Solved [Virus] svchost.exe and HRUPPROG

M

MyCheeseCake

Posts: 27   +0
Right after booting my computer, a folder opens up by itself with 2 files in it, HRUPPROG.txt and HRUPPROG.DIE.NOW.

Also, a window pops up with the title "Open File - Security Warning" saying, "The publisher could not be verified, are you sure you want to run the software?" The software in this case is svchost.exe.

I have followed the steps as stated in the "4-Step Viruses/Spyware/Malware Removal Preliminary Instructions" post here. And I am posting the contents of the logs. I hope assistance can be provided if needed.

Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ccw :: COMPANY-6EF3B74 [administrator]

1/6/2013 5:57:21 PM
mbam-log-2013-01-06 (17-57-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248983
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{01GP0MB7-0Y0Q-YN07-DW1Q-JB847COT4UL1} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{01GP0MB7-0Y0Q-YN07-DW1Q-JB847COT4UL1} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|18.exe (Trojan.Agent.Gen) -> Data: C:\Documents and Settings\ccw\Application DataMicrosoft\System\Services\18.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Palevo) -> Data: C:\Documents and Settings\ccw\Application Data\qmkin.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

Files Detected: 16
C:\WINDOWS\system32\H@tKeysH@@k.DLL (HackTool.HotKeyHook) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinDir\Svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Application Data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Application Data\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Application DataMicrosoft\System\Services\18.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Application Data\ccw-wchelper.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\RavenBleuUninstaller.exe (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_hpk.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

(end)


DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by ccw at 18:17:18 on 2013-01-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.751 [GMT 8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
L:\Program Files\Comodo Unite\EzVpnSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
L:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
L:\Program Files\Comodo Unite\crdphService.exe
C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=;ftp=;https=;
uProxyOverride = 192.168.*.*
uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
uURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7CC66639-C337-40C3-A661-34CF9F39D25E} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
BHO: LeapFTP Internet Explorer Hook: {A5479DA1-7843-43A7-B5C0-BE342C77B629} - l:\program files\leapftp 3.0\lftpie.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Messenger Plus Live Toolbar: {9B339F6E-DDCD-401B-8764-230ADBD01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "I:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{c4609419-c11e-4ce6-b369-f3f8a7ddd94c}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer = 202.188.0.133,202.188.1.5
TCP: Interfaces\{D054C94A-2078-4A92-9266-69AE82969164} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: urqOIAQk - urqOIAQk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQJcAT
Hosts: 127.0.0.1mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3212_4&babsrc=KW_ss&mntrId=58dc856500000000000000ff3c7d56c8&q=
FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ccw\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ccw\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: l:\program files\comodo unite\npEasyVpnLVN.dll
FF - plugin: l:\program files\comodo unite\NpRdpView.dll
FF - plugin: l:\program files\comodo unite\NpVncView.dll
FF - ExtSQL: 2038-01-18 21:14; betteryoutube@ginatrapani.org; c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\betteryoutube@ginatrapani.org
FF - ExtSQL: !HIDDEN! 2009-09-03 15:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=090812_bab_3212_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 58dc856500000000000000ff3c7d56c8
FF - user.js: extensions.BabylonToolbar.instlDay - 15563
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.623:28:58
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2008-10-18 120320]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 EzVpnSvc;COMODO Unite MultiLogin Service;l:\program files\comodo unite\EzVpnSvc.exe [2011-8-22 360752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-12 54752]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-1 233472]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;I:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;l:\program files\hi-rez studios\HiPatchService.exe [2012-7-2 8704]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-12 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-11 227184]
R2 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.5\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-1 103040]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\drivers\cmdatp.sys [2012-5-28 17816]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\drivers\evolve.sys [2012-3-22 18584]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-1 36608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-6 40776]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-12 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-12 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-12 168776]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S1 sdbuss;sdbuss;c:\windows\system32\drivers\sdbuss.sys --> c:\windows\system32\drivers\sdbuss.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 Windows_rejoice;Windows_rejoice;c:\program files\common files\microsoft shared\msinfo\re91.exe [2008-4-28 0]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-1-30 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-1-30 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-1-30 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-1-30 25088]
S3 apf001;apf001;\??\I:\program files\softnyx\wolfteam\apf001.sys --> I:\program files\softnyx\wolfteam\apf001.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-12-13 6016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-11 80824]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 EvoSvc;Evolve Service;l:\program files\echobit\evolve\EvoSvc.exe [2012-3-22 1528424]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ccw\locals~1\temp\mzh5cf.tmp --> c:\docume~1\ccw\locals~1\temp\MZH5CF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-4 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-4 79104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-12-13 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-12-13 8320]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-2-4 99400]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-12-13 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-12-13 11008]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-7-11 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-7-11 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-7-11 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-11 181432]
S3 tcpip helper;tcpip helper;\??\c:\program files\garena plus\x86\tcpiphlp.sys --> c:\program files\garena plus\x86\tcpiphlp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-6 11520]
S3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\drivers\wod0205.sys [2012-3-22 28936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\xdva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva132;XDva132;\??\c:\windows\system32\xdva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva165;XDva165;\??\c:\windows\system32\xdva165.sys --> c:\windows\system32\XDva165.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\xdva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\xdva204.sys --> c:\windows\system32\XDva204.sys [?]
S3 XDva208;XDva208;\??\c:\windows\system32\xdva208.sys --> c:\windows\system32\XDva208.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 30 ================
.
2013-01-06 10:16:4340776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-06 09:56:1921104----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-06 09:56:19--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-01-06 07:19:58--------d-----w-c:\windows\system32\WinDir
2013-01-06 07:19:56--------d-----w-c:\documents and settings\ccw\Application DataMicrosoft
2013-01-04 17:32:576812136----a-w-c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8fc3890e-27cd-4e76-a191-4caea9c6fd5a}\mpengine.dll
2013-01-03 06:09:57--------d-----w-C:\gravity
2013-01-02 13:26:22--------d-----w-c:\documents and settings\ccw\local settings\application data\Sun
2013-01-02 13:26:20859072----a-w-c:\windows\system32\npDeployJava1.dll
2013-01-02 13:26:1293640----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-12-27 07:59:12--------d-----w-c:\documents and settings\all users\application data\RELOADED
2012-12-16 13:07:58--------d-----w-c:\program files\SweetIM
2012-12-16 13:07:58--------d-----w-c:\documents and settings\all users\application data\SweetIM
2012-12-13 15:16:45--------d-----w-C:\Temp
2012-12-13 15:16:3611008----a-w-c:\windows\system32\drivers\motusbdevice.sys
2012-12-13 15:16:356016----a-w-c:\windows\system32\drivers\motfilt.sys
2012-12-13 15:16:3523424----a-w-c:\windows\system32\drivers\Motousbnet.sys
2012-12-13 15:16:3424064----a-w-c:\windows\system32\drivers\motmodem.sys
2012-12-13 15:16:338320----a-w-c:\windows\system32\drivers\motccgpfl.sys
2012-12-13 15:16:336400----a-w-c:\windows\system32\drivers\motswch.sys
2012-12-13 15:16:3320480----a-w-c:\windows\system32\drivers\motccgp.sys
2012-12-13 15:16:06--------d-----w-c:\program files\common files\Motorola Shared
2012-12-13 15:16:04--------d-----w-c:\program files\Motorola
2012-12-13 06:30:285955856----a-w-c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-01-02 13:25:51143872----a-w-c:\windows\system32\javacpl.cpl
2013-01-02 13:25:49779704----a-w-c:\windows\system32\deployJava1.dll
2012-12-16 12:23:59290560----a-w-c:\windows\system32\atmfd.dll
2012-12-11 18:31:1673656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 18:31:16697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-05 14:54:41138992----a-w-c:\windows\system32\drivers\PnkBstrK.sys
2012-12-05 14:54:34281288----a-w-c:\windows\system32\PnkBstrB.xtr
2012-12-05 14:54:34281288----a-w-c:\windows\system32\PnkBstrB.exe
2012-12-04 11:05:30281288----a-w-c:\windows\system32\PnkBstrB.ex0
2012-11-29 17:59:12138904----a-w-c:\documents and settings\ccw\application data\PnkBstrK.sys
2012-11-29 17:58:5676888----a-w-c:\windows\system32\PnkBstrA.exe
2012-11-13 01:25:121866368----a-w-c:\windows\system32\win32k.sys
2012-11-02 02:02:42375296----a-w-c:\windows\system32\dpnet.dll
2012-11-01 12:17:54916992----a-w-c:\windows\system32\wininet.dll
2012-11-01 12:17:5443520----a-w-c:\windows\system32\licmgr10.dll
2012-11-01 12:17:541469440------w-c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34385024----a-w-c:\windows\system32\html.iec
2012-10-24 19:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-10-24 19:12:2669632----a-w-c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3a
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8B216AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000009b[0x8B21EF18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP3T0L0-1a[0x8B22FD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 18:18:24.01 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12/12/2007 1:40:20 AM
System Uptime: 1/6/2013 6:11:01 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3L
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 42.83 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 64.738 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 117 GiB total, 89.479 GiB free.
H: is FIXED (NTFS) - 116 GiB total, 36.637 GiB free.
I: is FIXED (NTFS) - 146 GiB total, 52.038 GiB free.
J: is FIXED (NTFS) - 152 GiB total, 147.877 GiB free.
K: is CDROM ()
L: is FIXED (NTFS) - 466 GiB total, 103.799 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WeOnlyDo Network Adapter 2.5
Device ID: ROOT\NET\0004
Manufacturer: WeOnlyDo Network Provider
Name: WeOnlyDo Network Adapter 2.5
PNP Device ID: ROOT\NET\0004
Service: wod0205
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E71
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP2134: 10/31/2012 10:29:04 PM - Installed Galactic Voices
RP2135: 10/31/2012 10:29:34 PM - Installed Personality Voices
RP2136: 10/31/2012 10:30:07 PM - Installed Translator Fun Voice Pack
RP2137: 10/31/2012 10:30:26 PM - Installed Ancient Weapon Sounds
RP2138: 10/31/2012 10:30:40 PM - Installed Fantasy Sound Pack
RP2139: 10/31/2012 10:31:05 PM - Installed Sci-Fi 2 Sound Pack
RP2140: 10/31/2012 10:31:23 PM - Installed Spooky Sounds
RP2141: 10/31/2012 10:31:38 PM - Installed Comic Sound Pack
RP2142: 10/31/2012 10:31:51 PM - Installed Farm Animal Sounds
RP2143: 10/31/2012 10:32:06 PM - Installed Sci-Fi Sound Pack
RP2144: 10/31/2012 10:32:26 PM - Installed Blue Satin Skin
RP2145: 11/2/2012 4:13:46 AM - System Checkpoint
RP2146: 11/3/2012 1:37:37 AM - Software Distribution Service 3.0
RP2147: 11/4/2012 1:00:21 AM - Software Distribution Service 3.0
RP2148: 11/5/2012 1:33:12 AM - System Checkpoint
RP2149: 11/6/2012 4:30:19 AM - System Checkpoint
RP2150: 11/6/2012 3:00:18 PM - Software Distribution Service 3.0
RP2151: 11/7/2012 4:08:35 PM - Installed DirectX
RP2152: 11/9/2012 4:52:14 AM - System Checkpoint
RP2153: 11/10/2012 12:41:18 AM - Software Distribution Service 3.0
RP2154: 11/11/2012 1:00:27 AM - Software Distribution Service 3.0
RP2155: 11/12/2012 2:41:57 AM - System Checkpoint
RP2156: 11/13/2012 1:31:23 AM - Software Distribution Service 3.0
RP2157: 11/13/2012 11:04:13 PM - Installed DirectX
RP2158: 11/14/2012 1:59:20 AM - Software Distribution Service 3.0
RP2159: 11/15/2012 3:25:04 AM - System Checkpoint
RP2160: 11/16/2012 4:05:42 AM - System Checkpoint
RP2161: 11/17/2012 12:44:03 AM - Software Distribution Service 3.0
RP2162: 11/18/2012 1:01:30 AM - Software Distribution Service 3.0
RP2163: 11/19/2012 6:23:01 AM - System Checkpoint
RP2164: 11/20/2012 7:04:21 AM - System Checkpoint
RP2165: 11/21/2012 1:32:43 AM - Software Distribution Service 3.0
RP2166: 11/21/2012 4:42:36 PM - Installed DirectX
RP2167: 11/22/2012 5:43:56 PM - System Checkpoint
RP2168: 11/23/2012 7:32:07 PM - System Checkpoint
RP2169: 11/23/2012 8:56:28 PM - Installed DirectX
RP2170: 11/23/2012 9:30:10 PM - Software Distribution Service 3.0
RP2171: 11/24/2012 10:48:41 PM - System Checkpoint
RP2172: 11/25/2012 1:00:39 AM - Software Distribution Service 3.0
RP2173: 11/26/2012 2:42:49 AM - System Checkpoint
RP2174: 11/27/2012 4:21:17 AM - System Checkpoint
RP2175: 11/28/2012 2:10:26 AM - Software Distribution Service 3.0
RP2176: 11/29/2012 4:43:01 AM - System Checkpoint
RP2177: 11/30/2012 1:57:23 AM - Installed DirectX
RP2178: 12/1/2012 2:10:19 AM - Software Distribution Service 3.0
RP2179: 12/2/2012 1:00:26 AM - Software Distribution Service 3.0
RP2180: 12/3/2012 1:03:52 AM - System Checkpoint
RP2181: 12/4/2012 4:06:18 AM - System Checkpoint
RP2182: 12/5/2012 2:26:38 AM - Software Distribution Service 3.0
RP2183: 12/6/2012 4:25:14 AM - System Checkpoint
RP2184: 12/6/2012 9:19:22 AM - Installed SES Driver
RP2185: 12/7/2012 10:07:12 AM - System Checkpoint
RP2186: 12/7/2012 6:52:33 PM - Software Distribution Service 3.0
RP2187: 12/8/2012 8:58:23 PM - System Checkpoint
RP2188: 12/9/2012 1:01:32 AM - Software Distribution Service 3.0
RP2189: 12/10/2012 1:06:22 AM - System Checkpoint
RP2190: 12/11/2012 4:52:33 AM - System Checkpoint
RP2191: 12/11/2012 8:18:14 PM - Software Distribution Service 3.0
RP2192: 12/12/2012 9:21:43 PM - Software Distribution Service 3.0
RP2193: 12/13/2012 9:40:43 PM - System Checkpoint
RP2194: 12/15/2012 2:06:05 AM - Software Distribution Service 3.0
RP2195: 12/16/2012 1:00:45 AM - Software Distribution Service 3.0
RP2196: 12/16/2012 10:48:29 AM - Removed Bonjour
RP2197: 12/16/2012 9:07:36 PM - Windows Defender Checkpoint
RP2198: 12/18/2012 3:25:46 AM - Windows Defender Checkpoint
RP2199: 12/19/2012 1:35:40 AM - Software Distribution Service 3.0
RP2200: 12/20/2012 3:17:33 AM - System Checkpoint
RP2201: 12/21/2012 4:19:39 AM - System Checkpoint
RP2202: 12/21/2012 6:44:36 PM - Software Distribution Service 3.0
RP2203: 12/22/2012 9:21:47 PM - System Checkpoint
RP2204: 12/23/2012 1:00:31 AM - Software Distribution Service 3.0
RP2205: 12/24/2012 3:12:16 AM - System Checkpoint
RP2206: 12/25/2012 3:36:31 AM - System Checkpoint
RP2207: 12/26/2012 2:11:39 AM - Software Distribution Service 3.0
RP2208: 12/27/2012 3:15:17 AM - System Checkpoint
RP2209: 12/28/2012 8:11:11 AM - System Checkpoint
RP2210: 12/28/2012 8:52:35 AM - Software Distribution Service 3.0
RP2211: 12/30/2012 11:39:04 PM - Software Distribution Service 3.0
RP2212: 12/31/2012 11:13:23 PM - Installed DirectX
RP2213: 1/2/2013 1:32:49 AM - Software Distribution Service 3.0
RP2214: 1/2/2013 9:25:34 PM - Installed Java 7 Update 10
RP2215: 1/4/2013 4:29:24 AM - System Checkpoint
RP2216: 1/5/2013 1:32:47 AM - Software Distribution Service 3.0
RP2217: 1/6/2013 4:31:20 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
7-Zip 9.20
AC3Filter (remove only)
Ace of Spades
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
AMD Catalyst Install Manager
Amnesia - The Dark Descent
Ancient Weapon Sounds
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2: Free
ASUS Android USB Drivers
ASUS Sync
ASUS WebStorage
AutoHotkey 1.0.48.05
Bandisoft MPEG-1 Decoder
Big Fish Games: Game Manager
Blacklight: Retribution
Blades of Time
BLAZBLUE -CALAMITY TRIGGER-
Blender (remove only)
Blender NIF Scripts (remove only)
Blue Satin Skin
BolehVPN
Borderlands 2
BOSS
BrawlBusters(EN)CBT
BufferChm
BulletStorm
Call of Duty Modern Warfare 2
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 5.5
Collab
CollabNet Automatic Update 1.2
Comic Sound Pack
COMODO Unite
Copy
Counter-Strike: Source
Cracked Steam
Creatures of Darkness
Critical Update for Windows Media Player 11 (KB959772)
CRUCIS FATAL FAKE
CustomerResearchQFolder
Dark Souls Prepare to Die Edition
Deep Space Voices
Destination Component
Deus Ex Human Revolution
DeviceDiscovery
DeviceManagementQFolder
DEVIL MAY CRY 4
DirectVobSub (remove only)
Dishonored version 5.1
DivX Plus DirectShow Filters
DivX Setup
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DocProc
DocProcQFolder
Dragon Nest SEA
eSupportQFolder
Evolve
F4200
F4200_Help
Fantasy Sound Pack
Fantasy Voice Pack
Farm Animal Sounds
FastStone Photo Resizer 2.8
FATAL ZERO ACTION
Female Voice Pack
Fighter Factory Classic
Fighter Factory Ultimate
FL Studio 6
Furry Voices for Second Life
Galactic Voices
GamersFirst LIVE!
Garena
Garena Messenger and Heroes of Newerth
Garena Plus
Garry's Mod
GetFLV Pro 9.0.3.9
GG E-Sports Platform
Gigabyte Raid Configurer
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
GPBaseService
GPL MPEG-1/2 DirectShow Decoder Filter
Guitar Pro 5.2
Half-Life
Half-Life 2: Episode Two
Hallmark Card Studio 2011 Deluxe
Hawken
Hi-Rez Studios Authenticate and Update Service
High Definition Audio Driver Package - KB888111
Highlight Viewer (Windows Live Toolbar)
Hong Kong Mahjong 1024
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953761)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Imagicon
iTunes
Java 2 Runtime Environment, SE v1.4.2_02
Java 7 Update 10
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 31
Junk Mail filter update
Katawa Shoujo
Killing Floor
League of Legends
LeapFTP 3.0
LG SP USB Driver
LG United Mobile Driver
LG USB WML Modem Driver
Livestream Procaster
Logitech Harmony Remote Software
LogMeIn Hamachi
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.5.79
Male Voice Pack
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
McAfee VirusScan Enterprise
McPixel version 1.0.4
Messenger Plus! Live
Messenger_Plus_Live Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WinUsb 2.0
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 4.0
Minecraft Launcher version 1.0
MobileMe Control Panel
MorphVOX Junior
MorphVOX Pro
MotioninJoy Gamepad tool 0.7.1001
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB933579)
MySQL Server 5.5
MySQL Workbench 5.2 CE
Nero 8 Micro v8.1.1.4
Nexon Game Manager
Nexus Mod Manager
No-IP DUC
Notepad++
NVIDIA PhysX
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
Orcs Must Die!
Origin
osu!
Overgrowth (remove only)
Paint.NET v3.5.10
Pando Media Booster
particleIllusion 3.0.2
PC Connectivity Solution
Pcsx2 0.9.6
Personality Voices
PFConfig 1.0.296
PIXresizer 2.0.4
PMB
PMB Updater
PremiumSoft Navicat 8.0 Lite for MySQL
Proxifier version 2.9
PSSWCORE
PunkBuster Services
PyFFI 2.1.6
Python 2.6 comtypes-0.6.2
Python 2.6 psyco-1.6
Python 2.6 PyFFI-2.1.6
Python 2.6 pywin32-214
Python 2.6.5
Quake Live Mozilla Plugin
QuickTime
Ragnarok Battle Offline
Ragnarok Online
Ragnarok Renewal
Ragnarok Sakray
RBO Extra Scenario Vol.1
RBO Extra Scenario Vol.2
RBO Extra Scenario Vol.3
Real Alternative 1.9.0 Lite
Realtek High Definition Audio Driver
Safari
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Driver for Mobile Phones
SamsungConnectivityCableDriver
Scan
Sci-Fi 2 Sound Pack
Sci-Fi Sound Pack
Sci-Fi Voice Pack
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SendSpace Wizard
Serious Sam HD The First Encounter
SES Driver
Shop for HP Supplies
Skype Click to Call
Skype™ 5.10
Smart Menus (Windows Live Toolbar)
SmartWebPrintingOC
Software Update for Web Folders
SolutionCenter
SonicStage 4.3
Source Filmmaker
Spadille 1.5.1
Spooky Sounds
SQL Server System CLR Types
StarCraft II
Status
Steam
SuddenAttackSEA
Super Hide IP
SweetIM for Messenger 3.7
System Requirements Lab CYRI
tConfig version 0.24
Team Fortress 2
Terraria Game Launcher GUI version 1.2.2
The Elder Scrolls V: Skyrim
Toolbox
TortoiseSVN 1.7.3.22386 (32 bit)
Translator Fun Voice Pack
TrayApp
Tribes: Ascend
TuneUp Utilities 2008
TwinkiRO
Ubisoft Game Launcher
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
VobSub v2.23 (Remove Only)
WampServer 2.0
Warkeys 1.19.0.0b
WebReg
WeGame Client 2.2.2
Windows 7 USB/DVD Download Tool
Windows Defender
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Vista Screen Saver 1.0
Windows XP Service Pack 3
WinRAR 4.00 beta 5 (32-bit)
World of Warcraft
wxPython 2.8.11.0 (ansi) for Python 2.6
X-Blades
Xbox 360 Controller for Windows
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0
Yahoo! Messenger
YouTube Downloader Toolbar v4.6
YTD Video Downloader 3.9.2
.
==== Event Viewer Messages From Past Week ========
.
1/6/2013 6:13:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: JRAID
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
I ran RougeKiller and did as you've instructed. 2 logs were produced on my desktop.

