Newcomer to this great forum who is anxious to remove malwares

Solved
By megaboy1
Mar 4, 2012
  1. Hi. I'm really glad to find this great forum.. looking around, there seems to be so many genius solutions by genius minds...
    I'd like to follow the 5 step malware removal process.. I hope this is how I do it here..

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.04.03

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    2nd_Window :: 2ND_WINDOW-PC [administrator]

    04/03/2012 11:12:41 AM
    mbam-log-2012-03-04 (11-12-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220689
    Time elapsed: 5 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
    HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\2nd_Window\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

    (end)
    ------------------------------------------
    ------------------------------------------


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-04 11:53:09
    Windows 6.1.7600 Harddisk2\DR2 -> \Device\0000006a Hitachi_ rev.ST6O
    Running: sinyzmwt.exe; Driver: C:\Users\2ND_WI~1\AppData\Local\Temp\kflyruog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9441F7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\tdx \Device\Ip AMonTDLH.sys
    Device \Driver\tdx \Device\Tcp AMonTDLH.sys
    Device \Driver\tdx \Device\Udp AMonTDLH.sys
    Device \Driver\tdx \Device\RawIp AMonTDLH.sys

    ---- EOF - GMER 1.0.15 ----


    ------------------------------------------
    ------------------------------------------


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by 2nd_Window at 12:09:05 on 2012-03-04
    Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.3071.1633 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\USADISK\WEBHARD_Agent.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\DeskPins\DeskPins.exe
    C:\Users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conhost.exe
    C:\Users\2ND_WI~1\AppData\Local\Temp\nsm2934.tmp\MBR.DAT
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\users\2nd_window\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    StartupFolder: c:\users\2nd_wi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
    StartupFolder: c:\users\2nd_wi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\2nd_window\appdata\roaming\dropbox\bin\Dropbox.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download with &Media Finder - c:\program files\media finder\hook.html
    Trusted Zone: samsungsetup.com\www
    DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
    DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/TouchEnkey3104_32k.cab
    DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab
    DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://fx.keb.co.kr/veraport/veraport.cab
    DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
    DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
    DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} - hxxp://www.usfolder.com/fs_prg/XFShowClient.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} - hxxp://www.sojufile.com/mmsv/SojuFileWebControl.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
    TCP: DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{6EDF2B0B-7768-4AF9-9C28-5F092761D327} : DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{DB807610-0C56-42BA-BAAE-892EEDD58842} : DhcpNameServer = 64.71.255.198
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\2nd_window\appdata\roaming\mozilla\firefox\profiles\jum4g5z1.default\
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_440\npaosmgr.dll
    FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npxecure.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npxwfile.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
    FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\2nd_window\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - 786e1f08000000000000485b3910853a
    FF - user.js: extensions.BabylonToolbar_i.hardId - 786e1f08000000000000485b3910853a
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15362
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:34:06
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AmonTDLh.sys [2011-9-27 90208]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-1-1 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-31 314456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-30 218688]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-31 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-2-18 44768]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-4 2253120]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2010-10-14 5120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-1-29 6321016]
    R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-1-29 470904]
    R2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files\usadisk\WEBHARD_Agent.exe [2011-6-13 155856]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-6-10 1394688]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2011-9-27 19616]
    S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-11-30 22480]
    S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-9-26 126048]
    S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2011-9-27 101368]
    S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2011-9-27 121536]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-24 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-03-03 00:26:11 -------- d-----w- c:\program files\ESET
    2012-02-13 21:30:19 -------- d-----w- c:\users\2nd_window\appdata\local\{2F71EB05-F19E-46E3-AF95-C42B4FE47C7F}
    2012-02-13 21:30:05 -------- d-----w- c:\users\2nd_window\appdata\local\{256A39E1-D2D5-4886-93AF-6ACC8FAAA04F}
    2012-02-13 05:49:26 -------- d-----w- c:\program files\DeskPins
    2012-02-10 21:14:43 -------- d-----w- c:\users\2nd_window\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-02-10 20:55:40 -------- d-----w- c:\program files\AutoHotkey
    2012-02-10 17:10:49 8 --sh--r- c:\programdata\53958F55BF.sys
    2012-02-10 17:10:49 2828 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-02-10 17:10:21 -------- d-----w- c:\program files\common files\Corel
    2012-02-10 17:10:11 -------- d-----w- c:\program files\common files\Protexis
    2012-02-10 17:10:10 -------- d-----w- c:\programdata\Corel
    2012-02-10 17:08:21 -------- d-----w- c:\program files\Corel
    2012-02-10 17:00:35 -------- d-----w- c:\programdata\Alias
    2012-02-10 16:56:21 -------- d-----w- C:\Autodesk
    2012-02-10 06:07:46 -------- d-----w- c:\users\2nd_window\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-02-10 06:07:46 -------- d-----w- c:\users\2nd_window\appdata\roaming\Adobe Mini Bridge CS5
    2012-02-05 18:48:43 53248 ----a-r- c:\users\2nd_window\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
    2012-02-05 18:48:13 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-02-05 18:46:32 -------- d-----w- c:\users\2nd_window\appdata\roaming\Logishrd
    2012-02-04 07:32:33 -------- d-----w- c:\program files\USADISK
    .
    ==================== Find3M ====================
    .
    2012-01-23 13:38:24 1479032 ----a-w- c:\windows\system32\Wintab32.dll
    2012-01-23 13:38:24 1453432 ----a-w- c:\windows\system32\WacomMT.dll
    2012-01-23 13:38:24 1428856 ----a-w- c:\windows\system32\Wacom_Tablet.dll
    2012-01-23 13:38:24 1422200 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 12:09:22.34 ===============





    ------------------------------------------
    ------------------------------------------



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22/12/2010 2:35:24 PM
    System Uptime: 04/03/2012 11:23:33 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5N-D
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 488 GiB total, 226.762 GiB free.
    D: is FIXED (NTFS) - 57 GiB total, 32.399 GiB free.
    E: is FIXED (NTFS) - 335 GiB total, 268.77 GiB free.
    F: is FIXED (NTFS) - 443 GiB total, 208.445 GiB free.
    G: is CDROM (CDFS)
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP93: 18/02/2012 12:45:27 AM - Scheduled Checkpoint
    RP94: 20/02/2012 5:06:03 PM - Installed Adobe Reader X (10.1.0).
    RP95: 28/02/2012 12:10:10 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Acrobat 9 Pro - English, Russian
    Adobe Acrobat 9.4.0 - CPSID_83708
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Community Help
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Professional CS5
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS5
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader X (10.1.2)
    Adobe Setup
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Æ÷Æ®¸®½º2 Forever
    AhnLab Online Security
    ALTools Update
    ALZip
    Apple Application Support
    Apple Software Update
    Autodesk DirectConnect 2009
    Autodesk SketchBookPro 2011
    AutoHotkey 1.0.48.05
    avast! Free Antivirus
    Bulk Rename Utility 2.7.1.2
    CCleaner
    ComicRack v0.9.146
    Content
    CoreAVC Professional Edition (remove only)
    Corel Painter 11
    Corel Painter 11 - ICA
    Corel Painter 11 - IPM
    Crimson Editor SVN286
    D3DX10
    DAEMON Tools Lite
    DeskPins (remove only)
    Dropbox
    DTS+AC3 Filter
    EasyBCD 2.1
    EPSON Scan
    eReg
    ESET Online Scanner v3
    FileZilla Client 3.3.5.1
    GOM Player
    GOMTV Plug-in
    Google Chrome
    Haali Media Splitter
    IconHandler 32 bit
    Java Auto Updater
    Java(TM) 6 Update 22
    K-Lite Mega Codec Pack 7.2.0
    Langauge
    Logitech SetPoint 6.32
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Malwarebytes Anti-Malware version 1.60.1.1000
    Maya 2009
    Maya 2009 Documentation (en_US)
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mini
    Mozilla Firefox 9.0.1 (x86 en-US)
    MPEG2 Codec(libmpeg2/mad)
    MSVCRT
    NetFolder
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA Graphics Driver 285.62
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OhCASTra
    OpenOffice.org 3.3
    PlayReady PC Runtime x86
    PS3 Media Server
    QuickTime
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Samsung ML-1865W Series
    SDM WebHard Program
    Simply Accounting by Sage 2006
    VeraPort (보안모듈관리 프로그램)
    VLC media player 1.1.9
    Wacom Tablet
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    XecureWeb Control
    ZBrush 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/02/2012 2:04:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServiceWacom service.
    03/03/2012 4:28:53 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  3. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Thanks for the quick help!!
    The below is the logs.
    (And just so you know I got this warning window for Bootkit Remover. )

    WARNING
    ATA_PASS_THROUGH_DIRECT is not supported by your disk controller.
    SCSI_PASS_THROUGH_DIRECT will be use for disk I/O



