TechSpot

[Virus] svchost.exe and HRUPPROG

Solved
By MyCheeseCake
Jan 6, 2013
  1. Right after booting my computer, a folder opens up by itself with 2 files in it, HRUPPROG.txt and HRUPPROG.DIE.NOW.

    Also, a window pops up with the title "Open File - Security Warning" saying, "The publisher could not be verified, are you sure you want to run the software?" The software in this case is svchost.exe.

    I have followed the steps as stated in the "4-Step Viruses/Spyware/Malware Removal Preliminary Instructions" post here. And I am posting the contents of the logs. I hope assistance can be provided if needed.

    Malwarebytes Anti-Malware log

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.06.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    ccw :: COMPANY-6EF3B74 [administrator]

    1/6/2013 5:57:21 PM
    mbam-log-2013-01-06 (17-57-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248983
    Time elapsed: 9 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 23
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{01GP0MB7-0Y0Q-YN07-DW1Q-JB847COT4UL1} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{01GP0MB7-0Y0Q-YN07-DW1Q-JB847COT4UL1} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 6
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.SpyNet) -> Data: C:\WINDOWS\system32\WinDir\Svchost.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|18.exe (Trojan.Agent.Gen) -> Data: C:\Documents and Settings\ccw\Application DataMicrosoft\System\Services\18.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Palevo) -> Data: C:\Documents and Settings\ccw\Application Data\qmkin.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 12
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

    Files Detected: 16
    C:\WINDOWS\system32\H@tKeysH@@k.DLL (HackTool.HotKeyHook) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinDir\Svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Application Data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Application Data\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Application DataMicrosoft\System\Services\18.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Application Data\ccw-wchelper.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\RavenBleuUninstaller.exe (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_hpk.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ccw\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

    (end)


    DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
    Run by ccw at 18:17:18 on 2013-01-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.751 [GMT 8:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    L:\Program Files\Comodo Unite\EzVpnSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    L:\Program Files\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    L:\Program Files\Comodo Unite\crdphService.exe
    C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyServer = hxxp=;ftp=;https=;
    uProxyOverride = 192.168.*.*
    uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
    uURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: {7CC66639-C337-40C3-A661-34CF9F39D25E} - <orphaned>
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
    BHO: LeapFTP Internet Explorer Hook: {A5479DA1-7843-43A7-B5C0-BE342C77B629} - l:\program files\leapftp 3.0\lftpie.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Messenger Plus Live Toolbar: {9B339F6E-DDCD-401B-8764-230ADBD01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
    TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\prxtbMes2.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [LogMeIn Hamachi Ui] "I:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{c4609419-c11e-4ce6-b369-f3f8a7ddd94c}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: %SystemRoot%\system32\PrxerDrv.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer = 202.188.0.133,202.188.1.5
    TCP: Interfaces\{D054C94A-2078-4A92-9266-69AE82969164} : DHCPNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: urqOIAQk - urqOIAQk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQJcAT
    Hosts: 127.0.0.1mpa.one.microsoft.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3212_4&babsrc=KW_ss&mntrId=58dc856500000000000000ff3c7d56c8&q=
    FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\ccw\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\ccw\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
    FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll
    FF - plugin: l:\program files\comodo unite\npEasyVpnLVN.dll
    FF - plugin: l:\program files\comodo unite\NpRdpView.dll
    FF - plugin: l:\program files\comodo unite\NpVncView.dll
    FF - ExtSQL: 2038-01-18 21:14; betteryoutube@ginatrapani.org; c:\documents and settings\ccw\application data\mozilla\firefox\profiles\jra73cwe.default\extensions\betteryoutube@ginatrapani.org
    FF - ExtSQL: !HIDDEN! 2009-09-03 15:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 200000
    FF - user.js: content.notify.interval - 100000
    FF - user.js: content.switch.threshold - 650000
    FF - user.js: nglayout.initialpaint.delay - 300
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=090812_bab_3212_4
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 58dc856500000000000000ff3c7d56c8
    FF - user.js: extensions.BabylonToolbar.instlDay - 15563
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.623:28:58
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
    R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2008-10-18 120320]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 EzVpnSvc;COMODO Unite MultiLogin Service;l:\program files\comodo unite\EzVpnSvc.exe [2011-8-22 360752]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-12 54752]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-1 233472]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;I:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;l:\program files\hi-rez studios\HiPatchService.exe [2012-7-2 8704]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-12 104000]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-11 227184]
    R2 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.5\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-1 103040]
    R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\drivers\cmdatp.sys [2012-5-28 17816]
    R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\drivers\evolve.sys [2012-3-22 18584]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-1 36608]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-6 40776]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-12 72264]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-12 34152]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-12 168776]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
    S1 sdbuss;sdbuss;c:\windows\system32\drivers\sdbuss.sys --> c:\windows\system32\drivers\sdbuss.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S2 Windows_rejoice;Windows_rejoice;c:\program files\common files\microsoft shared\msinfo\re91.exe [2008-4-28 0]
    S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-1-30 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-1-30 20736]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-1-30 20096]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-1-30 25088]
    S3 apf001;apf001;\??\I:\program files\softnyx\wolfteam\apf001.sys --> I:\program files\softnyx\wolfteam\apf001.sys [?]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-12-13 6016]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-11 80824]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 EvoSvc;Evolve Service;l:\program files\echobit\evolve\EvoSvc.exe [2012-3-22 1528424]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ccw\locals~1\temp\mzh5cf.tmp --> c:\docume~1\ccw\locals~1\temp\MZH5CF.tmp [?]
    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-4 131072]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-4 79104]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-12-13 20480]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-12-13 8320]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-2-4 99400]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-12-13 23424]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-12-13 11008]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-7-11 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-7-11 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-7-11 136808]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-11 181432]
    S3 tcpip helper;tcpip helper;\??\c:\program files\garena plus\x86\tcpiphlp.sys --> c:\program files\garena plus\x86\tcpiphlp.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-6 11520]
    S3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\drivers\wod0205.sys [2012-3-22 28936]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
    S3 XDva104;XDva104;\??\c:\windows\system32\xdva104.sys --> c:\windows\system32\XDva104.sys [?]
    S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
    S3 XDva132;XDva132;\??\c:\windows\system32\xdva132.sys --> c:\windows\system32\XDva132.sys [?]
    S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
    S3 XDva165;XDva165;\??\c:\windows\system32\xdva165.sys --> c:\windows\system32\XDva165.sys [?]
    S3 XDva167;XDva167;\??\c:\windows\system32\xdva167.sys --> c:\windows\system32\XDva167.sys [?]
    S3 XDva170;XDva170;\??\c:\windows\system32\xdva170.sys --> c:\windows\system32\XDva170.sys [?]
    S3 XDva177;XDva177;\??\c:\windows\system32\xdva177.sys --> c:\windows\system32\XDva177.sys [?]
    S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]
    S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
    S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?]
    S3 XDva204;XDva204;\??\c:\windows\system32\xdva204.sys --> c:\windows\system32\XDva204.sys [?]
    S3 XDva208;XDva208;\??\c:\windows\system32\xdva208.sys --> c:\windows\system32\XDva208.sys [?]
    S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
    S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
    FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
    FileExt: .js: JSFile=NOTEPAD.EXE %1
    FileExt: .jse: JSEFile=NOTEPAD.EXE %1
    FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
    ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
    ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
    .
    =============== Created Last 30 ================
    .
    2013-01-06 10:16:4340776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-06 09:56:1921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-06 09:56:19--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-06 07:19:58--------d-----w-c:\windows\system32\WinDir
    2013-01-06 07:19:56--------d-----w-c:\documents and settings\ccw\Application DataMicrosoft
    2013-01-04 17:32:576812136----a-w-c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8fc3890e-27cd-4e76-a191-4caea9c6fd5a}\mpengine.dll
    2013-01-03 06:09:57--------d-----w-C:\gravity
    2013-01-02 13:26:22--------d-----w-c:\documents and settings\ccw\local settings\application data\Sun
    2013-01-02 13:26:20859072----a-w-c:\windows\system32\npDeployJava1.dll
    2013-01-02 13:26:1293640----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-12-27 07:59:12--------d-----w-c:\documents and settings\all users\application data\RELOADED
    2012-12-16 13:07:58--------d-----w-c:\program files\SweetIM
    2012-12-16 13:07:58--------d-----w-c:\documents and settings\all users\application data\SweetIM
    2012-12-13 15:16:45--------d-----w-C:\Temp
    2012-12-13 15:16:3611008----a-w-c:\windows\system32\drivers\motusbdevice.sys
    2012-12-13 15:16:356016----a-w-c:\windows\system32\drivers\motfilt.sys
    2012-12-13 15:16:3523424----a-w-c:\windows\system32\drivers\Motousbnet.sys
    2012-12-13 15:16:3424064----a-w-c:\windows\system32\drivers\motmodem.sys
    2012-12-13 15:16:338320----a-w-c:\windows\system32\drivers\motccgpfl.sys
    2012-12-13 15:16:336400----a-w-c:\windows\system32\drivers\motswch.sys
    2012-12-13 15:16:3320480----a-w-c:\windows\system32\drivers\motccgp.sys
    2012-12-13 15:16:06--------d-----w-c:\program files\common files\Motorola Shared
    2012-12-13 15:16:04--------d-----w-c:\program files\Motorola
    2012-12-13 06:30:285955856----a-w-c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    .
    ==================== Find3M ====================
    .
    2013-01-02 13:25:51143872----a-w-c:\windows\system32\javacpl.cpl
    2013-01-02 13:25:49779704----a-w-c:\windows\system32\deployJava1.dll
    2012-12-16 12:23:59290560----a-w-c:\windows\system32\atmfd.dll
    2012-12-11 18:31:1673656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-11 18:31:16697272----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-12-05 14:54:41138992----a-w-c:\windows\system32\drivers\PnkBstrK.sys
    2012-12-05 14:54:34281288----a-w-c:\windows\system32\PnkBstrB.xtr
    2012-12-05 14:54:34281288----a-w-c:\windows\system32\PnkBstrB.exe
    2012-12-04 11:05:30281288----a-w-c:\windows\system32\PnkBstrB.ex0
    2012-11-29 17:59:12138904----a-w-c:\documents and settings\ccw\application data\PnkBstrK.sys
    2012-11-29 17:58:5676888----a-w-c:\windows\system32\PnkBstrA.exe
    2012-11-13 01:25:121866368----a-w-c:\windows\system32\win32k.sys
    2012-11-02 02:02:42375296----a-w-c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54916992----a-w-c:\windows\system32\wininet.dll
    2012-11-01 12:17:5443520----a-w-c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:541469440------w-c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34385024----a-w-c:\windows\system32\html.iec
    2012-10-24 19:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-24 19:12:2669632----a-w-c:\windows\system32\QuickTime.qts
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3320620AS rev.3.AAK -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3a
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8B216AB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000009b[0x8B21EF18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP3T0L0-1a[0x8B22FD98]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    .
    ============= FINISH: 18:18:24.01 ===============
     