RKreport[1]
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ccw [Admin rights]
Mode : Scan -- Date : 01/07/2013 10:45:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer (202.188.0.133,202.188.1.5) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> FOUND
[RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\ccw\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\ccw\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1mpa.one.microsoft.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] cf092896939862569bcc2bf677a01cde
[BSP] 6223a9b6015f18844e38247e6e4429c0 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307194930 | Size: 155237 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500KS-00MJB0 +++++
--- User ---
[MBR] 6583e43b7da33ac1e4223abfc611129c
[BSP] 1af48602e9c463a5d0034625e055c597 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 118471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 +++++
--- User ---
[MBR] efc58b6db949c659226cdb7f9bae23c7
[BSP] b549aff8e3dfad2becf74d86ab3714c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3320620AS +++++
--- User ---
[MBR] cc6a24fe425e2e80029477da93e81236
[BSP] e39a6ccae9f0865713d3bc5cb63cb75b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307194930 | Size: 155245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01072013_02d1045.txt >>
RKreport[1]_S_01072013_02d1045.txt


RKreport[2]
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ccw [Admin rights]
Mode : Remove -- Date : 01/07/2013 10:45:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer (202.188.0.133,202.188.1.5) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\ccw\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Documents and Settings\ccw\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1mpa.one.microsoft.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] cf092896939862569bcc2bf677a01cde
[BSP] 6223a9b6015f18844e38247e6e4429c0 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307194930 | Size: 155237 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500KS-00MJB0 +++++
--- User ---
[MBR] 6583e43b7da33ac1e4223abfc611129c
[BSP] 1af48602e9c463a5d0034625e055c597 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 118471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 +++++
--- User ---
[MBR] efc58b6db949c659226cdb7f9bae23c7
[BSP] b549aff8e3dfad2becf74d86ab3714c9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST3320620AS +++++
--- User ---
[MBR] cc6a24fe425e2e80029477da93e81236
[BSP] e39a6ccae9f0865713d3bc5cb63cb75b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307194930 | Size: 155245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01072013_02d1045.txt >>
RKreport[1]_S_01072013_02d1045.txt ; RKreport[2]_D_01072013_02d1045.txt


This is the log for aswMBR.exe. I'm not sure whether the scan has been completed or not, because my screen saver kicked in while it was scanning.

aswMBR
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-07 10:46:48
-----------------------------
10:46:48.750 OS Version: Windows 5.1.2600 Service Pack 3
10:46:48.750 Number of processors: 2 586 0xF0B
10:46:48.750 ComputerName: COMPANY-6EF3B74 UserName: ccw
10:46:51.046 Initialize success
10:56:42.109 AVAST engine defs: 13010601
10:57:08.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1a
10:57:08.890 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
10:57:08.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-22
10:57:08.921 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238474MB BusType: 3
10:57:08.937 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-2d
10:57:08.953 Disk 2 Vendor: WDC_WD5000AACS-00G8B1 05.04C05 Size: 476940MB BusType: 3
10:57:08.968 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T0L0-3a
10:57:08.984 Disk 3 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
10:57:09.031 Disk 0 MBR read successfully
10:57:09.046 Disk 0 MBR scan
10:57:09.109 Disk 0 Windows VISTA default MBR code
10:57:09.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
10:57:09.171 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
10:57:09.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993
10:57:09.265 Disk 0 scanning sectors +625121280
10:57:09.359 Disk 0 scanning C:\WINDOWS\system32\drivers
10:57:30.093 Service scanning
10:58:01.000 Modules scanning
10:58:07.750 Disk 0 trace - called modules:
10:58:07.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:58:07.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b216ab8]
10:58:07.843 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8b21ef18]
10:58:07.875 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-1a[0x8b22fd98]
10:58:08.593 AVAST engine scan C:\WINDOWS
10:58:16.171 AVAST engine scan C:\WINDOWS\system32
11:02:30.593 AVAST engine scan C:\WINDOWS\system32\drivers
11:02:52.703 AVAST engine scan C:\Documents and Settings\ccw
11:09:43.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ccw\Desktop\MBR.dat"
11:09:43.875 The log file has been saved successfully to "C:\Documents and Settings\ccw\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I've ran combofix.exe and a blue console window pops up with the following messages:
Stage 1... complete
Stage 2... complete
Stage..... This continues until stage 20+

Then BSOD. Is this supposed to happen?
 