    ----------------------------------
    ----------------------------------



    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-04 16:23:18
    -----------------------------
    16:23:18.070 OS Version: Windows 6.1.7600
    16:23:18.070 Number of processors: 4 586 0xF0B
    16:23:18.072 ComputerName: 2ND_WINDOW-PC UserName: 2nd_Window
    16:23:25.159 Initialize success
    16:23:25.492 AVAST engine defs: 12030400
    16:23:34.627 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
    16:23:34.630 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
    16:23:34.633 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
    16:23:34.635 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
    16:23:34.639 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\0000006a
    16:23:34.642 Disk 2 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
    16:23:34.657 Disk 2 MBR read successfully
    16:23:34.661 Disk 2 MBR scan
    16:23:34.665 Disk 2 Windows XP default MBR code
    16:23:34.669 Disk 2 Partition 1 00 07 HPFS/NTFS NTFS 499999 MB offset 63
    16:23:34.674 Disk 2 Partition - 00 0F Extended LBA 453859 MB offset 1023999165
    16:23:34.698 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 453859 MB offset 1023999228
    16:23:34.704 Disk 2 scanning sectors +1953504000
    16:23:34.748 Disk 2 scanning C:\Windows\system32\drivers
    16:23:43.261 Service scanning
    16:24:01.113 Modules scanning
    16:24:09.391 Disk 2 trace - called modules:
    16:24:09.409 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
    16:24:09.414 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x864619f8]
    16:24:09.420 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x85410b50]
    16:24:09.426 5 ACPI.sys[8b0bc3b2] -> nt!IofCallDriver -> \Device\0000006a[0x85410c78]
    16:24:10.491 AVAST engine scan C:\Windows
    16:24:12.532 AVAST engine scan C:\Windows\system32
    16:25:44.442 AVAST engine scan C:\Windows\system32\drivers
    16:25:53.974 AVAST engine scan C:\Users\2nd_Window
    16:29:39.080 Disk 2 MBR has been saved successfully to "C:\Users\2nd_Window\Desktop\MBR.dat"
    16:29:39.093 The log file has been saved successfully to "C:\Users\2nd_Window\Desktop\aswMBR.txt"


    ------------------------------------------------
    -----------------------------------------------



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive2 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive2 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  4. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Here are the logs,,
    (I'm not sure if it is supposed to be this way, but ComboFix ran with reduced functionality because it expired - said so in pop up window before it ran)


    -----------------------------



    ComboFix 12-02-25.02 - 2nd_Window 04/03/2012 18:24:35.2.4 - x86 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.3071.2624 [GMT -5:00]
    Running from: c:\users\2nd_Window\Desktop\whynotworkingcombofx.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    Error: Cfiles.dat
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\UpdatusUser.2nd_Window-PC\AppData\Local\temp
    2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 00:26 . 2012-03-03 00:26 -------- d-----w- c:\program files\ESET
    2012-02-13 05:49 . 2012-02-13 05:49 -------- d-----w- c:\program files\DeskPins
    2012-02-10 21:14 . 2012-02-10 21:14 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-02-10 20:55 . 2012-02-10 20:55 -------- d-----w- c:\program files\AutoHotkey
    2012-02-10 17:10 . 2012-02-10 19:13 2828 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-02-10 17:10 . 2012-02-10 17:10 8 --sh--r- c:\programdata\53958F55BF.sys
    2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Corel
    2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\program files\Common Files\Corel
    2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\program files\Common Files\Protexis
    2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\programdata\Corel
    2012-02-10 17:08 . 2012-02-10 17:08 -------- d-----w- c:\program files\Corel
    2012-02-10 17:00 . 2012-02-10 17:01 -------- d-----w- c:\programdata\Alias
    2012-02-10 16:56 . 2012-02-10 16:56 -------- d-----w- C:\Autodesk
    2012-02-10 06:07 . 2012-02-10 06:07 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-02-10 06:07 . 2012-02-10 06:07 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Adobe Mini Bridge CS5
    2012-02-10 04:53 . 2012-02-10 04:53 -------- d-----w- c:\program files\Adobe Media Player
    2012-02-05 18:48 . 2012-02-05 18:48 53248 ----a-r- c:\users\2nd_Window\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-02-05 18:48 . 2012-02-05 18:48 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Leadertech
    2012-02-05 18:48 . 2012-02-05 18:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-02-05 18:47 . 2012-02-05 18:48 -------- d-----w- c:\programdata\Logishrd
    2012-02-05 18:47 . 2012-02-05 18:47 -------- d-----w- c:\program files\Logitech
    2012-02-05 18:47 . 2012-02-05 18:48 -------- d-----w- c:\program files\Common Files\Logishrd
    2012-02-05 18:46 . 2012-02-05 18:48 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Logitech
    2012-02-05 18:46 . 2012-02-05 18:46 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Logishrd
    2012-02-04 07:32 . 2012-03-04 22:48 -------- d-----w- c:\program files\USADISK
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-15 02:36 . 2011-12-26 02:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-02-15 02:35 . 2011-12-26 02:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2012-02-15 02:35 . 2011-12-04 00:52 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-02 02:47 . 2011-11-28 01:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-02-02 02:47 . 2011-11-28 01:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2012-02-02 02:47 . 2011-11-28 01:18 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-01-23 13:38 . 2012-01-29 05:21 1422200 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
    2012-01-23 13:38 . 2012-01-29 05:20 1479032 ----a-w- c:\windows\system32\Wintab32.dll
    2012-01-23 13:38 . 2012-01-29 05:20 1453432 ----a-w- c:\windows\system32\WacomMT.dll
    2012-01-23 13:38 . 2012-01-29 05:20 1428856 ----a-w- c:\windows\system32\Wacom_Tablet.dll
    2011-12-10 20:24 . 2011-03-19 17:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-11 05:27 . 2011-08-22 04:35 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-01-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-20 273544]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    .
    c:\users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
    Dropbox.lnk - c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2011-05-26 90208]
    R1 aswSnx;aswSnx; [x]
    R1 aswSP;aswSP; [x]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 5120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 6321016]
    R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 470904]
    R2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files\USADISK\WEBHARD_Agent.exe [2011-06-13 155856]
    R3 ALSysIO;ALSysIO;c:\users\2ND_WI~1\AppData\Local\Temp\ALSysIO.sys [x]
    R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [2009-07-21 19616]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
    R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
    R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-11-30 22480]
    R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-09-28 126048]
    R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 101368]
    R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 121536]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-24 1343400]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-30 218688]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
    - c:\users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:24]
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
    - c:\users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    Trusted Zone: samsungsetup.com\www
    TCP: DhcpNameServer = 64.71.255.198
    DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
    DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab
    DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
    DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://fx.keb.co.kr/veraport/veraport.cab
    DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
    DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
    DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} - hxxp://www.usfolder.com/fs_prg/XFShowClient.cab
    DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} - hxxp://www.sojufile.com/mmsv/SojuFileWebControl.CAB
    DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
    FF - ProfilePath - c:\users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - user.js: extensions.BabylonToolbar_i.id - 786e1f08000000000000485b3910853a
    FF - user.js: extensions.BabylonToolbar_i.hardId - 786e1f08000000000000485b3910853a
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15362
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:34
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    MSConfigStartUp-Bviholetun - c:\users\2nd_Window\AppData\Local\iasxtol.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2032)
    c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Completion time: 2012-03-04 18:28:21
    ComboFix-quarantined-files.txt 2012-03-04 23:28
    .
    Pre-Run: 247,900,254,208 bytes free
    Post-Run: 247,785,037,824 bytes free
    .
    - - End Of File - - 77318ADCC3B3E21980824353ACF0F8B0




    -------------------------------------
    -------------------------------------




    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 04/03/2012 at 17:53:41.
    Operating System: Windows 7 Ultimate


    Processes terminated by Rkill or while it was running:

    C:\Users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\taskeng.exe


    Rkill completed on 04/03/2012 at 17:53:45.
  6. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Delete your Combofix file, download fresh one and re-run it.
  7. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Strange.. when I run Combofix it says i need to disable Avast although i already disabled it. after okaying it warns 2nd time and says it will run anyway. Then it runs but it doesn't proceed after the line "However, scan ti for badly infected machines may easily double"
    It was like this earlier so i chose to go 2nd option with rkill. and i downloaded combofix from 2nd link at that time and it worked in safe mode, except combofix in reduced function.

    Now i downloaded the combofix fresh one from the first link... in safe mode with rkill,, it shows same result., doesnt proceed after "However, scan ti for badly infected machines may easily double"

    should i uninstall Avast?
  8. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    If your computer clock is progressing leave it alone.
  9. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    I ran overnight.. and it doesn't proceed after the line "However, scan for badly infected machines may easily double"
    The clock's ticking, but there is no activity in CPU & RAM usage.
    I will try different combination of Rkill files and ComboFix.. but I'm not confident...
  10. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    What are the current computer issues?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  11. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    I don't have serious issue as of now.. except for Babylon popping up whenever I create new tabs in Internet Explorer.
    I assumed this is malware.. It doesn't go away even after uninstalling..
    Plus I thought I may have many other hidden malewares since I'm not very good at computing..

    And here is the log.

