 0x1000
    12:05:51.0604 2316 Boot type: Normal boot
    12:05:51.0604 2316 ============================================================
    12:05:52.0290 2316 Initialize success
    12:05:53.0729 4684 ============================================================
    12:05:53.0729 4684 Scan started
    12:05:53.0729 4684 Mode: Manual;
    12:05:53.0729 4684 ============================================================
    12:05:56.0930 4684 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    12:05:56.0946 4684 ACPI - ok
    12:05:57.0052 4684 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    12:05:57.0059 4684 adp94xx - ok
    12:05:57.0104 4684 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    12:05:57.0110 4684 adpahci - ok
    12:05:57.0138 4684 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    12:05:57.0143 4684 adpu160m - ok
    12:05:57.0179 4684 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    12:05:57.0183 4684 adpu320 - ok
    12:05:57.0263 4684 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
    12:05:57.0298 4684 AFD - ok
    12:05:57.0344 4684 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    12:05:57.0348 4684 agp440 - ok
    12:05:57.0409 4684 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    12:05:57.0414 4684 aic78xx - ok
    12:05:57.0456 4684 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    12:05:57.0458 4684 aliide - ok
    12:05:57.0471 4684 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    12:05:57.0474 4684 amdide - ok
    12:05:57.0502 4684 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    12:05:57.0505 4684 AmdK8 - ok
    12:05:57.0569 4684 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    12:05:57.0573 4684 arc - ok
    12:05:57.0614 4684 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    12:05:57.0617 4684 arcsas - ok
    12:05:57.0653 4684 AsDsm (7c00a16745957b42ae47b8a47e33a2c3) C:\Windows\system32\drivers\AsDsm.sys
    12:05:57.0655 4684 AsDsm - ok
    12:05:57.0699 4684 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
    12:05:57.0700 4684 ASMMAP64 - ok
    12:05:57.0794 4684 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:05:57.0799 4684 AsyncMac - ok
    12:05:57.0855 4684 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    12:05:57.0857 4684 atapi - ok
    12:05:57.0907 4684 Beep - ok
    12:05:58.0017 4684 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    12:05:58.0020 4684 blbdrive - ok
    12:05:58.0092 4684 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    12:05:58.0097 4684 bowser - ok
    12:05:58.0115 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    12:05:58.0118 4684 BrFiltLo - ok
    12:05:58.0134 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    12:05:58.0137 4684 BrFiltUp - ok
    12:05:58.0165 4684 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    12:05:58.0168 4684 Brserid - ok
    12:05:58.0207 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    12:05:58.0211 4684 BrSerWdm - ok
    12:05:58.0234 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    12:05:58.0236 4684 BrUsbMdm - ok
    12:05:58.0252 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    12:05:58.0255 4684 BrUsbSer - ok
    12:05:58.0269 4684 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    12:05:58.0272 4684 BTHMODEM - ok
    12:05:58.0391 4684 catchme - ok
    12:05:58.0418 4684 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    12:05:58.0422 4684 cdfs - ok
    12:05:58.0536 4684 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    12:05:58.0541 4684 cdrom - ok
    12:05:58.0614 4684 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
    12:05:58.0617 4684 circlass - ok
    12:05:58.0691 4684 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    12:05:58.0706 4684 CLFS - ok
    12:05:58.0771 4684 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:05:58.0777 4684 CmBatt - ok
    12:05:58.0809 4684 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    12:05:58.0812 4684 cmdide - ok
    12:05:58.0844 4684 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    12:05:58.0846 4684 Compbatt - ok
    12:05:58.0884 4684 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    12:05:58.0886 4684 crcdisk - ok
    12:05:58.0983 4684 dfg - ok
    12:05:59.0016 4684 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    12:05:59.0019 4684 DfsC - ok
    12:05:59.0084 4684 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    12:05:59.0087 4684 disk - ok
    12:05:59.0133 4684 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
    12:05:59.0138 4684 Dot4 - ok
    12:05:59.0177 4684 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    12:05:59.0181 4684 Dot4Print - ok
    12:05:59.0217 4684 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