I'm using McAfee Virusscan Enterprise for my Anti-Virus. I couldn't find it in the list that you provided, but I have stopped all McAfee processes in services.msc, does this mean the antivirus is turned off?
 
I have ran ComboFix twice more since the last post, both times it would complete all 50 stages and proceed to delete files, then BSOD. I restarted my computer using the reset button both times. After booting up my computer, I went and checked my C drive for the ComboFix.txt, but it is no where to be found. Instead, I found a ComboFix Folder that directs me to "My Computer".
 
I ran rKill.exe then My_Name.exe immediately afterwards. The same thing happened. When all the stages are completed, BSOD. ComboFix.txt is still nowhere to be found. The only change is that the ComboFix Folder I mentioned earlier has been renamed to My_Name.
 
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
When my computer starts up after the auto-reboot from mbar.exe, a file folder (C:\Documents) automatically pops up with HRUPPROG.txt and HRUPPROG.DIE.NOW, just like I mentioned before. Should I leave these files alone? Or should I delete them?

Also, here are the logs. System-log.txt is split into 3 post because it was over the 50000 character limit.

mbar-log-xxxxx.txt
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ccw :: COMPANY-6EF3B74 [administrator]

1/10/2013 3:31:55 PM
mbar-log-2013-01-10 (15-31-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31328
Time elapsed: 25 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 2145824768, free: 1057042432
------------ Kernel report ------------
01/10/2013 13:54:43
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
jraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cmdatp.sys
\SystemRoot\system32\drivers\ScreamingBAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\evolve.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdXP3.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\mfetdik.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\VX1000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b190ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
Lower Device Object: 0xffffffff8b194d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b191ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
Lower Device Object: 0xffffffff8b229940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8b222ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
Lower Device Object: 0xffffffff8b1a0d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b192ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
Lower Device Object: 0xffffffff8b22c940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.01.10.02
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b192ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b247198, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b192ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b22e2f0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b22c940, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1bded60, 0xffffffff8b192ab8, 0xffffffff89b0f040
Lower DeviceData: 0xffffffffe1934948, 0xffffffff8b22c940, 0xffffffff89aeb040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B1567E5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317926350
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b222ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b237e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b222ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b23d9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b1a0d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe3886888, 0xffffffff8b222ab8, 0xffffffff8a278310
Lower DeviceData: 0xffffffffe293cf58, 0xffffffff8b1a0d98, 0xffffffff89b68b20
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4065AFFC
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 245762307
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 245762370 Numsec = 242629695
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250058268160 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8b191ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b221e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b191ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b23f9e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b229940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe100c138, 0xffffffff8b191ab8, 0xffffffff89b44888
Lower DeviceData: 0xffffffffe106a110, 0xffffffff8b229940, 0xffffffff8a195388
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B427AB34
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8b190ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b221bf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b190ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b1989e8, DeviceName: \Device\000000a1\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b194d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe2661e08, 0xffffffff8b190ab8, 0xffffffff899a3ab8
Lower DeviceData: 0xffffffffe1b41730, 0xffffffff8b194d98, 0xffffffff89c03040
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3CFC7842
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317942415
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Infected: C:\Documents and Settings\ccw\Desktop\CANNOT USE - PUNKBUSTER DETECTED\New Folder (2)\euro\sounds.dll --> [Malware.Packer.Gen]
Infected: C:\Documents and Settings\ccw\Desktop\CoD6 Lvl70\COD6 Multyplayer Lvl 70 Cheat by Fenriir.exe --> [HackTool.GamesCheat.Gen]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 2145824768, free: 1022885888
------------ Kernel report ------------
01/10/2013 14:36:01
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cmdatp.sys
\SystemRoot\system32\drivers\ScreamingBAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\evolve.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdXP3.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\mfetdik.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\VX1000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
 
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b234ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
Lower Device Object: 0xffffffff8b19bd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b21dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
Lower Device Object: 0xffffffff8b238d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8b208ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
Lower Device Object: 0xffffffff8b19fd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b19aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
Lower Device Object: 0xffffffff8b223d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b19aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b267e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b19aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b296500, DeviceName: \Device\0000009d\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b223d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1bbb9e0, 0xffffffff8b19aab8, 0xffffffff89b9f570
Lower DeviceData: 0xffffffffe1bbb9c8, 0xffffffff8b223d98, 0xffffffff89b13f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B1567E5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317926350
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b208ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b2a2440, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b208ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b2476c0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b19fd98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1b59f00, 0xffffffff8b208ab8, 0xffffffff89b04890
Lower DeviceData: 0xffffffffe1b77a30, 0xffffffff8b19fd98, 0xffffffff89b08a70
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4065AFFC
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 245762307
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 245762370 Numsec = 242629695
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250058268160 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8b21dab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b228b40, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b21dab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b23c9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b238d98, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1bbb830, 0xffffffff8b21dab8, 0xffffffff89b9dab8
Lower DeviceData: 0xffffffffe1d6aaf8, 0xffffffff8b238d98, 0xffffffff89bb7d78
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B427AB34
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b23eb88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b2229e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b19bd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1db2740, 0xffffffff8b234ab8, 0xffffffff89b05360
Lower DeviceData: 0xffffffffe1bbd828, 0xffffffff8b19bd98, 0xffffffff89af7c00
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3CFC7842
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317942415
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Infected: C:\Documents and Settings\ccw\Desktop\CANNOT USE - PUNKBUSTER DETECTED\New Folder (2)\euro\sounds.dll --> [Malware.Packer.Gen]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 2145824768, free: 1039249408
------------ Kernel report ------------
01/10/2013 15:06:22
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cmdatp.sys
\SystemRoot\system32\drivers\ScreamingBAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\evolve.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdXP3.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdik.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\VX1000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
 
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b206ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
Lower Device Object: 0xffffffff8b222d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b199ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
Lower Device Object: 0xffffffff8b20c940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8b234ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
Lower Device Object: 0xffffffff8b238d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b221ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
Lower Device Object: 0xffffffff8b239d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b221ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b2472c8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b221ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b2475a0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b239d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1c69300, 0xffffffff8b221ab8, 0xffffffff89b62298
Lower DeviceData: 0xffffffffe1a1f2e8, 0xffffffff8b239d98, 0xffffffff89eebf18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B1567E5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition file system is NTFS
Partition is bootable
Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317926350
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b228908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b19e9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b238d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe19b7220, 0xffffffff8b234ab8, 0xffffffff89abc480
Lower DeviceData: 0xffffffffe31f1878, 0xffffffff8b238d98, 0xffffffff89ab5a60
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4065AFFC
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 245762307
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 245762370 Numsec = 242629695
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250058268160 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8b199ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b23e508, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b199ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b23c9e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b20c940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1d3c040, 0xffffffff8b199ab8, 0xffffffff89b634a0
Lower DeviceData: 0xffffffffe1166208, 0xffffffff8b20c940, 0xffffffff89afa9e0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B427AB34
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8b206ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b220e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b206ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b20a9e8, DeviceName: \Device\000000a1\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b222d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1c80140, 0xffffffff8b206ab8, 0xffffffff89b0c040
Lower DeviceData: 0xffffffffe1c46148, 0xffffffff8b222d98, 0xffffffff89a03f18
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3CFC7842
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 317942415
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Log it split into two posts.