    ------------------------------
    ------------------------------


    03:07:21.0851 5692 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
    03:07:22.0297 5692 ============================================================
    03:07:22.0297 5692 Current date / time: 2012/03/06 03:07:22.0297
    03:07:22.0297 5692 SystemInfo:
    03:07:22.0297 5692
    03:07:22.0297 5692 OS Version: 6.1.7600 ServicePack: 0.0
    03:07:22.0297 5692 Product type: Workstation
    03:07:22.0297 5692 ComputerName: 2ND_WINDOW-PC
    03:07:22.0297 5692 UserName: 2nd_Window
    03:07:22.0297 5692 Windows directory: C:\Windows
    03:07:22.0297 5692 System windows directory: C:\Windows
    03:07:22.0297 5692 Processor architecture: Intel x86
    03:07:22.0297 5692 Number of processors: 4
    03:07:22.0297 5692 Page size: 0x1000
    03:07:22.0297 5692 Boot type: Normal boot
    03:07:22.0297 5692 ============================================================
    03:07:23.0413 5692 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    03:07:23.0438 5692 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    03:07:23.0448 5692 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    03:07:23.0454 5692 Drive \Device\Harddisk3\DR3 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    03:07:23.0456 5692 \Device\Harddisk0\DR0:
    03:07:23.0463 5692 MBR used
    03:07:23.0463 5692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7289800
    03:07:23.0463 5692 \Device\Harddisk1\DR1:
    03:07:23.0471 5692 MBR used
    03:07:23.0471 5692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29EB3000
    03:07:23.0471 5692 \Device\Harddisk2\DR2:
    03:07:23.0471 5692 MBR used
    03:07:23.0471 5692 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D08FC7E
    03:07:23.0489 5692 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3D08FCFC, BlocksNum 0x37671E04
    03:07:23.0489 5692 \Device\Harddisk3\DR3:
    03:07:23.0490 5692 MBR used
    03:07:23.0490 5692 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
    03:07:23.0554 5692 Initialize success
    03:07:23.0554 5692 ============================================================
    03:07:25.0475 5664 ============================================================
    03:07:25.0475 5664 Scan started
    03:07:25.0475 5664 Mode: Manual;
    03:07:25.0475 5664 ============================================================
    03:07:26.0554 5664 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    03:07:26.0556 5664 1394ohci - ok
    03:07:26.0589 5664 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    03:07:26.0592 5664 ACPI - ok
    03:07:26.0619 5664 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    03:07:26.0620 5664 AcpiPmi - ok
    03:07:26.0747 5664 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    03:07:26.0753 5664 adp94xx - ok
    03:07:26.0777 5664 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    03:07:26.0781 5664 adpahci - ok
    03:07:26.0799 5664 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    03:07:26.0802 5664 adpu320 - ok
    03:07:26.0834 5664 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    03:07:26.0838 5664 AFD - ok
    03:07:26.0927 5664 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    03:07:26.0929 5664 agp440 - ok
    03:07:26.0955 5664 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    03:07:26.0957 5664 aic78xx - ok
    03:07:27.0002 5664 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    03:07:27.0003 5664 aliide - ok
    03:07:27.0080 5664 ALSysIO - ok
    03:07:27.0169 5664 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    03:07:27.0171 5664 amdagp - ok
    03:07:27.0185 5664 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    03:07:27.0187 5664 amdide - ok
    03:07:27.0210 5664 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    03:07:27.0211 5664 AmdK8 - ok
    03:07:27.0220 5664 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    03:07:27.0222 5664 AmdPPM - ok
    03:07:27.0264 5664 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    03:07:27.0266 5664 amdsata - ok
    03:07:27.0282 5664 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    03:07:27.0285 5664 amdsbs - ok
    03:07:27.0369 5664 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    03:07:27.0370 5664 amdxata - ok
    03:07:27.0432 5664 AMonTDLH (fec7a4e71710d4776f32f8700190b9eb) C:\Windows\system32\Drivers\AMonTDLH.sys
    03:07:27.0434 5664 AMonTDLH - ok
    03:07:27.0471 5664 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    03:07:27.0472 5664 AppID - ok
    03:07:27.0596 5664 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    03:07:27.0598 5664 arc - ok
    03:07:27.0626 5664 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    03:07:27.0628 5664 arcsas - ok
    03:07:27.0697 5664 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
    03:07:27.0699 5664 aswFsBlk - ok
    03:07:27.0795 5664 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
    03:07:27.0797 5664 aswMonFlt - ok
    03:07:27.0827 5664 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
    03:07:27.0829 5664 aswRdr - ok
    03:07:27.0866 5664 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
    03:07:27.0872 5664 aswSnx - ok
    03:07:27.0890 5664 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
    03:07:27.0894 5664 aswSP - ok
    03:07:27.0979 5664 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
    03:07:27.0981 5664 aswTdi - ok
    03:07:28.0030 5664 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    03:07:28.0031 5664 AsyncMac - ok
    03:07:28.0044 5664 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    03:07:28.0045 5664 atapi - ok
    03:07:28.0131 5664 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    03:07:28.0137 5664 b06bdrv - ok
    03:07:28.0191 5664 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    03:07:28.0194 5664 b57nd60x - ok
    03:07:28.0273 5664 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    03:07:28.0274 5664 Beep - ok
    03:07:28.0329 5664 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    03:07:28.0330 5664 blbdrive - ok
    03:07:28.0383 5664 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    03:07:28.0385 5664 bowser - ok
    03:07:28.0404 5664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    03:07:28.0405 5664 BrFiltLo - ok
    03:07:28.0424 5664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    03:07:28.0425 5664 BrFiltUp - ok
    03:07:28.0480 5664 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    03:07:28.0482 5664 BridgeMP - ok
    03:07:28.0552 5664 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    03:07:28.0569 5664 Brserid - ok
    03:07:28.0606 5664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    03:07:28.0608 5664 BrSerWdm - ok
    03:07:28.0646 5664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:07:28.0647 5664 BrUsbMdm - ok
    03:07:28.0684 5664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    03:07:28.0686 5664 BrUsbSer - ok
    03:07:28.0695 5664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    03:07:28.0697 5664 BTHMODEM - ok
    03:07:28.0763 5664 catchme - ok
    03:07:28.0828 5664 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    03:07:28.0830 5664 cdfs - ok
    03:07:28.0929 5664 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\Windows\system32\Drivers\CdmDrvNt.sys
    03:07:28.0946 5664 CdmDrvNt - ok
    03:07:29.0043 5664 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    03:07:29.0045 5664 cdrom - ok
    03:07:29.0088 5664 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    03:07:29.0089 5664 circlass - ok
    03:07:29.0126 5664 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    03:07:29.0130 5664 CLFS - ok
    03:07:29.0228 5664 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    03:07:29.0229 5664 CmBatt - ok
    03:07:29.0245 5664 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    03:07:29.0247 5664 cmdide - ok
    03:07:29.0271 5664 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    03:07:29.0276 5664 CNG - ok
    03:07:29.0289 5664 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    03:07:29.0291 5664 Compbatt - ok
    03:07:29.0308 5664 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    03:07:29.0310 5664 CompositeBus - ok
    03:07:29.0486 5664 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\Windows\system32\drivers\cpuz135_x32.sys
    03:07:29.0510 5664 cpuz135 - ok
    03:07:29.0546 5664 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    03:07:29.0547 5664 crcdisk - ok
    03:07:29.0577 5664 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    03:07:29.0581 5664 CSC - ok
    03:07:29.0613 5664 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    03:07:29.0615 5664 DfsC - ok
    03:07:29.0632 5664 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    03:07:29.0633 5664 discache - ok
    03:07:29.0731 5664 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    03:07:29.0733 5664 Disk - ok
    03:07:29.0805 5664 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    03:07:29.0807 5664 Dot4 - ok
    03:07:29.0854 5664 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    03:07:29.0856 5664 Dot4Print - ok
    03:07:29.0956 5664 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    03:07:29.0957 5664 dot4usb - ok
    03:07:30.0005 5664 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    03:07:30.0006 5664 drmkaud - ok
    03:07:30.0046 5664 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    03:07:30.0049 5664 dtsoftbus01 - ok
    03:07:30.0149 5664 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    03:07:30.0158 5664 DXGKrnl - ok
    03:07:30.0265 5664 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    03:07:30.0297 5664 ebdrv - ok
    03:07:30.0389 5664 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    03:07:30.0394 5664 elxstor - ok
    03:07:30.0427 5664 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    03:07:30.0428 5664 ErrDev - ok
    03:07:30.0466 5664 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    03:07:30.0469 5664 exfat - ok
    03:07:30.0498 5664 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    03:07:30.0500 5664 fastfat - ok
    03:07:30.0574 5664 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    03:07:30.0576 5664 fdc - ok
    03:07:30.0597 5664 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    03:07:30.0599 5664 FileInfo - ok
    03:07:30.0637 5664 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    03:07:30.0638 5664 Filetrace - ok
    03:07:30.0663 5664 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    03:07:30.0664 5664 flpydisk - ok
    03:07:30.0688 5664 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    03:07:30.0692 5664 FltMgr - ok
    03:07:30.0774 5664 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    03:07:30.0776 5664 FsDepends - ok
    03:07:30.0788 5664 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    03:07:30.0790 5664 Fs_Rec - ok
    03:07:30.0841 5664 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
    03:07:30.0844 5664 fvevol - ok
    03:07:30.0866 5664 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    03:07:30.0867 5664 gagp30kx - ok
    03:07:30.0968 5664 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
    03:07:30.0984 5664 HCW85BDA - ok
    03:07:31.0022 5664 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    03:07:31.0024 5664 hcw85cir - ok