    12:05:59.0221 4684 dot4usb - ok
    12:05:59.0308 4684 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    12:05:59.0311 4684 drmkaud - ok
    12:05:59.0347 4684 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    12:05:59.0350 4684 dtsoftbus01 - ok
    12:05:59.0421 4684 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    12:05:59.0428 4684 DXGKrnl - ok
    12:05:59.0481 4684 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    12:05:59.0485 4684 E1G60 - ok
    12:05:59.0592 4684 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    12:05:59.0598 4684 Ecache - ok
    12:05:59.0638 4684 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    12:05:59.0645 4684 elxstor - ok
    12:05:59.0693 4684 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    12:05:59.0697 4684 ErrDev - ok
    12:05:59.0784 4684 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    12:05:59.0789 4684 exfat - ok
    12:05:59.0818 4684 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    12:05:59.0860 4684 fastfat - ok
    12:05:59.0894 4684 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    12:05:59.0898 4684 fdc - ok
    12:05:59.0913 4684 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    12:05:59.0916 4684 FileInfo - ok
    12:05:59.0960 4684 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    12:05:59.0964 4684 Filetrace - ok
    12:05:59.0990 4684 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:05:59.0993 4684 flpydisk - ok
    12:06:00.0036 4684 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    12:06:00.0069 4684 FltMgr - ok
    12:06:00.0152 4684 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    12:06:00.0157 4684 Fs_Rec - ok
    12:06:00.0240 4684 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    12:06:00.0244 4684 gagp30kx - ok
    12:06:00.0304 4684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:06:00.0307 4684 GEARAspiWDM - ok
    12:06:00.0500 4684 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    12:06:00.0500 4684 ghaio - ok
    12:06:00.0580 4684 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    12:06:00.0586 4684 HdAudAddService - ok
    12:06:00.0740 4684 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:06:00.0783 4684 HDAudBus - ok
    12:06:00.0806 4684 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    12:06:00.0811 4684 HidBth - ok
    12:06:00.0833 4684 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
    12:06:00.0838 4684 HidIr - ok
    12:06:00.0895 4684 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    12:06:00.0899 4684 HidUsb - ok
    12:06:00.0944 4684 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    12:06:00.0948 4684 HpCISSs - ok
    12:06:01.0033 4684 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    12:06:01.0065 4684 HTTP - ok
    12:06:01.0090 4684 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    12:06:01.0100 4684 i2omp - ok
    12:06:01.0144 4684 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    12:06:01.0149 4684 i8042prt - ok
    12:06:01.0182 4684 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
    12:06:01.0186 4684 iaStor - ok
    12:06:01.0246 4684 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    12:06:01.0273 4684 iaStorV - ok
    12:06:01.0300 4684 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    12:06:01.0304 4684 iirsp - ok
    12:06:01.0455 4684 IntcAzAudAddService (29c63bc0fbe776cde25c8293fb1e0f91) C:\Windows\system32\drivers\RTKVHD64.sys
    12:06:01.0469 4684 IntcAzAudAddService - ok
    12:06:01.0514 4684 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    12:06:01.0518 4684 intelide - ok
    12:06:01.0559 4684 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    12:06:01.0561 4684 intelppm - ok
    12:06:01.0609 4684 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:06:01.0614 4684 IpFilterDriver - ok
    12:06:01.0640 4684 IpInIp - ok
    12:06:01.0686 4684 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    12:06:01.0691 4684 IPMIDRV - ok
    12:06:01.0714 4684 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    12:06:01.0719 4684 IPNAT - ok
    12:06:01.0776 4684 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    12:06:01.0781 4684 IRENUM - ok
    12:06:01.0816 4684 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    12:06:01.0820 4684 isapnp - ok
    12:06:01.0878 4684 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    12:06:01.0883 4684 iScsiPrt - ok
    12:06:01.0903 4684 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    12:06:01.0906 4684 iteatapi - ok
    12:06:01.0976 4684 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
    12:06:01.0983 4684 itecir - ok
    12:06:02.0010 4684 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    12:06:02.0014 4684 iteraid - ok