tdsskiller report

09:20:09.0437 4704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:20:10.0515 4704 ============================================================
09:20:10.0515 4704 Current date / time: 2013/01/14 09:20:10.0515
09:20:10.0515 4704 SystemInfo:
09:20:10.0515 4704
09:20:10.0515 4704 OS Version: 5.1.2600 ServicePack: 3.0
09:20:10.0515 4704 Product type: Workstation
09:20:10.0515 4704 ComputerName: COMPANY-6EF3B74
09:20:10.0515 4704 UserName: ccw
09:20:10.0515 4704 Windows directory: C:\WINDOWS
09:20:10.0515 4704 System windows directory: C:\WINDOWS
09:20:10.0515 4704 Processor architecture: Intel x86
09:20:10.0515 4704 Number of processors: 2
09:20:10.0515 4704 Page size: 0x1000
09:20:10.0515 4704 Boot type: Normal boot
09:20:10.0515 4704 ============================================================
09:20:11.0593 4704 Drive \Device\Harddisk3\DR3 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:20:11.0609 4704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:20:11.0625 4704 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:20:11.0640 4704 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:20:11.0640 4704 ============================================================
09:20:11.0640 4704 \Device\Harddisk3\DR3:
09:20:11.0640 4704 MBR partitions:
09:20:11.0640 4704 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
09:20:11.0640 4704 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x124F6C32, BlocksNum 0x12F36A8F
09:20:11.0640 4704 \Device\Harddisk0\DR0:
09:20:11.0656 4704 MBR partitions:
09:20:11.0656 4704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
09:20:11.0671 4704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
09:20:11.0671 4704 \Device\Harddisk1\DR1:
09:20:11.0671 4704 MBR partitions:
09:20:11.0671 4704 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
09:20:11.0671 4704 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xEA60942, BlocksNum 0xE763C3F
09:20:11.0671 4704 \Device\Harddisk2\DR2:
09:20:11.0671 4704 MBR partitions:
09:20:11.0671 4704 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:20:11.0671 4704 ============================================================
09:20:11.0703 4704 C: <-> \Device\Harddisk0\DR0\Partition1
09:20:11.0718 4704 D: <-> \Device\Harddisk0\DR0\Partition2
09:20:11.0718 4704 G: <-> \Device\Harddisk1\DR1\Partition1
09:20:11.0750 4704 H: <-> \Device\Harddisk1\DR1\Partition2
09:20:11.0765 4704 I: <-> \Device\Harddisk3\DR3\Partition1
09:20:11.0796 4704 J: <-> \Device\Harddisk3\DR3\Partition2
09:20:11.0828 4704 L: <-> \Device\Harddisk2\DR2\Partition1
09:20:11.0828 4704 ============================================================
09:20:11.0828 4704 Initialize success
09:20:11.0828 4704 ============================================================
09:20:20.0375 4488 ============================================================
09:20:20.0375 4488 Scan started
09:20:20.0375 4488 Mode: Manual;
09:20:20.0375 4488 ============================================================
09:20:21.0171 4488 ================ Scan system memory ========================
09:20:21.0171 4488 System memory - ok
09:20:21.0171 4488 ================ Scan services =============================
09:20:21.0281 4488 1394hub - ok
09:20:21.0281 4488 Abiosdsk - ok
09:20:21.0281 4488 abp480n5 - ok
09:20:21.0328 4488 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:20:21.0328 4488 ACPI - ok
09:20:21.0359 4488 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:20:21.0359 4488 ACPIEC - ok
09:20:21.0359 4488 Ad-Watch Connect Filter - ok
09:20:21.0421 4488 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:20:21.0421 4488 AdobeFlashPlayerUpdateSvc - ok
09:20:21.0421 4488 adpu160m - ok
09:20:21.0468 4488 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:20:21.0468 4488 aec - ok
09:20:21.0500 4488 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:20:21.0500 4488 AFD - ok
09:20:21.0500 4488 Aha154x - ok
09:20:21.0500 4488 aic78u2 - ok
09:20:21.0515 4488 aic78xx - ok
09:20:21.0671 4488 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
09:20:21.0671 4488 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
09:20:21.0687 4488 Akamai ( HiddenFile.Multi.Generic ) - warning
09:20:21.0687 4488 Akamai - detected HiddenFile.Multi.Generic (1)
09:20:21.0703 4488 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:20:21.0703 4488 Alerter - ok
09:20:21.0718 4488 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:20:21.0718 4488 ALG - ok
09:20:21.0734 4488 AliIde - ok
09:20:21.0734 4488 amsint - ok
09:20:21.0750 4488 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\WINDOWS\system32\DRIVERS\lgandbus.sys
09:20:21.0750 4488 Andbus - ok
09:20:21.0765 4488 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\WINDOWS\system32\DRIVERS\lganddiag.sys
09:20:21.0765 4488 AndDiag - ok
09:20:21.0796 4488 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\WINDOWS\system32\DRIVERS\lgandgps.sys
09:20:21.0796 4488 AndGps - ok
09:20:21.0812 4488 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
09:20:21.0812 4488 ANDModem - ok
09:20:21.0859 4488 apf001 - ok
09:20:21.0906 4488 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:20:21.0906 4488 Apple Mobile Device - ok
09:20:21.0937 4488 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:20:21.0937 4488 AppMgmt - ok
09:20:21.0953 4488 AresChatServer - ok
09:20:21.0953 4488 asc - ok
09:20:21.0953 4488 asc3350p - ok
09:20:21.0968 4488 asc3550 - ok
09:20:22.0046 4488 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:20:22.0078 4488 aspnet_state - ok
09:20:22.0093 4488 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:20:22.0093 4488 AsyncMac - ok
09:20:22.0125 4488 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:20:22.0125 4488 atapi - ok
09:20:22.0125 4488 Atdisk - ok
09:20:22.0171 4488 [ 6A5614F785DEEA2C17DA494B5198355C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:20:22.0265 4488 Ati HotKey Poller - ok
09:20:22.0296 4488 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
09:20:22.0375 4488 ATI Smart - ok
09:20:22.0515 4488 [ 5CB8B6775285F2F908C3F810EAB78500 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:20:22.0656 4488 ati2mtag - ok
09:20:22.0703 4488 [ FED003FD00011946B0E4F8FB7A8B4307 ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
09:20:22.0703 4488 ATIAVAIW - ok
09:20:22.0718 4488 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
09:20:22.0718 4488 AtiHDAudioService - ok
09:20:22.0734 4488 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:20:22.0734 4488 AtiHdmiService - ok
09:20:22.0765 4488 [ 0E4BB35C5305099AC82053AC992E3E0E ] ATITool C:\WINDOWS\system32\DRIVERS\ATITool.sys
09:20:22.0765 4488 ATITool - ok
09:20:22.0781 4488 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
09:20:22.0781 4488 atksgt - ok
09:20:22.0812 4488 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:20:22.0812 4488 Atmarpc - ok
09:20:22.0828 4488 [ A8ABF9CA3B8781A69CA5025BCDA42706 ] ATP C:\WINDOWS\system32\DRIVERS\cmdatp.sys
09:20:22.0828 4488 ATP - ok
09:20:22.0843 4488 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:20:22.0843 4488 AudioSrv - ok
09:20:22.0859 4488 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:20:22.0859 4488 audstub - ok
09:20:22.0890 4488 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:20:22.0890 4488 Beep - ok
09:20:22.0921 4488 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:20:22.0921 4488 BITS - ok
09:20:22.0953 4488 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:20:22.0953 4488 Browser - ok
09:20:22.0984 4488 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys
09:20:22.0984 4488 BTCFilterService - ok
09:20:23.0078 4488 catchme - ok
09:20:23.0109 4488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:20:23.0109 4488 cbidf2k - ok
09:20:23.0125 4488 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:20:23.0125 4488 CCDECODE - ok
09:20:23.0125 4488 cd20xrnt - ok
09:20:23.0140 4488 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:20:23.0140 4488 Cdaudio - ok
09:20:23.0156 4488 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:20:23.0156 4488 Cdfs - ok
09:20:23.0187 4488 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:20:23.0187 4488 Cdrom - ok
09:20:23.0187 4488 Changer - ok
09:20:23.0218 4488 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:20:23.0218 4488 CiSvc - ok
09:20:23.0218 4488 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:20:23.0218 4488 ClipSrv - ok
09:20:23.0250 4488 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:20:23.0265 4488 clr_optimization_v2.0.50727_32 - ok
09:20:23.0281 4488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:20:23.0296 4488 clr_optimization_v4.0.30319_32 - ok
09:20:23.0296 4488 CmdIde - ok
09:20:23.0296 4488 COMSysApp - ok
09:20:23.0312 4488 Cpqarray - ok
09:20:23.0328 4488 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:20:23.0328 4488 CryptSvc - ok
09:20:23.0328 4488 dac2w2k - ok
09:20:23.0343 4488 dac960nt - ok
09:20:23.0375 4488 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:20:23.0375 4488 DcomLaunch - ok
09:20:23.0406 4488 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
09:20:23.0406 4488 dg_ssudbus - ok
09:20:23.0437 4488 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:20:23.0437 4488 Dhcp - ok
09:20:23.0468 4488 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:20:23.0468 4488 Disk - ok
09:20:23.0484 4488 dmadmin - ok
09:20:23.0515 4488 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:20:23.0531 4488 dmboot - ok
09:20:23.0531 4488 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:20:23.0531 4488 dmio - ok
09:20:23.0546 4488 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:20:23.0546 4488 dmload - ok
09:20:23.0546 4488 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:20:23.0546 4488 dmserver - ok
09:20:23.0562 4488 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:20:23.0562 4488 DMusic - ok
09:20:23.0593 4488 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:20:23.0593 4488 Dnscache - ok
09:20:23.0609 4488 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:20:23.0625 4488 Dot3svc - ok
09:20:23.0625 4488 dpti2o - ok
09:20:23.0640 4488 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:20:23.0640 4488 drmkaud - ok
09:20:23.0640 4488 EagleNT - ok
09:20:23.0640 4488 EagleXNt - ok
09:20:23.0656 4488 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:20:23.0656 4488 EapHost - ok
09:20:23.0671 4488 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:20:23.0671 4488 ERSvc - ok
09:20:23.0703 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:20:23.0703 4488 Eventlog - ok
09:20:23.0734 4488 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:20:23.0734 4488 EventSystem - ok
09:20:23.0765 4488 [ 7FA352252FE7F5BD7D235A66AA1F69FE ] EvolveVirtualAdapter C:\WINDOWS\system32\DRIVERS\evolve.sys
09:20:23.0765 4488 EvolveVirtualAdapter - ok
09:20:23.0859 4488 [ 1A7747491C95B1B52A573BA1BA5EAFC0 ] EvoSvc L:\Program Files\Echobit\Evolve\EvoSvc.exe
09:20:23.0890 4488 EvoSvc - ok
09:20:23.0937 4488 [ 2D5ED81E5A8A2B77768BA724E3F8E538 ] EzVpnSvc L:\Program Files\Comodo Unite\EzVpnSvc.exe
09:20:23.0937 4488 EzVpnSvc - ok
09:20:23.0968 4488 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:20:23.0968 4488 Fastfat - ok
09:20:24.0000 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:20:24.0000 4488 FastUserSwitchingCompatibility - ok
09:20:24.0015 4488 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:20:24.0015 4488 Fdc - ok
09:20:24.0031 4488 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:20:24.0031 4488 Fips - ok
09:20:24.0031 4488 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:20:24.0031 4488 Flpydisk - ok
09:20:24.0062 4488 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:20:24.0062 4488 FltMgr - ok
09:20:24.0109 4488 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:20:24.0109 4488 FontCache3.0.0.0 - ok
09:20:24.0125 4488 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
09:20:24.0125 4488 fssfltr - ok
09:20:24.0203 4488 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:20:24.0218 4488 fsssvc - ok
09:20:24.0250 4488 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
09:20:24.0250 4488 FsUsbExDisk - ok
09:20:24.0265 4488 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
09:20:24.0265 4488 FsUsbExService - ok
09:20:24.0281 4488 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:20:24.0281 4488 Fs_Rec - ok
09:20:24.0281 4488 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:20:24.0281 4488 Ftdisk - ok
09:20:24.0296 4488 GarenaPEngine - ok
09:20:24.0312 4488 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
09:20:24.0437 4488 gdrv - ok
09:20:24.0453 4488 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:20:24.0453 4488 GEARAspiWDM - ok
09:20:24.0484 4488 GGSAFERDriver - ok
09:20:24.0500 4488 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:20:24.0500 4488 Gpc - ok
09:20:24.0578 4488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:20:24.0578 4488 gupdate - ok
09:20:24.0593 4488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:20:24.0593 4488 gupdatem - ok
09:20:24.0609 4488 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
09:20:24.0609 4488 hamachi - ok
09:20:24.0656 4488 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
09:20:24.0671 4488 Hamachi2Svc - ok
09:20:24.0718 4488 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:20:24.0718 4488 HDAudBus - ok
09:20:24.0765 4488 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:20:24.0765 4488 helpsvc - ok
09:20:24.0781 4488 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:20:24.0781 4488 HidServ - ok
09:20:24.0796 4488 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:20:24.0796 4488 hidusb - ok
09:20:24.0828 4488 [ 34E95DE386032FD7F14C228DD8E1CDBF ] HiPatchService L:\Program Files\Hi-Rez Studios\HiPatchService.exe
09:20:24.0828 4488 HiPatchService - ok
09:20:24.0859 4488 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:20:24.0859 4488 hkmsvc - ok
09:20:24.0859 4488 hpn - ok
09:20:24.0937 4488 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:20:24.0937 4488 hpqcxs08 - ok
09:20:24.0984 4488 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:20:24.0984 4488 hpqddsvc - ok
09:20:25.0000 4488 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:20:25.0000 4488 HPZid412 - ok
09:20:25.0031 4488 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:20:25.0031 4488 HPZipr12 - ok
09:20:25.0031 4488 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:20:25.0046 4488 HPZius12 - ok
09:20:25.0062 4488 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:20:25.0062 4488 HTTP - ok
09:20:25.0078 4488 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:20:25.0093 4488 HTTPFilter - ok
09:20:25.0093 4488 i2omgmt - ok
09:20:25.0093 4488 i2omp - ok
09:20:25.0125 4488 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:20:25.0125 4488 i8042prt - ok
09:20:25.0187 4488 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:20:25.0250 4488 IDriverT - ok
09:20:25.0296 4488 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:20:25.0328 4488 idsvc - ok
09:20:25.0343 4488 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:20:25.0343 4488 Imapi - ok
09:20:25.0375 4488 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:20:25.0375 4488 ImapiService - ok
09:20:25.0375 4488 ini910u - ok
09:20:25.0500 4488 [ E37589414437A60797E94C0F57C546DB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:20:25.0593 4488 IntcAzAudAddService - ok
09:20:25.0609 4488 IntelIde - ok
09:20:25.0625 4488 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:20:25.0625 4488 intelppm - ok
09:20:25.0640 4488 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:20:25.0640 4488 Ip6Fw - ok
09:20:25.0656 4488 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:20:25.0656 4488 IpFilterDriver - ok
09:20:25.0671 4488 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:20:25.0671 4488 IpInIp - ok
09:20:25.0687 4488 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:20:25.0687 4488 IpNat - ok
09:20:25.0750 4488 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:20:25.0796 4488 iPod Service - ok
09:20:25.0812 4488 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:20:25.0812 4488 IPSec - ok
09:20:25.0843 4488 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:20:25.0843 4488 IRENUM - ok
09:20:25.0859 4488 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:20:25.0859 4488 isapnp - ok
09:20:25.0968 4488 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:20:26.0031 4488 JavaQuickStarterService - ok
09:20:26.0046 4488 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
09:20:26.0046 4488 JGOGO - ok
09:20:26.0062 4488 [ F90A4E8657319A652E04C5362926CFEA ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
09:20:26.0078 4488 JRAID - ok
09:20:26.0093 4488 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:20:26.0093 4488 Kbdclass - ok
09:20:26.0093 4488 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:20:26.0093 4488 kbdhid - ok
09:20:26.0109 4488 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:20:26.0109 4488 kmixer - ok
09:20:26.0125 4488 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:20:26.0125 4488 KSecDD - ok
09:20:26.0140 4488 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:20:26.0156 4488 lanmanserver - ok
09:20:26.0171 4488 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:20:26.0171 4488 lanmanworkstation - ok
09:20:26.0171 4488 lbrtfdc - ok
09:20:26.0203 4488 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
09:20:26.0203 4488 lirsgt - ok
09:20:26.0234 4488 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:20:26.0234 4488 LmHosts - ok
09:20:26.0250 4488 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:20:26.0250 4488 mbamchameleon - ok
09:20:26.0296 4488 [ 1BC1A6B644D4CC1964CD851E92B604F4 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
09:20:26.0296 4488 McAfeeFramework - ok
09:20:26.0328 4488 [ F922B609524CF1ED66A1A109F3CE014F ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
09:20:26.0328 4488 mcdbus - ok
09:20:26.0375 4488 [ 12BEF73E0281AC793865BE1A331C67FC ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
09:20:26.0375 4488 McShield - ok
09:20:26.0390 4488 [ DD61B815E2CBA6CCA6B7ED607F466652 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
09:20:26.0468 4488 McTaskManager - ok
09:20:26.0484 4488 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:20:26.0484 4488 Messenger - ok
09:20:26.0515 4488 [ 1F334EB2A13816DF45671EBB98896DA7 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
09:20:26.0515 4488 mfeapfk - ok
09:20:26.0531 4488 [ 8A1DEDBBDAD33587F6FAD780CE4B34B5 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
09:20:26.0531 4488 mfeavfk - ok
09:20:26.0562 4488 [ D800E31A019A6979698EEF0507BAA746 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
09:20:26.0562 4488 mfebopk - ok
09:20:26.0562 4488 [ 0AE14FAB8E25C258C6EBF3827C649273 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
09:20:26.0562 4488 mfehidk - ok
09:20:26.0578 4488 [ E72AFC5056F6804C616E7DC32A38945F ] mferkdk C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
09:20:26.0593 4488 mferkdk - ok
09:20:26.0593 4488 [ A47F0F63E92730DE15D41624AB998C5C ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
09:20:26.0593 4488 mfetdik - ok
09:20:26.0609 4488 [ 277B8B3536C1179FE432EF2DDE294A97 ] Mkd2kfNt C:\WINDOWS\system32\drivers\Mkd2kfNt.sys
09:20:26.0625 4488 Mkd2kfNt - ok
09:20:26.0640 4488 [ 0716EFDA4769995C67A3450FCD36E47E ] Mkd2Nadr C:\WINDOWS\system32\drivers\Mkd2Nadr.sys
09:20:26.0640 4488 Mkd2Nadr - ok
09:20:26.0656 4488 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:20:26.0671 4488 mnmdd - ok
09:20:26.0687 4488 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:20:26.0687 4488 mnmsrvc - ok
09:20:26.0718 4488 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:20:26.0718 4488 Modem - ok
09:20:26.0734 4488 [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
09:20:26.0734 4488 motccgp - ok
09:20:26.0750 4488 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
09:20:26.0750 4488 motccgpfl - ok
09:20:26.0765 4488 [ A77205D70D14D153342D357DE5A4E770 ] MotioninJoyXFilter C:\WINDOWS\system32\DRIVERS\MijXfilt.sys
09:20:26.0765 4488 MotioninJoyXFilter - ok
09:20:26.0781 4488 [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
09:20:26.0828 4488 motmodem - ok
09:20:26.0890 4488 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
09:20:26.0937 4488 MotoHelper - ok
09:20:26.0953 4488 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys
09:20:26.0953 4488 MotoSwitchService - ok
09:20:26.0984 4488 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
09:20:26.0984 4488 Motousbnet - ok
09:20:27.0000 4488 [ F18898D418F43E74A93EDC57E1F28BC9 ] motusbdevice C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
09:20:27.0000 4488 motusbdevice - ok
09:20:27.0015 4488 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:20:27.0015 4488 Mouclass - ok
09:20:27.0031 4488 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:20:27.0031 4488 mouhid - ok
09:20:27.0046 4488 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:20:27.0046 4488 MountMgr - ok
09:20:27.0109 4488 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:20:27.0109 4488 MozillaMaintenance - ok
09:20:27.0140 4488 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
09:20:27.0140 4488 MPE - ok
09:20:27.0140 4488 mraid35x - ok
09:20:27.0140 4488 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:20:27.0140 4488 MRxDAV - ok
09:20:27.0187 4488 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:20:27.0203 4488 MRxSmb - ok
09:20:27.0265 4488 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
09:20:27.0265 4488 MSCamSvc - ok
09:20:27.0296 4488 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:20:27.0296 4488 MSDTC - ok
09:20:27.0312 4488 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:20:27.0312 4488 Msfs - ok
09:20:27.0312 4488 MSIServer - ok
09:20:27.0343 4488 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:20:27.0343 4488 MSKSSRV - ok
09:20:27.0359 4488 [ 64E8B7C65EB4796939C0F64F8170821B ] msloop C:\WINDOWS\system32\DRIVERS\loop.sys
09:20:27.0359 4488 msloop - ok
09:20:27.0375 4488 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:20:27.0375 4488 MSPCLOCK - ok
09:20:27.0375 4488 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:20:27.0375 4488 MSPQM - ok
09:20:27.0390 4488 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:20:27.0390 4488 mssmbios - ok
09:20:27.0406 4488 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:20:27.0406 4488 MSTEE - ok
09:20:27.0421 4488 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:20:27.0421 4488 Mup - ok
09:20:27.0453 4488 MySQL5 - ok
 