    03:07:31.0075 5664 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    03:07:31.0079 5664 HdAudAddService - ok
    03:07:31.0149 5664 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    03:07:31.0151 5664 HDAudBus - ok
    03:07:31.0165 5664 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    03:07:31.0166 5664 HidBatt - ok
    03:07:31.0180 5664 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    03:07:31.0182 5664 HidBth - ok
    03:07:31.0223 5664 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    03:07:31.0224 5664 HidIr - ok
    03:07:31.0311 5664 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    03:07:31.0312 5664 HidUsb - ok
    03:07:31.0361 5664 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    03:07:31.0363 5664 HpSAMD - ok
    03:07:31.0409 5664 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    03:07:31.0415 5664 HTTP - ok
    03:07:31.0428 5664 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    03:07:31.0430 5664 hwpolicy - ok
    03:07:31.0510 5664 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    03:07:31.0512 5664 i8042prt - ok
    03:07:31.0573 5664 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    03:07:31.0578 5664 iaStorV - ok
    03:07:31.0635 5664 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    03:07:31.0636 5664 iirsp - ok
    03:07:31.0710 5664 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    03:07:31.0711 5664 intelide - ok
    03:07:31.0764 5664 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    03:07:31.0781 5664 intelppm - ok
    03:07:31.0821 5664 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:07:31.0823 5664 IpFilterDriver - ok
    03:07:31.0853 5664 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    03:07:31.0855 5664 IPMIDRV - ok
    03:07:31.0888 5664 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    03:07:31.0891 5664 IPNAT - ok
    03:07:31.0941 5664 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    03:07:31.0943 5664 IRENUM - ok
    03:07:31.0985 5664 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    03:07:31.0986 5664 isapnp - ok
    03:07:32.0022 5664 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    03:07:32.0025 5664 iScsiPrt - ok
    03:07:32.0068 5664 JRSKD24 - ok
    03:07:32.0124 5664 JRSUKD25 (139d9d538284ec721d759df7238b8850) C:\Windows\system32\JRSUKD25.SYS
    03:07:32.0128 5664 JRSUKD25 - ok
    03:07:32.0192 5664 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    03:07:32.0194 5664 kbdclass - ok
    03:07:32.0238 5664 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    03:07:32.0240 5664 kbdhid - ok
    03:07:32.0299 5664 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\Windows\system32\kcrtx86.sys
    03:07:32.0303 5664 kcrtx86 - ok
    03:07:32.0374 5664 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    03:07:32.0376 5664 KSecDD - ok
    03:07:32.0429 5664 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    03:07:32.0432 5664 KSecPkg - ok
    03:07:32.0538 5664 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    03:07:32.0541 5664 LHidFilt - ok
    03:07:32.0604 5664 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    03:07:32.0606 5664 lltdio - ok
    03:07:32.0631 5664 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    03:07:32.0633 5664 LMouFilt - ok
    03:07:32.0683 5664 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    03:07:32.0685 5664 LSI_FC - ok
    03:07:32.0714 5664 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    03:07:32.0748 5664 LSI_SAS - ok
    03:07:32.0804 5664 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    03:07:32.0805 5664 LSI_SAS2 - ok
    03:07:32.0825 5664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    03:07:32.0827 5664 LSI_SCSI - ok
    03:07:32.0875 5664 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    03:07:32.0877 5664 luafv - ok
    03:07:32.0913 5664 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\Windows\system32\Drivers\LUsbFilt.Sys
    03:07:32.0915 5664 LUsbFilt - ok
    03:07:32.0970 5664 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    03:07:32.0972 5664 megasas - ok
    03:07:33.0024 5664 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    03:07:33.0028 5664 MegaSR - ok
    03:07:33.0137 5664 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
    03:07:33.0140 5664 MfFWEnt - ok
    03:07:33.0149 5664 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
    03:07:33.0151 5664 MfIPSEnt - ok
    03:07:33.0252 5664 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    03:07:33.0254 5664 Modem - ok
    03:07:33.0293 5664 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    03:07:33.0294 5664 monitor - ok
    03:07:33.0315 5664 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    03:07:33.0317 5664 mouclass - ok
    03:07:33.0347 5664 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    03:07:33.0348 5664 mouhid - ok
    03:07:33.0523 5664 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    03:07:33.0525 5664 mountmgr - ok
    03:07:33.0648 5664 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    03:07:33.0651 5664 mpio - ok
    03:07:33.0668 5664 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    03:07:33.0669 5664 mpsdrv - ok
    03:07:33.0695 5664 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    03:07:33.0697 5664 MRxDAV - ok
    03:07:33.0753 5664 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:07:33.0755 5664 mrxsmb - ok
    03:07:33.0815 5664 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:07:33.0818 5664 mrxsmb10 - ok
    03:07:33.0859 5664 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:07:33.0861 5664 mrxsmb20 - ok
    03:07:33.0905 5664 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    03:07:33.0907 5664 msahci - ok
    03:07:33.0924 5664 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    03:07:33.0926 5664 msdsm - ok
    03:07:33.0996 5664 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    03:07:33.0997 5664 Msfs - ok
    03:07:34.0039 5664 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    03:07:34.0040 5664 mshidkmdf - ok
    03:07:34.0049 5664 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    03:07:34.0051 5664 msisadrv - ok
    03:07:34.0108 5664 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    03:07:34.0109 5664 MSKSSRV - ok
    03:07:34.0124 5664 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    03:07:34.0125 5664 MSPCLOCK - ok
    03:07:34.0177 5664 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    03:07:34.0178 5664 MSPQM - ok
    03:07:34.0192 5664 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    03:07:34.0195 5664 MsRPC - ok
    03:07:34.0228 5664 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    03:07:34.0229 5664 mssmbios - ok
    03:07:34.0280 5664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    03:07:34.0281 5664 MSTEE - ok
    03:07:34.0302 5664 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    03:07:34.0304 5664 MTConfig - ok
    03:07:34.0389 5664 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    03:07:34.0390 5664 MTsensor - ok
    03:07:34.0418 5664 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    03:07:34.0420 5664 Mup - ok
    03:07:34.0467 5664 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    03:07:34.0471 5664 NativeWifiP - ok
    03:07:34.0538 5664 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    03:07:34.0546 5664 NDIS - ok
    03:07:34.0587 5664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    03:07:34.0589 5664 NdisCap - ok
    03:07:34.0610 5664 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    03:07:34.0612 5664 NdisTapi - ok
    03:07:34.0626 5664 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    03:07:34.0628 5664 Ndisuio - ok
    03:07:34.0686 5664 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    03:07:34.0688 5664 NdisWan - ok
    03:07:34.0716 5664 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    03:07:34.0718 5664 NDProxy - ok
    03:07:34.0766 5664 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    03:07:34.0768 5664 NetBIOS - ok
    03:07:34.0786 5664 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    03:07:34.0789 5664 NetBT - ok
    03:07:34.0882 5664 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    03:07:34.0884 5664 nfrd960 - ok
    03:07:34.0930 5664 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    03:07:34.0931 5664 Npfs - ok
    03:07:34.0954 5664 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    03:07:34.0955 5664 nsiproxy - ok
    03:07:34.0992 5664 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    03:07:35.0006 5664 Ntfs - ok
    03:07:35.0054 5664 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    03:07:35.0056 5664 Null - ok
    03:07:35.0124 5664 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    03:07:35.0130 5664 NVENETFD - ok
    03:07:35.0325 5664 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:07:35.0480 5664 nvlddmkm - ok
    03:07:35.0588 5664 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    03:07:35.0590 5664 nvraid - ok
    03:07:35.0610 5664 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    03:07:35.0611 5664 nvstor - ok
    03:07:35.0657 5664 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    03:07:35.0659 5664 nv_agp - ok
    03:07:35.0679 5664 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    03:07:35.0681 5664 ohci1394 - ok
    03:07:35.0813 5664 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    03:07:35.0816 5664 Parport - ok
    03:07:35.0850 5664 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    03:07:35.0852 5664 partmgr - ok
    03:07:35.0863 5664 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    03:07:35.0865 5664 Parvdm - ok
    03:07:35.0887 5664 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    03:07:35.0890 5664 pci - ok
    03:07:35.0904 5664 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    03:07:35.0905 5664 pciide - ok
    03:07:35.0982 5664 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    03:07:35.0985 5664 pcmcia - ok
    03:07:36.0021 5664 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    03:07:36.0023 5664 pcw - ok
    03:07:36.0049 5664 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    03:07:36.0057 5664 PEAUTH - ok
    03:07:36.0147 5664 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    03:07:36.0149 5664 PptpMiniport - ok
    03:07:36.0184 5664 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    03:07:36.0186 5664 Processor - ok
    03:07:36.0236 5664 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    03:07:36.0238 5664 Psched - ok
    03:07:36.0314 5664 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    03:07:36.0330 5664 ql2300 - ok
    03:07:36.0367 5664 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    03:07:36.0369 5664 ql40xx - ok
    03:07:36.0402 5664 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    03:07:36.0404 5664 QWAVEdrv - ok
    03:07:36.0416 5664 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    03:07:36.0418 5664 RasAcd - ok
    03:07:36.0469 5664 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:07:36.0471 5664 RasAgileVpn - ok
    03:07:36.0488 5664 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:07:36.0490 5664 Rasl2tp - ok
    03:07:36.0516 5664 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    03:07:36.0517 5664 RasPppoe - ok