    12:06:02.0035 4684 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    12:06:02.0037 4684 kbdclass - ok
    12:06:02.0084 4684 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    12:06:02.0087 4684 kbdhid - ok
    12:06:02.0165 4684 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
    12:06:02.0168 4684 kbfiltr - ok
    12:06:02.0400 4684 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
    12:06:02.0443 4684 KSecDD - ok
    12:06:02.0548 4684 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    12:06:02.0553 4684 ksthunk - ok
    12:06:02.0642 4684 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    12:06:02.0646 4684 lltdio - ok
    12:06:02.0694 4684 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    12:06:02.0701 4684 LSI_FC - ok
    12:06:02.0753 4684 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    12:06:02.0758 4684 LSI_SAS - ok
    12:06:02.0801 4684 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    12:06:02.0807 4684 LSI_SCSI - ok
    12:06:02.0848 4684 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    12:06:02.0854 4684 luafv - ok
    12:06:02.0901 4684 lullaby (5fbb81e1ba7d07301787a489962f4b9e) C:\Windows\system32\DRIVERS\lullaby.sys
    12:06:02.0904 4684 lullaby - ok
    12:06:02.0912 4684 MBAMProtector - ok
    12:06:02.0977 4684 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    12:06:02.0982 4684 megasas - ok
    12:06:03.0135 4684 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    12:06:03.0171 4684 MegaSR - ok
    12:06:03.0202 4684 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    12:06:03.0209 4684 Modem - ok
    12:06:03.0304 4684 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    12:06:03.0307 4684 monitor - ok
    12:06:03.0437 4684 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    12:06:03.0441 4684 mouclass - ok
    12:06:03.0527 4684 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    12:06:03.0535 4684 mouhid - ok
    12:06:03.0581 4684 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    12:06:03.0586 4684 MountMgr - ok
    12:06:03.0664 4684 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    12:06:03.0670 4684 mpio - ok
    12:06:03.0699 4684 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    12:06:03.0704 4684 mpsdrv - ok
    12:06:03.0766 4684 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    12:06:03.0771 4684 Mraid35x - ok
    12:06:03.0810 4684 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    12:06:03.0815 4684 MRxDAV - ok
    12:06:03.0850 4684 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:06:03.0855 4684 mrxsmb - ok
    12:06:03.0892 4684 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:06:03.0934 4684 mrxsmb10 - ok
    12:06:03.0956 4684 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:06:03.0960 4684 mrxsmb20 - ok
    12:06:04.0036 4684 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    12:06:04.0039 4684 msahci - ok
    12:06:04.0071 4684 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    12:06:04.0077 4684 msdsm - ok
    12:06:04.0095 4684 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    12:06:04.0101 4684 Msfs - ok
    12:06:04.0155 4684 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    12:06:04.0159 4684 msisadrv - ok
    12:06:04.0218 4684 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    12:06:04.0223 4684 MSKSSRV - ok
    12:06:04.0253 4684 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:06:04.0259 4684 MSPCLOCK - ok
    12:06:04.0287 4684 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    12:06:04.0294 4684 MSPQM - ok
    12:06:04.0407 4684 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    12:06:04.0449 4684 MsRPC - ok
    12:06:04.0470 4684 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    12:06:04.0474 4684 mssmbios - ok
    12:06:04.0557 4684 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    12:06:04.0563 4684 MSTEE - ok
    12:06:04.0625 4684 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
    12:06:04.0626 4684 MTsensor - ok
    12:06:04.0703 4684 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    12:06:04.0709 4684 Mup - ok
    12:06:04.0795 4684 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    12:06:04.0803 4684 NativeWifiP - ok
    12:06:05.0015 4684 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    12:06:05.0076 4684 NDIS - ok
    12:06:05.0134 4684 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:06:05.0139 4684 NdisTapi - ok
    12:06:05.0158 4684 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:06:05.0164 4684 Ndisuio - ok
    12:06:05.0230 4684 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:06:05.0269 4684 NdisWan - ok