09:20:27.0468 4488 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:20:27.0468 4488 NABTSFEC - ok
09:20:27.0500 4488 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:20:27.0500 4488 napagent - ok
09:20:27.0531 4488 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:20:27.0531 4488 NDIS - ok
09:20:27.0546 4488 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:20:27.0546 4488 NdisIP - ok
09:20:27.0578 4488 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:20:27.0578 4488 NdisTapi - ok
09:20:27.0593 4488 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:20:27.0593 4488 Ndisuio - ok
09:20:27.0593 4488 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:20:27.0593 4488 NdisWan - ok
09:20:27.0609 4488 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:20:27.0609 4488 NDProxy - ok
09:20:27.0640 4488 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:20:27.0640 4488 Net Driver HPZ12 - ok
09:20:27.0640 4488 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:20:27.0640 4488 NetBIOS - ok
09:20:27.0656 4488 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:20:27.0656 4488 NetBT - ok
09:20:27.0671 4488 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:20:27.0687 4488 NetDDE - ok
09:20:27.0687 4488 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:20:27.0687 4488 NetDDEdsdm - ok
09:20:27.0718 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:20:27.0718 4488 Netlogon - ok
09:20:27.0734 4488 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:20:27.0734 4488 Netman - ok
09:20:27.0781 4488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:20:27.0812 4488 NetTcpPortSharing - ok
09:20:27.0843 4488 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:20:27.0843 4488 Nla - ok
09:20:27.0875 4488 [ B4E87D4F40C57D036E821BD06DB1D1B7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
09:20:27.0906 4488 nmwcd - ok
09:20:27.0937 4488 [ BEE0ADDF01D62725DDC2CC113D6B374C ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
09:20:27.0937 4488 nmwcdc - ok
09:20:27.0968 4488 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:20:27.0968 4488 Npfs - ok
09:20:27.0968 4488 npggsvc - ok
09:20:27.0968 4488 npkcrypt - ok
09:20:27.0984 4488 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:20:27.0984 4488 Ntfs - ok
09:20:27.0984 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:20:27.0984 4488 NtLmSsp - ok
09:20:28.0015 4488 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:20:28.0015 4488 NtmsSvc - ok
09:20:28.0031 4488 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:20:28.0031 4488 Null - ok
09:20:28.0062 4488 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:20:28.0062 4488 NwlnkFlt - ok
09:20:28.0078 4488 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:20:28.0078 4488 NwlnkFwd - ok
09:20:28.0140 4488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:20:28.0140 4488 odserv - ok
09:20:28.0171 4488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:20:28.0171 4488 ose - ok
09:20:28.0187 4488 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:20:28.0187 4488 Parport - ok
09:20:28.0187 4488 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:20:28.0187 4488 PartMgr - ok
09:20:28.0218 4488 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:20:28.0218 4488 ParVdm - ok
09:20:28.0218 4488 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:20:28.0218 4488 PCI - ok
09:20:28.0218 4488 PCIDump - ok
09:20:28.0234 4488 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:20:28.0234 4488 PCIIde - ok
09:20:28.0250 4488 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:20:28.0265 4488 Pcmcia - ok
09:20:28.0265 4488 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
09:20:28.0265 4488 pcouffin - ok
09:20:28.0265 4488 PDCOMP - ok
09:20:28.0281 4488 PDFRAME - ok
09:20:28.0281 4488 PDRELI - ok
09:20:28.0281 4488 PDRFRAME - ok
09:20:28.0281 4488 perc2 - ok
09:20:28.0281 4488 perc2hib - ok
09:20:28.0328 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:20:28.0328 4488 PlugPlay - ok
09:20:28.0421 4488 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
09:20:28.0500 4488 PMBDeviceInfoProvider - ok
09:20:28.0546 4488 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:20:28.0546 4488 Pml Driver HPZ12 - ok
09:20:28.0578 4488 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
09:20:28.0578 4488 PnkBstrA - ok
09:20:28.0578 4488 Point32 - ok
09:20:28.0578 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:20:28.0578 4488 PolicyAgent - ok
09:20:28.0609 4488 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:20:28.0609 4488 PptpMiniport - ok
09:20:28.0609 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:20:28.0609 4488 ProtectedStorage - ok
09:20:28.0625 4488 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:20:28.0640 4488 PSched - ok
09:20:28.0656 4488 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:20:28.0656 4488 Ptilink - ok
09:20:28.0671 4488 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:20:28.0687 4488 PxHelp20 - ok
09:20:28.0687 4488 ql1080 - ok
09:20:28.0687 4488 Ql10wnt - ok
09:20:28.0687 4488 ql12160 - ok
09:20:28.0687 4488 ql1240 - ok
09:20:28.0703 4488 ql1280 - ok
09:20:28.0718 4488 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:20:28.0718 4488 RasAcd - ok
09:20:28.0734 4488 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:20:28.0734 4488 RasAuto - ok
09:20:28.0750 4488 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:20:28.0750 4488 Rasl2tp - ok
09:20:28.0812 4488 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:20:28.0828 4488 RasMan - ok
09:20:28.0828 4488 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:20:28.0828 4488 RasPppoe - ok
09:20:28.0843 4488 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:20:28.0843 4488 Raspti - ok
09:20:28.0859 4488 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:20:28.0859 4488 Rdbss - ok
09:20:28.0859 4488 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:20:28.0859 4488 RDPCDD - ok
09:20:28.0890 4488 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:20:28.0890 4488 rdpdr - ok
09:20:28.0921 4488 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:20:28.0937 4488 RDPWD - ok
09:20:28.0953 4488 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:20:28.0953 4488 RDSessMgr - ok
09:20:28.0968 4488 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:20:28.0968 4488 redbook - ok
09:20:29.0000 4488 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:20:29.0000 4488 RemoteAccess - ok
09:20:29.0015 4488 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:20:29.0015 4488 RemoteRegistry - ok
09:20:29.0031 4488 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:20:29.0031 4488 RpcLocator - ok
09:20:29.0062 4488 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:20:29.0062 4488 RpcSs - ok
09:20:29.0093 4488 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:20:29.0093 4488 rspndr - ok
09:20:29.0109 4488 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:20:29.0109 4488 RSVP - ok
09:20:29.0140 4488 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:20:29.0140 4488 RTLE8023xp - ok
09:20:29.0156 4488 [ D7A84EF8F953A2D704580E4E73E00011 ] s716bus C:\WINDOWS\system32\DRIVERS\s716bus.sys
09:20:29.0156 4488 s716bus - ok
09:20:29.0187 4488 [ C5B509CDEEB733EFAFADC2D93BC77712 ] s716mdfl C:\WINDOWS\system32\DRIVERS\s716mdfl.sys
09:20:29.0187 4488 s716mdfl - ok
09:20:29.0203 4488 [ DC3DEC64860878540B374DC7D15D921F ] s716mdm C:\WINDOWS\system32\DRIVERS\s716mdm.sys
09:20:29.0203 4488 s716mdm - ok
09:20:29.0203 4488 [ 047FD555D897333AD9F61B1D4CC7C114 ] s716mgmt C:\WINDOWS\system32\DRIVERS\s716mgmt.sys
09:20:29.0203 4488 s716mgmt - ok
09:20:29.0234 4488 [ 2858193E91EEF964E41B6A032E1E4418 ] s716nd5 C:\WINDOWS\system32\DRIVERS\s716nd5.sys
09:20:29.0234 4488 s716nd5 - ok
09:20:29.0234 4488 [ CC6C212585891614CC2059BA48D27A86 ] s716obex C:\WINDOWS\system32\DRIVERS\s716obex.sys
09:20:29.0234 4488 s716obex - ok
09:20:29.0250 4488 [ AAAEEBA9FA0ECB0DE6BBA59F955CDEFB ] s716unic C:\WINDOWS\system32\DRIVERS\s716unic.sys
09:20:29.0250 4488 s716unic - ok
09:20:29.0281 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:20:29.0281 4488 SamSs - ok
09:20:29.0296 4488 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:20:29.0296 4488 SCardSvr - ok
09:20:29.0343 4488 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:20:29.0343 4488 Schedule - ok
09:20:29.0359 4488 [ A643D6DF1B7546256B11FB5D6B5D1375 ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
09:20:29.0359 4488 SCREAMINGBDRIVER - ok
09:20:29.0375 4488 sdbuss - ok
09:20:29.0375 4488 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:20:29.0390 4488 Secdrv - ok
09:20:29.0390 4488 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:20:29.0390 4488 seclogon - ok
09:20:29.0406 4488 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:20:29.0406 4488 SENS - ok
09:20:29.0421 4488 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:20:29.0421 4488 serenum - ok
09:20:29.0437 4488 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:20:29.0437 4488 Serial - ok
09:20:29.0468 4488 [ 277D0890E10584C216BCCFA4EF6B9B3D ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:20:29.0484 4488 ServiceLayer - ok
09:20:29.0500 4488 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:20:29.0500 4488 Sfloppy - ok
09:20:29.0531 4488 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:20:29.0546 4488 SharedAccess - ok
09:20:29.0578 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:20:29.0578 4488 ShellHWDetection - ok
09:20:29.0593 4488 Simbad - ok
09:20:29.0750 4488 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:20:29.0812 4488 Skype C2C Service - ok
09:20:29.0859 4488 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:20:29.0859 4488 SkypeUpdate - ok
09:20:29.0875 4488 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:20:29.0875 4488 SLIP - ok
09:20:29.0937 4488 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
09:20:29.0937 4488 SonicStage Back-End Service - ok
09:20:29.0937 4488 Sparrow - ok
09:20:29.0953 4488 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:20:29.0953 4488 splitter - ok
09:20:29.0984 4488 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:20:29.0984 4488 Spooler - ok
09:20:30.0015 4488 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:20:30.0015 4488 sr - ok
09:20:30.0046 4488 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:20:30.0046 4488 srservice - ok
09:20:30.0062 4488 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:20:30.0062 4488 Srv - ok
09:20:30.0093 4488 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
09:20:30.0093 4488 ssadbus - ok
09:20:30.0109 4488 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
09:20:30.0109 4488 ssadmdfl - ok
09:20:30.0140 4488 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
09:20:30.0140 4488 ssadmdm - ok
09:20:30.0156 4488 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:20:30.0156 4488 SSDPSRV - ok
09:20:30.0187 4488 [ A322501277D7733F5266581B79B8CC79 ] SSHDRV65 C:\WINDOWS\system32\drivers\SSHDRV65.sys
09:20:30.0187 4488 SSHDRV65 - ok
09:20:30.0187 4488 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
09:20:30.0187 4488 SSScsiSV - ok
09:20:30.0218 4488 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
09:20:30.0234 4488 ssudmdm - ok
09:20:30.0250 4488 Steam Client Service - ok
09:20:30.0265 4488 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:20:30.0265 4488 stisvc - ok
09:20:30.0296 4488 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:20:30.0296 4488 streamip - ok
09:20:30.0312 4488 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:20:30.0312 4488 swenum - ok
09:20:30.0328 4488 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:20:30.0328 4488 swmidi - ok
09:20:30.0328 4488 SwPrv - ok
09:20:30.0343 4488 symc810 - ok
09:20:30.0343 4488 symc8xx - ok
09:20:30.0343 4488 sym_hi - ok
09:20:30.0343 4488 sym_u3 - ok
09:20:30.0359 4488 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:20:30.0359 4488 sysaudio - ok
09:20:30.0390 4488 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:20:30.0390 4488 SysmonLog - ok
09:20:30.0421 4488 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
09:20:30.0421 4488 tap0901 - ok
09:20:30.0437 4488 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:20:30.0453 4488 TapiSrv - ok
09:20:30.0500 4488 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:20:30.0500 4488 Tcpip - ok
09:20:30.0562 4488 tcpip helper - ok
09:20:30.0578 4488 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:20:30.0578 4488 TDPIPE - ok
09:20:30.0578 4488 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:20:30.0578 4488 TDTCP - ok
09:20:30.0593 4488 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:20:30.0593 4488 TermDD - ok
09:20:30.0609 4488 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:20:30.0625 4488 TermService - ok
09:20:30.0656 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:20:30.0656 4488 Themes - ok
09:20:30.0671 4488 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:20:30.0687 4488 TlntSvr - ok
09:20:30.0687 4488 TosIde - ok
09:20:30.0703 4488 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:20:30.0718 4488 TrkWks - ok
09:20:30.0734 4488 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
09:20:30.0734 4488 TuneUp.Defrag - ok
09:20:30.0750 4488 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:20:30.0750 4488 Udfs - ok
09:20:30.0765 4488 ultra - ok
09:20:30.0781 4488 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:20:30.0781 4488 Update - ok
09:20:30.0812 4488 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:20:30.0812 4488 upnphost - ok
09:20:30.0843 4488 [ F5D2AA9D56A3A01A190D01CD961BA0E7 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
09:20:30.0843 4488 upperdev - ok
09:20:30.0843 4488 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:20:30.0859 4488 UPS - ok
09:20:30.0875 4488 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
09:20:30.0953 4488 USBAAPL - ok
09:20:30.0968 4488 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
09:20:30.0968 4488 usbaudio - ok
09:20:31.0000 4488 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:20:31.0000 4488 usbccgp - ok
09:20:31.0015 4488 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:20:31.0015 4488 usbehci - ok
09:20:31.0015 4488 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:20:31.0015 4488 usbhub - ok
09:20:31.0046 4488 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:20:31.0046 4488 usbprint - ok
09:20:31.0062 4488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:20:31.0062 4488 usbscan - ok
09:20:31.0093 4488 [ EB2D3830646E393776E1EF98AC76A43D ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
09:20:31.0093 4488 UsbserFilt - ok
09:20:31.0109 4488 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:20:31.0109 4488 USBSTOR - ok
09:20:31.0109 4488 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:20:31.0109 4488 usbuhci - ok
09:20:31.0140 4488 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
09:20:31.0140 4488 UxTuneUp - ok
09:20:31.0156 4488 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:20:31.0156 4488 VgaSave - ok
09:20:31.0171 4488 ViaIde - ok
09:20:31.0187 4488 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:20:31.0187 4488 VolSnap - ok
09:20:31.0218 4488 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:20:31.0218 4488 VSS - ok
09:20:31.0296 4488 [ F4FAB0B9D43A65F79FC838C94006F643 ] VX1000 C:\WINDOWS\system32\DRIVERS\VX1000.sys
09:20:31.0343 4488 VX1000 - ok
09:20:31.0359 4488 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:20:31.0359 4488 W32Time - ok
09:20:31.0421 4488 [ 97ED5AA5FBAA105EF614B8C240B62BA1 ] wampapache c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
09:20:31.0421 4488 wampapache - ok
09:20:31.0437 4488 wampmysqld - ok
09:20:31.0453 4488 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:20:31.0453 4488 Wanarp - ok
09:20:31.0468 4488 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:20:31.0468 4488 WDC_SAM - ok
09:20:31.0500 4488 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:20:31.0500 4488 Wdf01000 - ok
09:20:31.0500 4488 WDICA - ok
09:20:31.0515 4488 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:20:31.0531 4488 wdmaud - ok
09:20:31.0562 4488 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:20:31.0562 4488 WebClient - ok
09:20:31.0609 4488 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
09:20:31.0609 4488 WinDefend - ok
09:20:31.0671 4488 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:20:31.0671 4488 winmgmt - ok
09:20:31.0703 4488 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
09:20:31.0703 4488 WinUSB - ok
09:20:31.0750 4488 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:20:31.0812 4488 wlidsvc - ok
09:20:31.0828 4488 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:20:31.0843 4488 WmdmPmSN - ok
09:20:31.0875 4488 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:20:31.0890 4488 Wmi - ok
09:20:31.0906 4488 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:20:31.0906 4488 WmiApSrv - ok
09:20:31.0984 4488 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:20:32.0000 4488 WMPNetworkSvc - ok
09:20:32.0031 4488 [ 1AC313913F66D8DCFB78D2B6E1672952 ] wod0205 C:\WINDOWS\system32\DRIVERS\wod0205.sys
09:20:32.0031 4488 wod0205 - ok
09:20:32.0046 4488 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:20:32.0046 4488 WpdUsb - ok
09:20:32.0109 4488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:20:32.0125 4488 WPFFontCache_v0400 - ok
09:20:32.0156 4488 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:20:32.0156 4488 WS2IFSL - ok
09:20:32.0171 4488 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:20:32.0187 4488 wscsvc - ok
09:20:32.0187 4488 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:20:32.0187 4488 WSTCODEC - ok
09:20:32.0203 4488 [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:20:32.0218 4488 wuauserv - ok
09:20:32.0250 4488 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:20:32.0250 4488 WudfPf - ok
09:20:32.0265 4488 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:20:32.0265 4488 WudfRd - ok
09:20:32.0281 4488 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:20:32.0281 4488 WudfSvc - ok
09:20:32.0312 4488 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:20:32.0328 4488 WZCSVC - ok
09:20:32.0343 4488 XDva037 - ok
09:20:32.0343 4488 XDva104 - ok
09:20:32.0343 4488 XDva121 - ok
09:20:32.0343 4488 XDva132 - ok
09:20:32.0343 4488 XDva158 - ok
09:20:32.0359 4488 XDva165 - ok
09:20:32.0359 4488 XDva167 - ok
09:20:32.0359 4488 XDva170 - ok
09:20:32.0359 4488 XDva177 - ok
09:20:32.0359 4488 XDva189 - ok
09:20:32.0375 4488 XDva190 - ok
09:20:32.0375 4488 XDva195 - ok
09:20:32.0375 4488 XDva204 - ok
09:20:32.0375 4488 XDva208 - ok
09:20:32.0390 4488 XDva332 - ok
09:20:32.0390 4488 XDva386 - ok
09:20:32.0390 4488 XDva390 - ok
09:20:32.0390 4488 XDva397 - ok
09:20:32.0406 4488 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:20:32.0421 4488 xmlprov - ok
09:20:32.0437 4488 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
09:20:32.0437 4488 xusb21 - ok
09:20:32.0453 4488 ================ Scan global ===============================
09:20:32.0484 4488 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:20:32.0515 4488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:20:32.0531 4488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:20:32.0562 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:20:32.0562 4488 [Global] - ok
09:20:32.0562 4488 ================ Scan MBR ==================================
09:20:32.0578 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
09:20:32.0578 4488 \Device\Harddisk3\DR3 - ok
09:20:32.0593 4488 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:20:32.0750 4488 \Device\Harddisk0\DR0 - ok
09:20:32.0765 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:20:32.0765 4488 \Device\Harddisk1\DR1 - ok
09:20:32.0781 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
09:20:32.0781 4488 \Device\Harddisk2\DR2 - ok
09:20:32.0781 4488 ================ Scan VBR ==================================
09:20:32.0781 4488 [ 82406F736592EB36AD663B8113CB6F94 ] \Device\Harddisk3\DR3\Partition1
09:20:32.0781 4488 \Device\Harddisk3\DR3\Partition1 - ok
09:20:32.0796 4488 [ EA3BAFB9F4E7FC87056070AFD0795C0D ] \Device\Harddisk3\DR3\Partition2
09:20:32.0796 4488 \Device\Harddisk3\DR3\Partition2 - ok
09:20:32.0812 4488 [ 662B5CAD01AA81FE09534A3A934694DA ] \Device\Harddisk0\DR0\Partition1
09:20:32.0812 4488 \Device\Harddisk0\DR0\Partition1 - ok
09:20:32.0828 4488 [ 69CBEA82CD02EE26991834BA631B79B2 ] \Device\Harddisk0\DR0\Partition2
09:20:32.0828 4488 \Device\Harddisk0\DR0\Partition2 - ok
09:20:32.0828 4488 [ 10C97AB5BA5542D2175C9E002838E888 ] \Device\Harddisk1\DR1\Partition1
09:20:32.0828 4488 \Device\Harddisk1\DR1\Partition1 - ok
09:20:32.0828 4488 [ 4DE91B380150BF20874F65F43823AC5F ] \Device\Harddisk1\DR1\Partition2
09:20:32.0828 4488 \Device\Harddisk1\DR1\Partition2 - ok
09:20:32.0828 4488 [ F572D626B09E08EC99416E482BD35AC5 ] \Device\Harddisk2\DR2\Partition1
09:20:32.0828 4488 \Device\Harddisk2\DR2\Partition1 - ok
09:20:32.0828 4488 ============================================================
09:20:32.0828 4488 Scan finished
09:20:32.0828 4488 ============================================================
09:20:32.0843 5688 Detected object count: 1
09:20:32.0843 5688 Actual detected object count: 1
09:21:02.0890 5688 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
09:21:02.0890 5688 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
 