    03:07:36.0552 5664 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    03:07:36.0554 5664 RasSstp - ok
    03:07:36.0591 5664 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    03:07:36.0595 5664 rdbss - ok
    03:07:36.0631 5664 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    03:07:36.0632 5664 rdpbus - ok
    03:07:36.0650 5664 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:07:36.0653 5664 RDPCDD - ok
    03:07:36.0683 5664 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    03:07:36.0686 5664 RDPDR - ok
    03:07:36.0770 5664 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    03:07:36.0771 5664 RDPENCDD - ok
    03:07:36.0812 5664 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    03:07:36.0814 5664 RDPREFMP - ok
    03:07:36.0851 5664 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    03:07:36.0854 5664 RDPWD - ok
    03:07:36.0903 5664 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    03:07:36.0906 5664 rdyboost - ok
    03:07:36.0944 5664 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    03:07:36.0946 5664 rspndr - ok
    03:07:37.0030 5664 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys
    03:07:37.0035 5664 RTL8187B - ok
    03:07:37.0050 5664 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    03:07:37.0052 5664 s3cap - ok
    03:07:37.0198 5664 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\Sandra.sys
    03:07:37.0199 5664 SANDRA - ok
    03:07:37.0269 5664 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    03:07:37.0271 5664 sbp2port - ok
    03:07:37.0328 5664 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    03:07:37.0330 5664 scfilter - ok
    03:07:37.0363 5664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    03:07:37.0365 5664 secdrv - ok
    03:07:37.0402 5664 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    03:07:37.0403 5664 Serenum - ok
    03:07:37.0460 5664 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    03:07:37.0462 5664 Serial - ok
    03:07:37.0523 5664 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    03:07:37.0524 5664 sermouse - ok
    03:07:37.0552 5664 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    03:07:37.0554 5664 sffdisk - ok
    03:07:37.0569 5664 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    03:07:37.0570 5664 sffp_mmc - ok
    03:07:37.0601 5664 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    03:07:37.0603 5664 sffp_sd - ok
    03:07:37.0619 5664 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    03:07:37.0621 5664 sfloppy - ok
    03:07:37.0692 5664 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    03:07:37.0694 5664 sisagp - ok
    03:07:37.0767 5664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    03:07:37.0768 5664 SiSRaid2 - ok
    03:07:37.0788 5664 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    03:07:37.0790 5664 SiSRaid4 - ok
    03:07:37.0805 5664 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    03:07:37.0807 5664 Smb - ok
    03:07:37.0885 5664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    03:07:37.0886 5664 spldr - ok
    03:07:37.0961 5664 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    03:07:37.0965 5664 srv - ok
    03:07:37.0983 5664 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    03:07:37.0988 5664 srv2 - ok
    03:07:38.0010 5664 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    03:07:38.0013 5664 srvnet - ok
    03:07:38.0139 5664 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    03:07:38.0140 5664 SSPORT - ok
    03:07:38.0169 5664 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    03:07:38.0170 5664 stexstor - ok
    03:07:38.0200 5664 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    03:07:38.0202 5664 storflt - ok
    03:07:38.0219 5664 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    03:07:38.0221 5664 storvsc - ok
    03:07:38.0285 5664 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    03:07:38.0286 5664 swenum - ok
    03:07:38.0398 5664 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    03:07:38.0400 5664 taphss - ok
    03:07:38.0527 5664 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    03:07:38.0543 5664 Tcpip - ok
    03:07:38.0576 5664 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    03:07:38.0585 5664 TCPIP6 - ok
    03:07:38.0621 5664 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    03:07:38.0622 5664 tcpipreg - ok
    03:07:38.0654 5664 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    03:07:38.0656 5664 TDPIPE - ok
    03:07:38.0674 5664 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    03:07:38.0675 5664 TDTCP - ok
    03:07:38.0803 5664 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    03:07:38.0805 5664 tdx - ok
    03:07:38.0843 5664 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    03:07:38.0845 5664 TermDD - ok
    03:07:38.0895 5664 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:07:38.0896 5664 tssecsrv - ok
    03:07:38.0947 5664 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    03:07:38.0949 5664 tunnel - ok
    03:07:38.0992 5664 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    03:07:38.0994 5664 uagp35 - ok
    03:07:39.0064 5664 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    03:07:39.0068 5664 udfs - ok
    03:07:39.0101 5664 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    03:07:39.0103 5664 uliagpkx - ok
    03:07:39.0154 5664 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    03:07:39.0156 5664 umbus - ok
    03:07:39.0199 5664 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    03:07:39.0201 5664 UmPass - ok
    03:07:39.0268 5664 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    03:07:39.0271 5664 usbccgp - ok
    03:07:39.0312 5664 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    03:07:39.0314 5664 usbcir - ok
    03:07:39.0371 5664 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    03:07:39.0373 5664 usbehci - ok
    03:07:39.0421 5664 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    03:07:39.0425 5664 usbhub - ok
    03:07:39.0448 5664 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    03:07:39.0450 5664 usbohci - ok
    03:07:39.0499 5664 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    03:07:39.0501 5664 usbprint - ok
    03:07:39.0549 5664 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    03:07:39.0552 5664 usbscan - ok
    03:07:39.0575 5664 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:07:39.0576 5664 USBSTOR - ok
    03:07:39.0612 5664 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    03:07:39.0614 5664 usbuhci - ok
    03:07:39.0704 5664 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    03:07:39.0705 5664 vdrvroot - ok
    03:07:39.0743 5664 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    03:07:39.0745 5664 vga - ok
    03:07:39.0789 5664 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    03:07:39.0791 5664 VgaSave - ok
    03:07:39.0810 5664 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    03:07:39.0813 5664 vhdmp - ok
    03:07:39.0876 5664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    03:07:39.0878 5664 viaagp - ok
    03:07:39.0897 5664 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    03:07:39.0899 5664 ViaC7 - ok
    03:07:39.0927 5664 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    03:07:39.0929 5664 viaide - ok
    03:07:39.0972 5664 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    03:07:39.0975 5664 vmbus - ok
    03:07:40.0002 5664 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    03:07:40.0004 5664 VMBusHID - ok
    03:07:40.0024 5664 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    03:07:40.0026 5664 volmgr - ok
    03:07:40.0046 5664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    03:07:40.0051 5664 volmgrx - ok
    03:07:40.0100 5664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    03:07:40.0104 5664 volsnap - ok
    03:07:40.0176 5664 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    03:07:40.0179 5664 vsmraid - ok
    03:07:40.0203 5664 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    03:07:40.0204 5664 vwifibus - ok
    03:07:40.0236 5664 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    03:07:40.0238 5664 wacommousefilter - ok
    03:07:40.0282 5664 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    03:07:40.0284 5664 WacomPen - ok
    03:07:40.0360 5664 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    03:07:40.0362 5664 wacomvhid - ok
    03:07:40.0398 5664 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    03:07:40.0400 5664 WANARP - ok
    03:07:40.0405 5664 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    03:07:40.0407 5664 Wanarpv6 - ok
    03:07:40.0473 5664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    03:07:40.0475 5664 Wd - ok
    03:07:40.0497 5664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    03:07:40.0502 5664 Wdf01000 - ok
    03:07:40.0583 5664 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    03:07:40.0584 5664 WfpLwf - ok
    03:07:40.0602 5664 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    03:07:40.0604 5664 WIMMount - ok
    03:07:40.0716 5664 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    03:07:40.0742 5664 WinUsb - ok
    03:07:40.0815 5664 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    03:07:40.0817 5664 WmiAcpi - ok
    03:07:40.0857 5664 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    03:07:40.0859 5664 ws2ifsl - ok
    03:07:40.0890 5664 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    03:07:40.0892 5664 WudfPf - ok
    03:07:40.0906 5664 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:07:40.0908 5664 WUDFRd - ok
    03:07:40.0937 5664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    03:07:40.0960 5664 \Device\Harddisk0\DR0 - ok
    03:07:40.0981 5664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    03:07:41.0006 5664 \Device\Harddisk1\DR1 - ok
    03:07:41.0020 5664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    03:07:41.0023 5664 \Device\Harddisk2\DR2 - ok
    03:07:41.0029 5664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
    03:07:41.0033 5664 \Device\Harddisk3\DR3 - ok
    03:07:41.0038 5664 Boot (0x1200) (60b4f17cab3aa2bb6b90d217b6996728) \Device\Harddisk0\DR0\Partition0
    03:07:41.0039 5664 \Device\Harddisk0\DR0\Partition0 - ok
    03:07:41.0056 5664 Boot (0x1200) (4be64327a8e0661588982428e4fb61ce) \Device\Harddisk1\DR1\Partition0
    03:07:41.0057 5664 \Device\Harddisk1\DR1\Partition0 - ok
    03:07:41.0061 5664 Boot (0x1200) (325c37512a99d9aa35ec347deab82d62) \Device\Harddisk2\DR2\Partition0
    03:07:41.0061 5664 \Device\Harddisk2\DR2\Partition0 - ok
    03:07:41.0078 5664 Boot (0x1200) (3a91685aa1cb3ec61b735c5f8af1d558) \Device\Harddisk2\DR2\Partition1
    03:07:41.0079 5664 \Device\Harddisk2\DR2\Partition1 - ok
    03:07:41.0083 5664 Boot (0x1200) (606b9cd197e8812b877456e29779cc04) \Device\Harddisk3\DR3\Partition0
    03:07:41.0084 5664 \Device\Harddisk3\DR3\Partition0 - ok
    03:07:41.0085 5664 ============================================================
    03:07:41.0085 5664 Scan finished
    03:07:41.0085 5664 ============================================================
    03:07:41.0093 5532 Detected object count: 0
    03:07:41.0093 5532 Actual detected object count: 0
     