    12:06:05.0288 4684 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    12:06:05.0294 4684 NDProxy - ok
    12:06:05.0359 4684 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    12:06:05.0365 4684 NetBIOS - ok
    12:06:05.0415 4684 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    12:06:05.0422 4684 netbt - ok
    12:06:05.0846 4684 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
    12:06:05.0958 4684 NETw5v64 - ok
    12:06:06.0010 4684 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    12:06:06.0016 4684 nfrd960 - ok
    12:06:06.0109 4684 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    12:06:06.0115 4684 Npfs - ok
    12:06:06.0145 4684 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    12:06:06.0151 4684 nsiproxy - ok
    12:06:06.0508 4684 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    12:06:06.0550 4684 Ntfs - ok
    12:06:06.0618 4684 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    12:06:06.0624 4684 Null - ok
    12:06:06.0744 4684 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
    12:06:06.0749 4684 NVHDA - ok
    12:06:08.0172 4684 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    12:06:08.0260 4684 nvlddmkm - ok
    12:06:08.0445 4684 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
    12:06:08.0449 4684 nvoclk64 - ok
    12:06:08.0537 4684 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    12:06:08.0543 4684 nvraid - ok
    12:06:08.0571 4684 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    12:06:08.0576 4684 nvstor - ok
    12:06:08.0643 4684 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    12:06:08.0649 4684 nv_agp - ok
    12:06:08.0659 4684 NwlnkFlt - ok
    12:06:08.0674 4684 NwlnkFwd - ok
    12:06:08.0773 4684 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    12:06:08.0778 4684 ohci1394 - ok
    12:06:08.0839 4684 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    12:06:08.0846 4684 Parport - ok
    12:06:08.0887 4684 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    12:06:08.0893 4684 partmgr - ok
    12:06:08.0936 4684 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    12:06:08.0942 4684 pci - ok
    12:06:08.0981 4684 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
    12:06:08.0985 4684 pciide - ok
    12:06:09.0019 4684 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    12:06:09.0072 4684 pcmcia - ok
    12:06:09.0278 4684 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    12:06:09.0341 4684 PEAUTH - ok
    12:06:09.0450 4684 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    12:06:09.0458 4684 PptpMiniport - ok
    12:06:09.0478 4684 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    12:06:09.0483 4684 Processor - ok
    12:06:09.0517 4684 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    12:06:09.0524 4684 PSched - ok
    12:06:09.0559 4684 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
    12:06:09.0563 4684 pxkbf - ok
    12:06:09.0620 4684 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
    12:06:09.0626 4684 pxrts - ok
    12:06:09.0643 4684 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
    12:06:09.0648 4684 pxscan - ok
    12:06:09.0777 4684 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    12:06:09.0807 4684 ql2300 - ok
    12:06:09.0871 4684 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    12:06:09.0879 4684 ql40xx - ok
    12:06:09.0911 4684 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    12:06:09.0916 4684 QWAVEdrv - ok
    12:06:09.0979 4684 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    12:06:09.0984 4684 RasAcd - ok
    12:06:10.0049 4684 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:06:10.0055 4684 Rasl2tp - ok
    12:06:10.0110 4684 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:06:10.0116 4684 RasPppoe - ok
    12:06:10.0143 4684 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    12:06:10.0149 4684 RasSstp - ok
    12:06:10.0187 4684 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    12:06:10.0214 4684 rdbss - ok
    12:06:10.0244 4684 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:06:10.0250 4684 RDPCDD - ok
    12:06:10.0273 4684 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    12:06:10.0319 4684 rdpdr - ok
    12:06:10.0338 4684 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    12:06:10.0344 4684 RDPENCDD - ok
    12:06:10.0378 4684 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    12:06:10.0415 4684 RDPWD - ok
    12:06:10.0492 4684 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
    12:06:10.0499 4684 rimmptsk - ok
    12:06:10.0518 4684 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
    12:06:10.0523 4684 rimsptsk - ok
    12:06:10.0541 4684 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    12:06:10.0546 4684 rismxdp - ok