Looks good.

How is computer doing?

=====================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

=====================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=====================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Everything seems fine. The folder containing HRUPPROG doesn't automatically open after rebooting anymore. (This was before running any of the tools you've provided me in the last post.) Here are the logs you wanted.

AdwCleaner[S2].txt
# AdwCleaner v2.105 - Logfile created 01/17/2013 at 16:58:42
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ccw - COMPANY-6EF3B74
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\SweetIM
File Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\ccw\Application Data\cacaoweb
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\Conduit
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT2124320
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT2405280
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT3220468
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\Smartbar
Folder Deleted : C:\Documents and Settings\ccw\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\ccw\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\ccw\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\ccw\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\ccw\Local Settings\Application Data\Messenger_Plus_Live
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Messenger_Plus_Live
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ocr@babylon.com
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Messenger_Plus_Live
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9B339F6E-DDCD-401B-8764-230ADBD01761}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B339F6E-DDCD-401B-8764-230ADBD01761}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B339F6E-DDCD-401B-8764-230ADBD01761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2124320
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Messenger_Plus_Live
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD617AE-D6B8-4D13-ABE0-DAA50C7E0BE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E226123-0194-428A-A96A-E1C4F662493C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Messenger_Plus_Live Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B339F6E-DDCD-401B-8764-230ADBD01761}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger_Plus_Live Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3212_4&babsrc=NT_ss&mntrId=58dc856500000000000000ff3c7d56c8 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\prefs.js

C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\user.js ... Deleted !