  12. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    OTL logfile created on: 06/03/2012 4:46:22 PM - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\2nd_Window\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.37% Memory free
    6.00 Gb Paging File | 4.94 Gb Available in Paging File | 82.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 488.28 Gb Total Space | 229.24 Gb Free Space | 46.95% Space Free | Partition Type: NTFS
    Drive D: | 57.27 Gb Total Space | 32.26 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
    Drive E: | 335.35 Gb Total Space | 268.22 Gb Free Space | 79.98% Space Free | Partition Type: NTFS
    Drive F: | 443.22 Gb Total Space | 208.44 Gb Free Space | 47.03% Space Free | Partition Type: NTFS
    Drive G: | 244.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 7.45 Gb Total Space | 5.99 Gb Free Space | 80.42% Space Free | Partition Type: FAT32

    Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
    PRC - [2012/01/25 14:59:06 | 000,758,224 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
    PRC - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    PRC - [2012/01/23 08:38:24 | 003,591,544 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    PRC - [2012/01/23 08:38:24 | 001,609,080 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    PRC - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/02 11:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/10/07 04:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2011/09/27 14:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    PRC - [2011/07/20 17:55:55 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/06/13 04:05:28 | 000,155,856 | ---- | M] () -- C:\Program Files\USADISK\WEBHARD_Agent.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2004/05/02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/25 14:59:06 | 000,758,224 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
    MOD - [2012/01/23 08:38:24 | 000,963,448 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
    MOD - [2011/10/07 04:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
    MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
    MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
    MOD - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2010/11/21 09:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/06/13 04:05:28 | 000,155,856 | ---- | M] () [Auto | Running] -- C:\Program Files\USADISK\WEBHARD_Agent.exe -- (USADISK_AGENT)
    SRV - [2011/03/02 10:25:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/01/23 23:46:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/12/12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (JRSKD24)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
    DRV - [2011/11/30 01:18:42 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/11/14 10:29:44 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2011/11/14 10:29:42 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/09/27 20:05:04 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
    DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2011/07/26 12:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2011/05/26 11:23:00 | 000,090,208 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmonTDLh.sys -- (AMonTDLH)
    DRV - [2011/04/30 16:33:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2010/10/14 20:41:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
    DRV - [2010/06/28 02:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
    DRV - [2010/06/28 02:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
    DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)
    DRV - [2009/07/20 20:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 17:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV - [2009/07/13 17:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
    DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20120310,16969,0,8,0
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6D BD B0 9D C3 CC 01 [binary data]
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes,DefaultScope = {4569E15C-7C54-4B19-B059-D052E07268C4}
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{27091A39-DF8E-4CC3-B3D2-DA9625C2F1CE}: "URL" = http://ca.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120310,16967,0,8,0
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{4569E15C-7C54-4B19-B059-D052E07268C4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_440\npaosmgr.dll (AhnLab, Inc.)
    FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum)
    FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2nd_Window\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2nd_Window\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/15 20:39:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 00:27:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 17:07:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 00:27:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 17:07:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}: C:\Users\2nd_Window\AppData\Local\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}

    [2011/01/25 10:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Extensions
    [2012/03/05 11:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions
    [2012/03/05 11:53:45 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
    [2011/05/03 15:55:14 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    [2011/12/17 23:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/15 20:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}
    [2012/01/11 00:27:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/08 16:54:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/02/04 07:58:50 | 000,090,112 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxecure.dll
    [2010/02/04 07:58:48 | 000,073,728 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxwfile.dll
    [2012/01/11 00:26:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/11 00:26:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

    O1 HOSTS File: ([2011/03/02 10:41:16 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-206085528-472393337-1987398177-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
    O4 - Startup: C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O15 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
    O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank.com/com/installer/interezen/WRebw.cab (WRebw Module)
    O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/wooribank/TouchEnkey3104_32k.cab (Reg Error: Key error.)
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab (XecureWeb 4.0 Client Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} http://fx.keb.co.kr/veraport/veraport.cab (AXMObjectCtl Class)
    O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.kr/file/kcp_ansimclick.cab (V3D Client Control)
    O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://www.usadisk.com/mmsv/USAControl.CAB (USADISK File Share Control 5)
    O16 - DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} http://www.usfolder.com/fs_prg/XFShowClient.cab (AxFShowClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} http://www.sojufile.com/mmsv/SojuFileWebControl.CAB (SojufileShareShare Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab (KvpIspCtlD Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EDF2B0B-7768-4AF9-9C28-5F092761D327}: DhcpNameServer = 64.71.255.198
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB807610-0C56-42BA-BAAE-892EEDD58842}: DhcpNameServer = 64.71.255.198
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/02/10 11:56:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/12/10 13:20:46 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/06/12 23:09:50 | 000,000,613 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - I:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/06 16:44:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
    [2012/03/06 03:06:39 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
    [2012/03/05 14:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
    [2012/03/05 14:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2012/03/05 14:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
    [2012/03/05 14:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2012/03/05 14:56:40 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
    [2012/03/05 14:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2012/03/05 14:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2012/03/05 13:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2012/03/05 13:38:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2012/03/05 13:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
    [2012/03/05 13:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
    [2012/03/05 11:51:16 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\Evernote
    [2012/03/05 11:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2012/03/05 11:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
    [2012/03/04 20:42:10 | 000,000,000 | --SD | C] -- C:\CfMy
    [2012/03/04 18:42:30 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
    [2012/03/04 18:27:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/04 18:26:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/04 17:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/04 17:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/04 17:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/04 17:05:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/04 17:03:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/04 16:31:18 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\2nd_Window\Desktop\boot_cleaner.exe
    [2012/03/04 16:21:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
    [2012/03/04 11:54:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.scr
    [2012/03/04 11:10:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/03 00:02:33 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\Avartar
    [2012/03/02 21:09:22 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\희진 지식창고
    [2012/03/02 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\New Zealand
    [2012/03/02 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/03/02 19:23:45 | 002,322,184 | ---- | C] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
    [2012/02/18 20:05:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
    [2012/02/13 16:30:19 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\{2F71EB05-F19E-46E3-AF95-C42B4FE47C7F}
    [2012/02/13 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\{256A39E1-D2D5-4886-93AF-6ACC8FAAA04F}
    [2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins
    [2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins
    [2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\DeskPins
    [2012/02/10 16:14:43 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/10 15:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    [2012/02/10 15:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
    [2012/02/10 14:31:02 | 406,919,696 | ---- | C] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
    [2012/02/10 12:10:48 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Corel
    [2012/02/10 12:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
    [2012/02/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
    [2012/02/10 12:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
    [2012/02/10 12:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
    [2012/02/10 12:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
    [2012/02/10 11:56:21 | 000,000,000 | ---D | C] -- C:\Autodesk
    [2012/02/10 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/02/10 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Adobe Mini Bridge CS5
    [2012/02/09 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2012/02/09 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Documents\Updater
    [2012/02/07 11:21:16 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\[뉴에이지] 피아노 연주곡 400곡 모음
    [2012/02/07 02:55:34 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Documents\그림
    [2011/04/07 18:56:54 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\2nd_Window\AppData\Local\ixu.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
  14. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    ========== Files - Modified Within 30 Days ==========