    12:06:10.0592 4684 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
    12:06:10.0601 4684 RsFx0103 - ok
    12:06:10.0623 4684 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    12:06:10.0630 4684 rspndr - ok
    12:06:10.0703 4684 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
    12:06:10.0711 4684 RTL8169 - ok
    12:06:10.0742 4684 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    12:06:10.0751 4684 sbp2port - ok
    12:06:10.0822 4684 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
    12:06:10.0829 4684 sdbus - ok
    12:06:10.0875 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    12:06:10.0882 4684 secdrv - ok
    12:06:10.0926 4684 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    12:06:10.0932 4684 Serenum - ok
    12:06:10.0952 4684 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    12:06:10.0958 4684 Serial - ok
    12:06:10.0981 4684 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    12:06:10.0986 4684 sermouse - ok
    12:06:11.0013 4684 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    12:06:11.0020 4684 sffdisk - ok
    12:06:11.0036 4684 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    12:06:11.0042 4684 sffp_mmc - ok
    12:06:11.0063 4684 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    12:06:11.0069 4684 sffp_sd - ok
    12:06:11.0089 4684 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:06:11.0094 4684 sfloppy - ok
    12:06:11.0115 4684 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    12:06:11.0121 4684 SiSRaid2 - ok
    12:06:11.0140 4684 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    12:06:11.0148 4684 SiSRaid4 - ok
    12:06:11.0213 4684 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    12:06:11.0221 4684 Smb - ok
    12:06:11.0530 4684 SNP2UVC (0f8d8fe3a4ce42b11e9dfc1bd72756f6) C:\Windows\system32\DRIVERS\snp2uvc.sys
    12:06:11.0545 4684 SNP2UVC - ok
    12:06:11.0617 4684 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    12:06:11.0622 4684 spldr - ok
    12:06:11.0724 4684 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    12:06:11.0754 4684 srv - ok
    12:06:11.0796 4684 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    12:06:11.0822 4684 srv2 - ok
    12:06:11.0836 4684 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    12:06:11.0844 4684 srvnet - ok
    12:06:11.0935 4684 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    12:06:11.0940 4684 swenum - ok
    12:06:11.0974 4684 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    12:06:11.0983 4684 Symc8xx - ok
    12:06:12.0015 4684 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    12:06:12.0023 4684 Sym_hi - ok
    12:06:12.0033 4684 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    12:06:12.0040 4684 Sym_u3 - ok
    12:06:12.0064 4684 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
    12:06:12.0071 4684 SynTP - ok
    12:06:12.0255 4684 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
    12:06:12.0306 4684 Tcpip - ok
    12:06:12.0493 4684 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
    12:06:12.0506 4684 Tcpip6 - ok
    12:06:12.0610 4684 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    12:06:12.0618 4684 tcpipreg - ok
    12:06:12.0642 4684 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    12:06:12.0648 4684 TDPIPE - ok
    12:06:12.0715 4684 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    12:06:12.0722 4684 TDTCP - ok
    12:06:12.0762 4684 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    12:06:12.0770 4684 tdx - ok
    12:06:12.0826 4684 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    12:06:12.0832 4684 TermDD - ok
    12:06:12.0895 4684 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:06:12.0902 4684 tssecsrv - ok
    12:06:12.0945 4684 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    12:06:12.0952 4684 tunmp - ok
    12:06:12.0983 4684 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
    12:06:12.0989 4684 tunnel - ok
    12:06:13.0018 4684 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    12:06:13.0025 4684 uagp35 - ok
    12:06:13.0059 4684 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    12:06:13.0068 4684 udfs - ok
    12:06:13.0091 4684 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    12:06:13.0098 4684 uliagpkx - ok
    12:06:13.0125 4684 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    12:06:13.0153 4684 uliahci - ok
    12:06:13.0188 4684 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    12:06:13.0198 4684 UlSata - ok
    12:06:13.0227 4684 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    12:06:13.0234 4684 ulsata2 - ok
    12:06:13.0249 4684 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    12:06:13.0259 4684 umbus - ok