Deleted : user_pref("CT2124320..clientLogIsEnabled", false);
Deleted : user_pref("CT2124320..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2124320..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2124320.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2124320.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129454520457806688", true);
Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129454520458275440", true);
Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129785340591042927", true);
Deleted : user_pref("CT2124320.CT2124320", "CT2124320");
Deleted : user_pref("CT2124320.CommunitiesChangesLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2124320.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT2124320.CurrentServerDate", "15-1-2013");
Deleted : user_pref("CT2124320.DSInstall", false);
Deleted : user_pref("CT2124320.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2124320.DialogsGetterLastCheckTime", "Sun Jan 13 2013 18:34:01 GMT+0800 (Malay Peninsul[...]
Deleted : user_pref("CT2124320.DownloadReferralCookieData", "");
Deleted : user_pref("CT2124320.FirstServerDate", "14-7-2012");
Deleted : user_pref("CT2124320.FirstTime", true);
Deleted : user_pref("CT2124320.FirstTimeFF3", true);
Deleted : user_pref("CT2124320.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2124320.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2124320.GroupingLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Peninsula Sta[...]
Deleted : user_pref("CT2124320.GroupingLastResponse", false);
Deleted : user_pref("CT2124320.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2124320.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2124320.HPInstall", false);
Deleted : user_pref("CT2124320.HasUserGlobalKeys", true);
Deleted : user_pref("CT2124320.Initialize", true);
Deleted : user_pref("CT2124320.InitializeCommonPrefs", true);
Deleted : user_pref("CT2124320.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2124320.InstallationType", "Unknown");
Deleted : user_pref("CT2124320.InstalledDate", "Sun Jul 15 2012 04:40:24 GMT+0800 (Malay Peninsula Standard Ti[...]
Deleted : user_pref("CT2124320.IsGrouping", true);
Deleted : user_pref("CT2124320.IsInitSetupIni", true);
Deleted : user_pref("CT2124320.IsMulticommunity", false);
Deleted : user_pref("CT2124320.IsOpenThankYouPage", true);
Deleted : user_pref("CT2124320.IsOpenUninstallPage", true);
Deleted : user_pref("CT2124320.LanguagePackLastCheckTime", "Tue Jan 15 2013 06:48:51 GMT+0800 (Malay Peninsula[...]
Deleted : user_pref("CT2124320.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2124320.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2124320.LastLogin_3.13.0.6", "Mon Jul 16 2012 12:02:38 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2124320.LastLogin_3.14.1.0", "Wed Aug 22 2012 06:19:02 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2124320.LastLogin_3.15.1.0", "Wed Nov 07 2012 02:32:41 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2124320.LastLogin_3.16.0.3", "Tue Jan 15 2013 06:48:50 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2124320.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2124320.Locale", "en-us");
Deleted : user_pref("CT2124320.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2124320.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2124320.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2124320.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2124320.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2124320.SearchCaption", "Messenger Plus Live Customized Web Search");
Deleted : user_pref("CT2124320.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2124320.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT212[...]
Deleted : user_pref("CT2124320.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2124320.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2124320.SearchInNewTabLastCheckTime", "Tue Jan 15 2013 06:48:49 GMT+0800 (Malay Peninsu[...]
Deleted : user_pref("CT2124320.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2124320.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2124320.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2124320.ServiceMapLastCheckTime", "Tue Jan 15 2013 06:48:49 GMT+0800 (Malay Peninsula S[...]
Deleted : user_pref("CT2124320.SettingsLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Peninsula Sta[...]
Deleted : user_pref("CT2124320.SettingsLastUpdate", "1358179894");
Deleted : user_pref("CT2124320.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13");
Deleted : user_pref("CT2124320.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2124320.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2124320");
Deleted : user_pref("CT2124320.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2124320.UserID", "UN03092849466796055");
Deleted : user_pref("CT2124320.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2124320.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2124320.initDone", true);
Deleted : user_pref("CT2124320.myStuffEnabled", true);
Deleted : user_pref("CT2124320.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2124320.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2124320.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2124320.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2124320.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2124320.revertSettingsEnabled", true);
Deleted : user_pref("CT2124320.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2124320.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2124320.testingCtid", "");
Deleted : user_pref("CT2124320.toolbarAppMetaDataLastCheckTime", "Tue Jan 15 2013 06:48:52 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2124320.usagesFlag", 2);
Deleted : user_pref("CT2405280..clientLogIsEnabled", false);
Deleted : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2405280.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129774179987157757", true);
Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129784483889712321", true);
Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129791224268491262", true);
Deleted : user_pref("CT2405280.CT2405280", "CT2405280");
Deleted : user_pref("CT2405280.CurrentServerDate", "15-1-2013");
Deleted : user_pref("CT2405280.DSInstall", false);
Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405280.DialogsGetterLastCheckTime", "Sun Jan 13 2013 18:34:04 GMT+0800 (Malay Peninsul[...]
Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Sun Jul 15 2012 04:40:09 GMT+0800 (Malay Peninsula Sta[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261706866434151", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707012811589", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707384123612", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707412150447", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707418280754", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707599928299", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707617263572", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707752362117", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707795264368", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707808925892", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707869626670", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707927596866", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261707979233386", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708034493544", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708039069553", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708204445100", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708227524777", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708292165278", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708353935180", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708439778168", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708441073195", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708501569511", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708831214041", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708861663992", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708872995288", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708956613188", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261708999019736", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709029944985", "Sun Jul 15 2012 04:40:33 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709040316547", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709118321128", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709147189875", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709273103006", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709334228118", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709396042055", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709489005996", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709505836033", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709733509620", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709917159621", "Sun Jul 15 2012 04:40:20 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709924030613", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261709992975824", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710020959596", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710022683544", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710146768558", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710237979418", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710281192798", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710293301155", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710367954069", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710537116573", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710539360442", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710710752156", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710876567422", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedPollDate1783261710898547036", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.FeedTTL1783261706866434151", 30);
Deleted : user_pref("CT2405280.FeedTTL1783261707418280754", 60);
Deleted : user_pref("CT2405280.FeedTTL1783261707617263572", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261707752362117", 1440);
Deleted : user_pref("CT2405280.FeedTTL1783261707979233386", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261708034493544", 30);
Deleted : user_pref("CT2405280.FeedTTL1783261708039069553", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261708439778168", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261708441073195", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261708872995288", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261709147189875", 2);
Deleted : user_pref("CT2405280.FeedTTL1783261709334228118", 10);
Deleted : user_pref("CT2405280.FeedTTL1783261709396042055", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261709505836033", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261709917159621", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261710281192798", 2);
Deleted : user_pref("CT2405280.FeedTTL1783261710367954069", 10);
Deleted : user_pref("CT2405280.FeedTTL1783261710537116573", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261710876567422", 2);
Deleted : user_pref("CT2405280.FeedTTL1783261710898547036", 15);
Deleted : user_pref("CT2405280.FirstServerDate", "14-7-2012");
Deleted : user_pref("CT2405280.FirstTime", true);
Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Deleted : user_pref("CT2405280.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2405280.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405280.HPInstall", false);
Deleted : user_pref("CT2405280.HasUserGlobalKeys", true);
Deleted : user_pref("CT2405280.Initialize", true);
Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2405280.InstallationType", "Unknown");
Deleted : user_pref("CT2405280.InstalledDate", "Sun Jul 15 2012 04:40:33 GMT+0800 (Malay Peninsula Standard Ti[...]
Deleted : user_pref("CT2405280.InvalidateCache", false);
Deleted : user_pref("CT2405280.IsGrouping", false);
Deleted : user_pref("CT2405280.IsInitSetupIni", true);
Deleted : user_pref("CT2405280.IsMulticommunity", false);
Deleted : user_pref("CT2405280.IsOpenThankYouPage", true);
Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Peninsula[...]
Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405280.LastLogin_3.13.0.6", "Mon Jul 16 2012 12:02:37 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2405280.LastLogin_3.14.1.0", "Wed Aug 22 2012 06:19:01 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2405280.LastLogin_3.15.1.0", "Wed Nov 07 2012 02:32:40 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2405280.LastLogin_3.16.0.100", "Tue Jan 15 2013 06:48:56 GMT+0800 (Malay Peninsula Stan[...]
Deleted : user_pref("CT2405280.LastLogin_3.16.0.3", "Mon Dec 31 2012 07:42:01 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2405280.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2405280.Locale", "en-us");
Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405280.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2405280.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Deleted : user_pref("CT2405280.RadioLastCheckTime", "Sun Jul 15 2012 04:40:13 GMT+0800 (Malay Peninsula Standa[...]
Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Deleted : user_pref("CT2405280.RadioMediaID", "9962");
Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT24052809962");
Deleted : user_pref("CT2405280.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2405280.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2405280.SearchCaption", "ST-Eng7 Customized Web Search");
Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Jan 15 2013 06:48:52 GMT+0800 (Malay Peninsu[...]
Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405280.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2405280.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Peninsula S[...]
Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Tue Jan 15 2013 06:48:50 GMT+0800 (Malay Peninsula Sta[...]
Deleted : user_pref("CT2405280.SettingsLastUpdate", "1358179895");
Deleted : user_pref("CT2405280.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13");
Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Sun Jul 15 2012 04:39:00 GMT+0800 (Malay Penin[...]
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2405280.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2405280");
Deleted : user_pref("CT2405280.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2405280.UserID", "UN64606146701088816");
Deleted : user_pref("CT2405280.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2405280.WeatherNetwork", "");
Deleted : user_pref("CT2405280.WeatherPollDate", "Sun Jul 15 2012 04:40:09 GMT+0800 (Malay Peninsula Standard [...]
Deleted : user_pref("CT2405280.WeatherUnit", "C");
Deleted : user_pref("CT2405280.alertChannelId", "799768");
Deleted : user_pref("CT2405280.backendstorage.cbcountry_001", "4D59");
Deleted : user_pref("CT2405280.backendstorage.cbfirsttime", "53756E204A756C20313520323031322030343A34313A30322[...]
Deleted : user_pref("CT2405280.backendstorage.ct2405280isadsdisabled", "66616C7365");
Deleted : user_pref("CT2405280.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "653935656432646461613164[...]
Deleted : user_pref("CT2405280.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "653935656432646461613164[...]
Deleted : user_pref("CT2405280.backendstorage.shoppingapp.gk.exipres", "467269204A756C20323020323031322030343A[...]
Deleted : user_pref("CT2405280.backendstorage.shoppingapp.gk.geolocation", "6D616C6179736961");
Deleted : user_pref("CT2405280.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2405280.globalFirstTimeInfoLastCheckTime", "Sun Jul 15 2012 04:40:15 GMT+0800 (Malay Pe[...]
Deleted : user_pref("CT2405280.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2405280.initDone", true);
Deleted : user_pref("CT2405280.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2405280.isFirstRadioInstallation", false);
Deleted : user_pref("CT2405280.myStuffEnabled", true);
Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405280.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2405280.revertSettingsEnabled", true);
Deleted : user_pref("CT2405280.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2405280.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2405280.testingCtid", "");
Deleted : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Sun Jul 15 2012 04:40:26 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2405280.usagesFlag", 2);
Deleted : user_pref("CT3220468.129813684259252248.APP_WIN_FEATURES", "resizable=0,saveresizedsize=0,titlebar=0[...]
Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348776377,\"uuid\":690548700038530,\"seq_id\":1,\"ss[...]
Deleted : user_pref("CT3220468.BT_Usage", "{\"uuid\":690548700038530,\"seq_id\":3}");
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.UserID", "UN48888037723146956");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "MY");
Deleted : user_pref("CT3220468.cbfirsttime", "Fri Sep 28 2012 04:06:06 GMT+0800 (Malay Peninsula Standard Time[...]
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fft3C.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348776363213");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348776362917");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348776364541");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353297136672");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358073364506");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348776365661");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348776363032");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1358038459696");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348776364510");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1358073363703");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1358038460404");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "27-9-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "13-1-2013");
Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3220468.url_history0001", "hxxp://www.iptorrents.com/details.php?id=694913:::clickhandl[...]
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2124320/CT2124320[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/MY", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2124320", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2124320",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2405280",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\ccw\\Application D[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2124320,CT2405280");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2124320,CT2405280");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2124320,CT2405280");
Deleted : user_pref("CommunityToolbar.globalUserId", "39af4580-4f1b-4f99-9147-4f2986dc252f");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 15 2012 04:40:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 15 2012 04:40:42 GMT+080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 15 2012 04:39:00 GMT+0800 (M[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "5eae986c-9ac7-43a4-8bd8-e77aa9bb869f");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111015&tt=090812_bab_3212_4");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 11);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "MY");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "95D6294DA92513FDBFBA6851BD52429A");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "58dc856500000000000000ff3c7d56c8");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15563");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111015&tt=090812[...]
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "14");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 11);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.623:28:58");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=111015&tt=090812_[...]
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 83212783);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "none");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.623:28:58");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=090812_bab_3212_4");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.623:28:58");
Deleted : user_pref("searchreset.backup.browser.newtab.url", "hxxp://search.babylon.com/?affID=111015&tt=09081[...]
Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9sm5ewo3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [47575 octets] - [17/01/2013 16:58:42]