    [2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
    [2012/03/06 16:30:58 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/06 16:30:58 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/06 16:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/06 16:26:19 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/06 14:10:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
    [2012/03/06 12:02:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 12:02:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 02:45:41 | 002,044,980 | ---- | M] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
    [2012/03/06 02:06:11 | 222,358,468 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/05 14:58:32 | 000,001,117 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Core Temp.lnk
    [2012/03/05 14:40:04 | 000,000,128 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.ldb
    [2012/03/05 13:38:35 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1.lnk
    [2012/03/05 11:52:07 | 000,001,113 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    [2012/03/05 11:45:57 | 000,000,890 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Evernote.lnk
    [2012/03/05 10:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
    [2012/03/04 22:10:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
    [2012/03/04 18:42:33 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
    [2012/03/04 17:50:59 | 001,008,141 | ---- | M] () -- C:\Users\2nd_Window\Desktop\rkill.com
    [2012/03/04 16:30:14 | 000,044,607 | ---- | M] () -- C:\Users\2nd_Window\Desktop\bootkit_remover.zip
    [2012/03/04 16:29:39 | 000,000,512 | ---- | M] () -- C:\Users\2nd_Window\Desktop\MBR.dat
    [2012/03/04 16:21:22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
    [2012/03/04 11:54:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.scr
    [2012/03/04 11:14:24 | 000,302,592 | ---- | M] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
    [2012/03/04 11:11:50 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/04 11:10:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/02 19:23:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
    [2012/02/28 11:34:15 | 000,437,034 | ---- | M] () -- C:\Users\2nd_Window\Desktop\weeknews_feb242012.pdf
    [2012/02/20 17:07:19 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/02/18 20:19:04 | 1568,896,766 | ---- | M] () -- C:\Users\2nd_Window\Desktop\I.love.you.2011.KOR.DVDRip.XViD-CiNE21i.avi
    [2012/02/18 20:04:32 | 026,089,336 | ---- | M] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
    [2012/02/18 18:41:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/02/13 00:49:26 | 000,001,017 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
    [2012/02/12 23:26:03 | 003,853,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/10 15:56:26 | 000,001,352 | ---- | M] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
    [2012/02/10 14:36:08 | 000,210,426 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Keymaker-CORE.zip
    [2012/02/10 14:36:07 | 406,919,696 | ---- | M] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
    [2012/02/10 14:13:08 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/02/10 12:57:26 | 001,918,852 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Income_For_Life_For_Canadians_eBook.pdf
    [2012/02/10 12:10:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\53958F55BF.sys
    [2012/02/10 12:00:37 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
    [2012/02/10 00:19:11 | 000,001,108 | ---- | M] () -- C:\Users\2nd_Window\Desktop\USÆú´õ.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/06 02:45:38 | 002,044,980 | ---- | C] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
    [2012/03/05 14:58:32 | 000,001,117 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Core Temp.lnk
    [2012/03/05 13:44:21 | 011,296,768 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.mdb
    [2012/03/05 13:44:21 | 000,000,128 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.ldb
    [2012/03/05 13:38:35 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1.lnk
    [2012/03/05 11:52:07 | 000,001,113 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    [2012/03/05 11:45:57 | 000,000,890 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Evernote.lnk
    [2012/03/04 17:50:51 | 001,008,141 | ---- | C] () -- C:\Users\2nd_Window\Desktop\rkill.com
    [2012/03/04 17:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/04 17:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/04 17:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/04 17:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/04 17:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/04 16:30:14 | 000,044,607 | ---- | C] () -- C:\Users\2nd_Window\Desktop\bootkit_remover.zip
    [2012/03/04 16:29:39 | 000,000,512 | ---- | C] () -- C:\Users\2nd_Window\Desktop\MBR.dat
    [2012/03/04 11:14:18 | 000,302,592 | ---- | C] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
    [2012/03/04 11:11:50 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/28 11:34:10 | 000,437,034 | ---- | C] () -- C:\Users\2nd_Window\Desktop\weeknews_feb242012.pdf
    [2012/02/20 17:07:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/02/20 17:07:19 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/02/18 20:04:08 | 026,089,336 | ---- | C] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
    [2012/02/18 19:56:49 | 1568,896,766 | ---- | C] () -- C:\Users\2nd_Window\Desktop\I.love.you.2011.KOR.DVDRip.XViD-CiNE21i.avi
    [2012/02/13 00:49:26 | 000,001,017 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
    [2012/02/10 15:56:26 | 000,001,352 | ---- | C] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
    [2012/02/10 14:36:07 | 000,210,426 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Keymaker-CORE.zip
    [2012/02/10 12:57:18 | 001,918,852 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Income_For_Life_For_Canadians_eBook.pdf
    [2012/02/10 12:10:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/02/10 12:10:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\53958F55BF.sys
    [2012/02/10 12:08:51 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
    [2012/02/10 12:00:37 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
    [2012/02/10 00:24:12 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
    [2012/02/09 23:53:54 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
    [2012/02/08 23:36:58 | 000,001,108 | ---- | C] () -- C:\Users\2nd_Window\Desktop\USÆú´õ.lnk
    [2012/01/18 19:18:20 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
    [2012/01/18 19:17:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp8ml3.dll
    [2012/01/16 21:00:48 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll
    [2011/11/02 19:29:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011/07/20 22:46:40 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011/07/20 22:46:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/07/20 22:46:36 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/07/20 22:46:36 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/07/20 22:46:36 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/07/05 16:49:38 | 000,000,686 | ---- | C] () -- C:\Windows\cedt.INI
    [2011/06/19 23:00:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
    [2011/05/19 11:01:24 | 001,266,880 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
    [2011/04/07 18:56:54 | 000,014,426 | -HS- | C] () -- C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
    [2011/04/07 18:56:54 | 000,000,948 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
    [2011/03/29 22:52:58 | 000,000,398 | ---- | C] () -- C:\Windows\miniMBC.INI
    [2011/03/07 22:41:06 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/03/07 22:40:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
    [2011/02/22 15:24:26 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
    [2011/02/15 22:54:42 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2011/01/18 11:56:27 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin

    ========== LOP Check ==========

    [2011/09/27 20:18:57 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\AhnLab
    [2012/02/10 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Autodesk
    [2012/01/23 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Babylon
    [2012/02/10 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/07/02 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Clunet
    [2011/10/29 23:54:29 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\cYo
    [2011/04/30 16:34:51 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\DAEMON Tools Lite
    [2012/03/05 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Dropbox
    [2011/01/18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\EPSON
    [2012/03/02 03:22:16 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\FileZilla
    [2012/01/25 00:56:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\gtk-2.0
    [2011/03/29 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\iMBC
    [2012/02/05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Leadertech
    [2011/04/28 21:31:26 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Lingoes
    [2012/01/28 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Media Finder
    [2011/03/08 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\OpenOffice.org
    [2012/02/02 11:23:04 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Samsung
    [2012/01/30 15:02:23 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Softarium.com
    [2012/02/10 01:07:46 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/12/22 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Toon Boom Animation
    [2012/02/02 11:22:25 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.2nd_Window-PC\AppData\Roaming\Samsung
    [2010/01/01 00:26:41 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/06 16:26:19 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/07 22:40:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/09/26 21:43:14 | 000,006,688 | ---- | M] () -- C:\keypro_log.txt
    [2011/03/07 22:40:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/06 16:26:37 | 3219,709,952 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/04 17:53:45 | 000,000,517 | ---- | M] () -- C:\rkill.log
    [2012/03/06 03:12:04 | 000,086,550 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_06.03.2012_03.07.21_log.txt
    [2012/01/23 13:34:08 | 000,000,237 | ---- | M] () -- C:\user.js
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/07/29 07:43:21 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\ssb6mpc.dll
    [2011/06/17 02:48:59 | 000,024,576 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\ssp8mpc.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/22 16:31:44 | 000,000,221 | -HS- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/04 16:21:22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
    [2012/02/03 14:24:05 | 002,047,357 | ---- | M] () -- C:\Users\2nd_Window\Desktop\AutoHotkey104805_Install.exe
    [2011/09/20 02:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\2nd_Window\Desktop\boot_cleaner.exe
    [2012/03/04 18:42:33 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
    [2012/02/10 14:36:07 | 406,919,696 | ---- | M] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
    [2012/03/02 19:23:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
    [2012/01/22 13:48:16 | 072,446,816 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Users\2nd_Window\Desktop\Evernote_4.5.2.5904.exe
    [2012/03/04 11:10:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/01/18 18:50:33 | 018,804,736 | ---- | M] () -- C:\Users\2nd_Window\Desktop\ML-1865W_PrintD.exe
    [2012/02/04 14:13:39 | 150,012,056 | ---- | M] () -- C:\Users\2nd_Window\Desktop\OOo_3.3.0_Win_x86_install-wJRE_ko.exe
    [2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
    [2012/02/05 11:50:46 | 002,414,672 | ---- | M] (Logitech Inc.) -- C:\Users\2nd_Window\Desktop\setpoint632_smart.exe
    [2012/03/04 11:14:24 | 000,302,592 | ---- | M] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
    [2012/03/05 10:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
    [2012/02/18 20:04:32 | 026,089,336 | ---- | M] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
    [2012/01/22 19:50:22 | 003,792,840 | ---- | M] () -- C:\Users\2nd_Window\Desktop\xw_install.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/04 22:10:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
    [2012/03/06 14:10:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
    [2012/03/06 16:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/01 00:26:41 | 000,032,592 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/12/04 20:30:45 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/12/04 20:30:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/08/21 23:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/08/21 23:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/12/04 20:30:45 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/01/24 14:12:19 | 000,000,402 | -HS- | M] () -- C:\Users\2nd_Window\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/10 12:10:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\53958F55BF.sys
    [2012/02/10 14:13:08 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/04/07 18:56:54 | 000,000,948 | -HS- | M] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956

    < End of report >
  15. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    OTL Extras logfile created on: 06/03/2012 4:46:22 PM - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\2nd_Window\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.37% Memory free
    6.00 Gb Paging File | 4.94 Gb Available in Paging File | 82.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 488.28 Gb Total Space | 229.24 Gb Free Space | 46.95% Space Free | Partition Type: NTFS
    Drive D: | 57.27 Gb Total Space | 32.26 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
    Drive E: | 335.35 Gb Total Space | 268.22 Gb Free Space | 79.98% Space Free | Partition Type: NTFS
    Drive F: | 443.22 Gb Total Space | 208.44 Gb Free Space | 47.03% Space Free | Partition Type: NTFS
    Drive G: | 244.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 7.45 Gb Total Space | 5.99 Gb Free Space | 80.42% Space Free | Partition Type: FAT32

    Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E56FBDB-28F6-49E5-829F-E42FE3616743}" = mini
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
    "{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
    "{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
    "{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
    "{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7288831E-1418-40E5-A70A-A55D0AA6657B}" = Simply Accounting by Sage 2006
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
    "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
    "{AC76BA86-1048-8780-7760-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708
    "{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B7F653CF-1BE5-4F40-BA4A-E3BBC6869116}" = Æ÷Æ®¸®½º2 Forever
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
    "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
    "{C7822DAD-D89C-4CC2-87F4-D28AA719905E}" = NetFolder
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B27584-72DD-4CED-A329-57C7F91586C0}" = Autodesk SketchBookPro 2011
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
    "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
    "AhnLab Online Security" = AhnLab Online Security
    "ALUpdate_is1" = ALTools Update
    "ALZip_is1" = ALZip
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "avast" = avast! Free Antivirus
    "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "ComicRack" = ComicRack v0.9.146
    "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
    "Crimson Editor SVN286" = Crimson Editor SVN286
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DeskPins" = DeskPins (remove only)
    "DtsFilter" = DTS+AC3 Filter
    "EasyBCD" = EasyBCD 2.1
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileZilla Client" = FileZilla Client 3.3.5.1
    "GOM Player" = GOM Player
    "GomTV Launcher Plugin" = GOMTV Plug-in
    "HaaliMkx" = Haali Media Splitter
    "InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PS3 Media Server" = PS3 Media Server
    "RealPlayer 12.0" = RealPlayer
    "Samsung ML-1865W Series" = Samsung ML-1865W Series
    "SDM WebHard" = SDM WebHard Program
    "sp6" = Logitech SetPoint 6.32
    "VeraPort" = VeraPort (보안모듈관리 프로그램)
    "VLC media player" = VLC media player 1.1.9
    "Wacom Tablet Driver" = Wacom Tablet
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WinLiveSuite" = Windows Live Essentials
    "XecureWeb Control" = XecureWeb Control

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "fec6edc179e1ea07" = OhCASTra
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/03/2012 3:42:01 AM | Computer Name = 2nd_Window-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
    time stamp: 0x4a5bdb23 Exception code: 0xc0000005 Fault offset: 0x0000af56 Faulting
    process id: 0x4a8 Faulting application start time: 0x01ccfb679f5058e0 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
    Report
    Id: dbcb4f50-675f-11e1-8eb2-485b3910853a

    Error - 06/03/2012 3:42:45 AM | Computer Name = 2nd_Window-PC | Source = Software Protection Platform Service | ID = 8193
    Description = License Activation Scheduler (sppuinotify.dll) failed with the following
    error code: 0x80070005

    Error - 06/03/2012 3:46:24 AM | Computer Name = 2nd_Window-PC | Source = Application Hang | ID = 1002
    Description = The program Storyboard.exe version 0.0.0.0 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 13e8 Start
    Time: 01ccfb67afd20e20 Termination Time: 96 Application Path: C:\Program Files\Toon
    Boom Animation\Storyboard Pro\nt\bin\Storyboard.exe Report Id: 7782e571-6760-11e1-8eb2-485b3910853a


    Error - 06/03/2012 4:38:20 AM | Computer Name = 2nd_Window-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Adobe\Adobe
    After Effects CS3\Support Files\restool.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.163"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/03/2012 4:40:45 AM | Computer Name = 2nd_Window-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\sisoftware\sisoftware
    sandra lite 2012.sp1\wnt500x64\RpcSandraSrv.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/03/2012 9:44:06 AM | Computer Name = 2nd_Window-PC | Source = Software Protection Platform Service | ID = 8193
    Description = License Activation Scheduler (sppuinotify.dll) failed with the following
    error code: 0x80070005

    Error - 06/03/2012 1:03:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 06/03/2012 3:06:15 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 06/03/2012 4:11:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 06/03/2012 5:26:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ Media Center Events ]
    Error - 30/01/2012 9:51:54 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 8:51:44 PM - Error connecting to the internet. 8:51:44 PM - Unable
    to contact server..

    Error - 01/02/2012 9:46:16 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 8:46:16 PM - Error connecting to the internet. 8:46:16 PM - Unable
    to contact server..

    Error - 01/02/2012 9:46:32 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 8:46:22 PM - Error connecting to the internet. 8:46:22 PM - Unable
    to contact server..

    Error - 14/02/2012 9:35:05 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 8:35:05 PM - Error connecting to the internet. 8:35:05 PM - Unable
    to contact server..

    Error - 14/02/2012 9:35:20 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 8:35:10 PM - Error connecting to the internet. 8:35:10 PM - Unable
    to contact server..

    Error - 05/03/2012 4:07:02 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 3:06:52 AM - Error connecting to the internet. 3:06:52 AM - Unable
    to contact server..

    Error - 05/03/2012 5:07:11 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 4:07:06 AM - Error connecting to the internet. 4:07:06 AM - Unable
    to contact server..

    Error - 05/03/2012 6:07:21 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 5:07:16 AM - Error connecting to the internet. 5:07:16 AM - Unable
    to contact server..

    Error - 05/03/2012 7:07:31 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 6:07:26 AM - Error connecting to the internet. 6:07:26 AM - Unable
    to contact server..

    Error - 05/03/2012 8:46:39 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
    Description = 7:46:34 AM - Error connecting to the internet. 7:46:34 AM - Unable
    to contact server..

    [ System Events ]
    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Program Compatibility Assistant Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Superfetch service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Distributed Link Tracking Client service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7034
    Description = The Diagnostic System Host service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The WLAN AutoConfig service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
    Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Portable Device Enumerator Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Driver Foundation - User-mode Driver Framework service
    terminated unexpectedly. It has done this 1 time(s). The following corrective
    action will be taken in 120000 milliseconds: Restart the service.

    Error - 06/03/2012 3:42:45 AM | Computer Name = 2nd_Window-PC | Source = DCOM | ID = 10001
    Description =

    Error - 06/03/2012 5:29:40 PM | Computer Name = 2nd_Window-PC | Source = DCOM | ID = 10001
    Description =


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
      IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes,DefaultScope = {4569E15C-7C54-4B19-B059-D052E07268C4}
      [2011/12/15 20:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
      O15 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
      O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/w...ey3104_32k.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/04/07 18:56:54 | 000,014,426 | -HS- | C] () -- C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
      [2011/04/07 18:56:54 | 000,000,948 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
      [2012/01/23 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Babylon
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  17. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
    HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\defaults\preferences folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\defaults folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\components folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7} folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\samsungsetup.com\www\ deleted successfully.
    Starting removal of ActiveX control {6CE20149-ABE3-462E-A1B4-5B549971AA38}
    C:\Windows\Downloaded Program Files\TouchEnKey.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
    C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
    C:\Users\2nd_Window\AppData\Roaming\Babylon folder moved successfully.
    ADS C:\ProgramData\Temp:BC359956 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 2nd_Window
    ->Temp folder emptied: 100068232 bytes
    ->Temporary Internet Files folder emptied: 52552768 bytes
    ->Java cache emptied: 724644 bytes
    ->FireFox cache emptied: 77514762 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 96998 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 2870 bytes

    User: UpdatusUser.2nd_Window-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1884629 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 222.00 mb


    [EMPTYJAVA]

    User: 2nd_Window
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: UpdatusUser.2nd_Window-PC

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: 2nd_Window
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser.2nd_Window-PC
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.35.1 log created on 03062012_223138

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  18. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    How is computer doing?

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  19. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Results of screen317's Security Check version 0.99.24
    Windows 7 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    Adobe After Effects CS3 Presets
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````




    --------------------------------




    Farbar Service Scanner Version: 01-03-2012
    Ran by 2nd_Window (administrator) on 06-03-2012 at 23:33:26
    Running from "C:\Users\2nd_Window\Desktop"
    Microsoft Windows 7 Ultimate (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll
    [2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  20. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    ESET Scanning in progress.. I will post once it's done..
  21. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Okay. that took long.. here it is..



    C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
    C:\Users\2nd_Window\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0R4OW1X\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application deleted - quarantined
    D:\Downloads\OverClock tools\coretemp_1236.exe Win32/InstallIQ application cleaned by deleting - quarantined
    D:\Program files\painter 11\keygen.exe probably a variant of Win32/Agent.LJDMZCB trojan cleaned by deleting - quarantined
    E:\Program Files\X2Online\FortressForever\Hup.dll probably a variant of Win32/Agent.KQFJDYR trojan cleaned by deleting - quarantined
    E:\Program Files\X2Online\FortressForever\Hup_old.dll probably a variant of Win32/Agent.KQFJDYR trojan cleaned by deleting - quarantined
  22. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    I followed your instruction before the Magic Clean guy..

    But I'm still getting Babylon search webpage when I create new tab in Internet Explorer..
    I saw in ESET log, ESET deleted Bablyon setup file.. but the rest stupid folder and files are still in AppData folder.
  24. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE.
    Same problem?

    Then....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      babylon
      :folderfind
      babylon
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  25. megaboy1

    megaboy1 Newcomer, in training Topic Starter Posts: 59

    Resetting IE solved that issue. But I think it's still in my system hidden.
    So I did SystemLook anyways..

    Do I just delete the folders that has Babylon name in them? and that will remove it completely?


    --------------------------------------
    --------------------------------------


    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:50 on 07/03/2012 by 2nd_Window
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "babylon"
    No files found.

    ========== folderfind ==========

    Searching for "babylon"
    C:\ProgramData\Babylon d------ [18:34 23/01/2012]
    C:\Users\2nd_Window\AppData\Local\Babylon d------ [18:34 23/01/2012]
    C:\Users\All Users\Babylon d------ [18:34 23/01/2012]
    C:\_OTL\MovedFiles\03062012_223138\C_Users\2nd_Window\AppData\Roaming\Babylon d------ [18:34 23/01/2012]

    -= EOF =-


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.