    12:06:13.0355 4684 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    12:06:13.0363 4684 USBAAPL64 - ok
    12:06:13.0397 4684 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
    12:06:13.0405 4684 usbaudio - ok
    12:06:13.0470 4684 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:06:13.0479 4684 usbccgp - ok
    12:06:13.0497 4684 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    12:06:13.0504 4684 usbcir - ok
    12:06:13.0539 4684 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    12:06:13.0547 4684 usbehci - ok
    12:06:13.0580 4684 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    12:06:13.0589 4684 usbhub - ok
    12:06:13.0613 4684 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    12:06:13.0619 4684 usbohci - ok
    12:06:13.0641 4684 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    12:06:13.0647 4684 usbprint - ok
    12:06:13.0673 4684 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:06:13.0683 4684 USBSTOR - ok
    12:06:13.0695 4684 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    12:06:13.0702 4684 usbuhci - ok
    12:06:13.0751 4684 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    12:06:13.0759 4684 usbvideo - ok
    12:06:13.0816 4684 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:06:13.0824 4684 vga - ok
    12:06:13.0879 4684 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    12:06:13.0886 4684 VgaSave - ok
    12:06:13.0906 4684 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    12:06:13.0916 4684 viaide - ok
    12:06:13.0951 4684 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    12:06:13.0960 4684 volmgr - ok
    12:06:13.0987 4684 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    12:06:14.0002 4684 volmgrx - ok
    12:06:14.0025 4684 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    12:06:14.0037 4684 volsnap - ok
    12:06:14.0070 4684 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    12:06:14.0077 4684 vsmraid - ok
    12:06:14.0105 4684 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    12:06:14.0113 4684 WacomPen - ok
    12:06:14.0166 4684 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    12:06:14.0175 4684 Wanarp - ok
    12:06:14.0181 4684 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    12:06:14.0188 4684 Wanarpv6 - ok
    12:06:14.0213 4684 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    12:06:14.0221 4684 Wd - ok
    12:06:14.0250 4684 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    12:06:14.0266 4684 Wdf01000 - ok
    12:06:14.0337 4684 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    12:06:14.0344 4684 WmiAcpi - ok
    12:06:14.0415 4684 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    12:06:14.0423 4684 WpdUsb - ok
    12:06:14.0450 4684 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    12:06:14.0459 4684 ws2ifsl - ok
    12:06:14.0561 4684 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:06:14.0570 4684 WUDFRd - ok
    12:06:14.0660 4684 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
    12:06:14.0700 4684 xnacc - ok
    12:06:14.0767 4684 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
    12:06:14.0786 4684 yukonx64 - ok
    12:06:14.0860 4684 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
    12:06:14.0880 4684 \Device\Harddisk0\DR0 - ok
    12:06:14.0884 4684 Boot (0x1200) (2d7ec30642f5622014057dcbc977028b) \Device\Harddisk0\DR0\Partition0
    12:06:14.0885 4684 \Device\Harddisk0\DR0\Partition0 - ok
    12:06:14.0887 4684 ============================================================
    12:06:14.0887 4684 Scan finished
    12:06:14.0887 4684 ============================================================
    12:06:14.0902 0320 Detected object count: 0
    12:06:14.0902 0320 Actual detected object count: 0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    We need to reset your MBR.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run aswMBR again and post its log.
     
  19. zekezagura

    zekezagura TS Rookie Topic Starter

    so i have a lot of school work and other things so it might take me a day or two to get a blank cd hopefully not too long though
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No problem :)
     
  21. zekezagura

    zekezagura TS Rookie Topic Starter

    Sorry for being so late

    Hey sorry for being so late with this post, finals and stuff, just so you know iexplore.exe is now not showing up in processes and my cpu has been fine. Thank you so much for helping me get over this annoying problem.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Very well but....we're not done.
    You don't want to leave your computer half clean.

     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...