########## EOF - C:\AdwCleaner[S2].txt - [47636 octets] ##########
 
JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.3 (01.15.2013:1)
OS: Microsoft Windows XP x86
Ran by ccw on Thu 01/17/2013 at 17:05:19.39
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2025429265-1035525444-682003330-1003\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"



~~~ FireFox

Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com"
Emptied folder: C:\Documents and Settings\ccw\Application Data\mozilla\firefox\profiles\jra73cwe.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/17/2013 at 17:08:32.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL.txt
OTL logfile created on: 1/17/2013 5:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ccw\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 41.96 Gb Free Space | 28.65% Space Free | Partition Type: NTFS
Drive D: | 151.60 Gb Total Space | 64.77 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
Drive G: | 117.19 Gb Total Space | 89.48 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
Drive H: | 115.69 Gb Total Space | 36.64 Gb Free Space | 31.67% Space Free | Partition Type: NTFS
Drive I: | 146.48 Gb Total Space | 52.09 Gb Free Space | 35.56% Space Free | Partition Type: NTFS
Drive J: | 151.61 Gb Total Space | 141.38 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 96.21 Gb Free Space | 20.66% Space Free | Partition Type: NTFS

Computer Name: COMPANY-6EF3B74 | User Name: ccw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 16:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/12/05 01:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- L:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2011/12/16 16:24:22 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/08/22 07:48:18 | 000,504,112 | ---- | M] (COMODO) -- L:\Program Files\Comodo Unite\crdphService.exe
PRC - [2011/08/22 07:48:18 | 000,360,752 | ---- | M] (COMODO) -- L:\Program Files\Comodo Unite\EzVpnSvc.exe
PRC - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/09 06:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/18 03:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/11/30 21:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/13 10:06:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/13 09:31:05 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
MOD - [2013/01/13 09:30:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/13 09:22:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/13 09:21:32 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/13 09:21:25 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/13 09:21:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/13 09:21:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/13 09:21:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013/01/13 09:20:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/13 09:20:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/07/27 21:21:24 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/12/16 16:24:04 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/08/22 07:48:18 | 001,126,704 | ---- | M] () -- L:\Program Files\Comodo Unite\EngineServiceBridge.dll
MOD - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/08/09 06:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- H:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/11 13:29:57 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 15:44:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/01 00:03:57 | 001,528,424 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- L:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- I:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/05 01:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- L:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/11/25 01:57:44 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/13 03:05:24 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/22 07:48:18 | 000,360,752 | ---- | M] (COMODO) [Auto | Running] -- L:\Program Files\Comodo Unite\EzVpnSvc.exe -- (EzVpnSvc)
SRV - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/03/11 05:46:00 | 003,601,608 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/07/19 04:28:53 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/05/29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/17 19:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)
SRV - [2007/05/18 03:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/02/05 23:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 23:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/11/30 21:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 21:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/18 02:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva332.sys -- (XDva332)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva208.sys -- (XDva208)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva204.sys -- (XDva204)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva195.sys -- (XDva195)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva189.sys -- (XDva189)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva177.sys -- (XDva177)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva170.sys -- (XDva170)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva167.sys -- (XDva167)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva165.sys -- (XDva165)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva158.sys -- (XDva158)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva121.sys -- (XDva121)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva104.sys -- (XDva104)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva037.sys -- (XDva037)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\x86\tcpiphlp.sys -- (tcpip helper)
DRV - File not found [Kernel | System | Stopped] -- System32\drivers\sdbuss.sys -- (sdbuss)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\point32.sys -- (Point32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Program Files\Breadou RO\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ccw\LOCALS~1\Temp\MZH5CF.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ccw\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\Program Files\Softnyx\WolfTeam\apf001.sys -- (apf001)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/01/10 13:54:42 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/07/28 12:05:12 | 006,646,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/05/14 14:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/05/12 12:31:00 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2012/03/22 19:42:04 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV - [2012/02/24 17:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/02/24 17:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/04/26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/04/23 20:30:16 | 000,028,936 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wod0205.sys -- (wod0205)
DRV - [2011/04/14 11:01:46 | 000,017,816 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmdatp.sys -- (ATP)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/12/07 14:12:24 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:12:24 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:12:22 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:12:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/03 14:26:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/10/18 11:03:50 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/09/30 00:35:08 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/09/30 00:35:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/08/07 19:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/15 09:24:32 | 000,171,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/14 02:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/05 14:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/11 03:46:54 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/04/04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic)
DRV - [2007/04/04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007/04/04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5)
DRV - [2007/04/04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt)
DRV - [2007/04/04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus)
DRV - [2007/02/16 10:27:10 | 000,044,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/11/30 21:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 21:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 21:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 21:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 21:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 21:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/10 21:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/02/07 19:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/iat/us_my.aspx
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 D6 5D CD DD A4 CA 01 [binary data]
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\${searchCLSID}: "URL" = http://malaysia.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: support%40super-hide-ip.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.13.40.15
FF - prefs.js..extensions.enabledAddons: %7B9b339f6e-ddcd-401b-8764-230adbd01761%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3%7D:3.16.0.100
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_394\npaosmgr.dll File not found
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll File not found
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: L:\Program Files\Comodo Unite\npEasyVpnLVN.dll (COMODO)
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: L:\Program Files\Comodo Unite\NpRdpView.dll ( )
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: L:\Program Files\Comodo Unite\NpVncView.dll ( )
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll File not found
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ccw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 13:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/02 21:26:20 | 000,000,000 | ---D | M]

[2008/07/02 21:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Extensions
[2013/01/17 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions
[2010/06/24 21:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/05 10:59:43 | 000,000,000 | ---D | M] (NeffyPlugin Launcher) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
[2008/05/27 20:36:07 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2010/10/06 19:05:11 | 000,000,000 | ---D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2008/09/27 00:55:01 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\betteryoutube@ginatrapani.org
[2008/09/07 14:49:10 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\bkmrksync@nokia.com
[2011/05/29 21:33:58 | 000,004,546 | ---- | M] () (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\support@super-hide-ip.com.xpi
[2009/05/12 21:12:31 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\searchplugins\live-search.xml
[2013/01/17 16:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/30 23:28:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{9B339F6E-DDCD-401B-8764-230ADBD01761}
[2013/01/11 13:29:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/08/30 07:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/26 01:13:41 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Comodo Rdp View Plugin for FireFox (Enabled) = L:\Program Files\Comodo Unite\NpRdpView.dll
CHR - plugin: Comodo Vnc View Plugin for FireFox (Enabled) = L:\Program Files\Comodo Unite\NpVncView.dll
CHR - plugin: ComodoLVN (Enabled) = L:\Program Files\Comodo Unite\npEasyVpnLVN.dll
CHR - Extension: Entanglement = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: XJZ Survey Remover = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cghbpbbbdbdcljgdhfpfhkpknlaefjhl\3.5.0.1_0\
CHR - Extension: Monster Dash = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
CHR - Extension: Avalanche!! = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoikneojmkaopdhhdpdfmdlcnpmlhnhk\1.43_0\
CHR - Extension: OrangeFPS on Roozz = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifnckhopllcmleegegheacblhehfifei\0.1.0.5_0\
CHR - Extension: Snow = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdcgdhlccojbnonmhcioigcdodakjcmh\1.0.0.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Flight = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncceffnkmmhggjnfdbkgmihjdmgccfmo\2.0.1_0\
 
O1 HOSTS File: ([2013/01/10 19:56:12 | 000,001,084 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 202.76.225.179patch.playro2.com#RO2 Patch Server
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7CC66639-C337-40C3-A661-34CF9F39D25E} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (LeapFTP Internet Explorer Hook) - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - L:\Program Files\LeapFTP 3.0\lftpie.dll (LeapWare)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.my/com/EGamesPlugin.cab (EGamesPlugin Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D054C94A-2078-4A92-9266-69AE82969164}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D054C94A-2078-4A92-9266-69AE82969164}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\urqOIAQk: DllName - (urqOIAQk.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/12 01:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 17:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/17 17:04:57 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 16:57:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
[2013/01/17 16:57:53 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\ccw\Desktop\JRT.exe
[2013/01/10 23:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Desktop\New Folder
[2013/01/10 19:09:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/09 13:19:01 | 000,000,000 | --SD | C] -- C:\ccw
[2013/01/07 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application Data\FlashgetSetup
[2013/01/07 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application Data\BITS
[2013/01/07 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Desktop\LMK desktop
[2013/01/07 12:34:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/07 12:32:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/07 12:32:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/07 12:32:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/07 12:32:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/07 12:32:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/07 12:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/06 17:56:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/06 17:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/06 15:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinDir
[2013/01/06 15:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application DataMicrosoft
[2013/01/03 14:09:57 | 000,000,000 | ---D | C] -- C:\gravity
[2013/01/02 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Local Settings\Application Data\Sun
[2012/12/27 15:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2011/01/30 20:46:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ccw\detoured.dll
[2008/01/07 22:27:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ccw\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 17:14:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1035525444-682003330-1003UA.job
[2013/01/17 17:11:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 17:04:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/17 17:03:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/17 17:01:13 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 17:01:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/01/17 17:00:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/17 16:58:07 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\ccw\Desktop\JRT.exe
[2013/01/17 16:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
[2013/01/17 16:57:58 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
[2013/01/17 16:31:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 23:16:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2013/01/16 18:14:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1035525444-682003330-1003Core.job
[2013/01/16 14:52:04 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\index.xml
[2013/01/16 14:52:04 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/01/13 23:18:03 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\ccw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/13 23:18:03 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\ccw\Desktop\Google Chrome.lnk
[2013/01/13 09:20:14 | 000,505,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/13 09:20:14 | 000,089,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/12 23:16:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2013/01/12 23:16:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2013/01/12 16:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/11 17:26:47 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2013/01/10 13:54:42 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/07 19:16:34 | 000,000,025 | ---- | M] () -- C:\WINDOWS\emcore.INI
[2013/01/07 12:34:13 | 000,000,471 | RHS- | M] () -- C:\boot.ini
[2013/01/05 11:37:36 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/23 01:48:56 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/23 01:03:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 16:57:45 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
[2013/01/10 13:54:42 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/07 19:16:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emcore.INI
[2013/01/07 12:34:13 | 000,000,355 | ---- | C] () -- C:\Boot.bak
[2013/01/07 12:34:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/07 12:32:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/07 12:32:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/07 12:32:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/07 12:32:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/07 12:32:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/28 08:27:54 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/18 16:20:42 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/09/18 16:20:42 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/09/18 16:20:42 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/07/13 21:16:04 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe
[2012/05/11 20:13:21 | 000,157,570 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2012/05/11 20:13:21 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2012/05/03 14:44:25 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\ccw\usb001
[2012/04/16 16:42:09 | 000,157,529 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
[2012/04/16 16:42:09 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
[2012/02/15 18:38:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/10/08 22:06:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/09/05 15:19:56 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2011/05/30 16:19:14 | 004,416,228 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-1035525444-682003330-1003-0.dat
[2011/05/30 16:19:03 | 000,380,406 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/26 19:51:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011/05/26 01:04:50 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\room_v3.dat
[2011/03/28 21:52:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\RSBot_Accounts.ini
[2011/03/23 02:35:34 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\room.dat
[2011/01/30 20:46:26 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\ccw\typex_io.dll
[2011/01/30 20:45:39 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\ccw\typex_bindings.bin
[2011/01/30 14:07:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/30 14:07:06 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/01/07 16:54:05 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\Current.prx
[2010/11/05 14:32:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\steam_md4.dat
[2010/08/28 13:56:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\steam_md2.dat
[2010/04/01 12:11:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\$_hpcst$.hpc
[2009/11/20 00:37:04 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\ccw\jagex_runescape_preferences2.dat
[2009/11/20 00:34:46 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\ccw\jagex_runescape_preferences.dat
[2008/09/29 08:33:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ccw\WoW-2.3.0-enUS-patch.exe.part
[2008/08/16 23:17:07 | 006,402,670 | ---- | C] () -- C:\Documents and Settings\ccw\Desktop.zip
[2008/04/28 18:34:27 | 339,263,757 | ---- | C] () -- C:\Documents and Settings\ccw\ntuser.dt2
[2008/04/28 18:34:26 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\ccw\ntuser.dt
[2008/01/07 22:27:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\inst.exe
[2008/01/07 22:27:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\pcouffin.cat
[2008/01/07 22:27:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\pcouffin.inf
[2007/12/19 12:19:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\fusioncache.dat
[2007/12/19 12:18:10 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\PnkBstrK.sys
[2007/12/15 10:51:28 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007/12/12 20:37:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/23 11:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/05 18:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
[2012/03/03 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASUS WebStorage
[2011/09/01 09:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/01/06 16:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base
[2011/04/13 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/02/28 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2012/03/22 19:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Echobit
[2012/11/27 01:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/08/12 01:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
[2012/08/12 01:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012/07/02 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2012/08/01 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/03/25 16:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2008/09/07 14:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/16 17:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/02/13 11:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/05/25 15:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/01/04 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/01/04 17:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2012/11/07 16:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2008/09/07 14:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/05/12 16:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
[2013/01/06 14:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/27 15:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2012/07/11 22:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/31 22:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2011/05/29 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperHideIP
[2012/09/10 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/24 22:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/12/15 17:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2012/09/09 22:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
[2012/01/15 01:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS
[2011/01/29 12:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/26 20:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XBlades
[2012/07/25 22:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/03/26 10:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/07 16:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\.minecraft
[2011/08/08 14:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\.spoutcraft
[2005/04/08 10:16:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ccw\Application Data\58DC8565
[2011/05/29 18:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Ahnlab
[2012/03/03 11:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS
[2012/03/03 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS WebStorage
[2012/03/24 11:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2012/10/12 00:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Awesomium
[2013/01/07 19:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\BITS
[2011/05/25 14:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\CollabNet
[2012/09/15 21:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\DarknessII
[2012/03/06 18:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Downloaded Installations
[2011/03/18 21:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\DragonicaSCB
[2012/03/03 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\eCareme
[2012/10/18 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FATAL ZERO ACTION
[2013/01/07 19:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FlashgetSetup
[2009/05/24 09:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FOG Downloader
[2012/08/12 01:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Garena
[2012/08/12 01:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\GarenaPlus
[2012/11/30 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\gd.sos.McPixel
[2011/04/02 12:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\GetRightToGo
[2011/04/02 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\HandBrake
[2012/08/01 16:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\id Software
[2010/03/28 14:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ccw\Application Data\ijjigame
[2009/05/02 03:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ItchSignIso
[2008/12/23 19:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Kingston
[2008/11/25 21:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\LimeWire
[2012/09/20 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MotioninJoy
[2007/12/15 00:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MSNInstaller
[2011/05/25 16:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MySQL
[2008/09/14 00:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Nokia
[2012/03/13 17:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Notepad++
[2012/11/07 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Origin
[2012/03/03 10:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Outlook
[2008/09/07 14:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\PC Suite
[2008/01/07 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Pegasys Inc
[2007/12/14 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Publish Providers
[2011/05/11 17:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\PunkBuster
[2008/11/05 13:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Red Alert 3
[2012/03/12 23:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\RenPy
[2010/04/01 12:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Samsung
[2011/01/26 17:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\saves
[2012/10/31 22:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Screaming Bee
[2011/07/03 22:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SendSpace Wizard
[2007/12/14 13:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony
[2012/11/23 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony Online Entertainment
[2007/12/14 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony Setup
[2012/08/09 14:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Spadille
[2008/10/01 17:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Spore
[2011/05/25 15:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Subversion
[2011/05/29 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SuperHideIP
[2012/03/04 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SystemRequirementsLab
[2008/08/21 16:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\TeamViewer
[2011/01/27 00:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Teleca
[2011/01/26 18:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Thinstall
[2010/09/07 14:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Toon Boom Animation
[2007/12/24 22:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\TuneUp Software
[2011/12/15 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Tunngle
[2010/04/19 19:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Unity
[2013/01/11 12:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\uTorrent
[2010/11/06 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2012/04/07 13:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Vso
[2011/03/16 17:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\WeGame
[2008/07/27 12:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Windows Live Writer
[2012/03/22 19:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Wippien
[2011/08/21 02:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\YouTube Downloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A5A90A3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5638B93
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97BA9A8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5AD7675
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back