  2. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/12/2007 1:40:20 AM
    System Uptime: 1/6/2013 6:11:01 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3L
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 42.83 GiB free.
    D: is FIXED (NTFS) - 152 GiB total, 64.738 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 117 GiB total, 89.479 GiB free.
    H: is FIXED (NTFS) - 116 GiB total, 36.637 GiB free.
    I: is FIXED (NTFS) - 146 GiB total, 52.038 GiB free.
    J: is FIXED (NTFS) - 152 GiB total, 147.877 GiB free.
    K: is CDROM ()
    L: is FIXED (NTFS) - 466 GiB total, 103.799 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WeOnlyDo Network Adapter 2.5
    Device ID: ROOT\NET\0004
    Manufacturer: WeOnlyDo Network Provider
    Name: WeOnlyDo Network Adapter 2.5
    PNP Device ID: ROOT\NET\0004
    Service: wod0205
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia E71
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia E71
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP2134: 10/31/2012 10:29:04 PM - Installed Galactic Voices
    RP2135: 10/31/2012 10:29:34 PM - Installed Personality Voices
    RP2136: 10/31/2012 10:30:07 PM - Installed Translator Fun Voice Pack
    RP2137: 10/31/2012 10:30:26 PM - Installed Ancient Weapon Sounds
    RP2138: 10/31/2012 10:30:40 PM - Installed Fantasy Sound Pack
    RP2139: 10/31/2012 10:31:05 PM - Installed Sci-Fi 2 Sound Pack
    RP2140: 10/31/2012 10:31:23 PM - Installed Spooky Sounds
    RP2141: 10/31/2012 10:31:38 PM - Installed Comic Sound Pack
    RP2142: 10/31/2012 10:31:51 PM - Installed Farm Animal Sounds
    RP2143: 10/31/2012 10:32:06 PM - Installed Sci-Fi Sound Pack
    RP2144: 10/31/2012 10:32:26 PM - Installed Blue Satin Skin
    RP2145: 11/2/2012 4:13:46 AM - System Checkpoint
    RP2146: 11/3/2012 1:37:37 AM - Software Distribution Service 3.0
    RP2147: 11/4/2012 1:00:21 AM - Software Distribution Service 3.0
    RP2148: 11/5/2012 1:33:12 AM - System Checkpoint
    RP2149: 11/6/2012 4:30:19 AM - System Checkpoint
    RP2150: 11/6/2012 3:00:18 PM - Software Distribution Service 3.0
    RP2151: 11/7/2012 4:08:35 PM - Installed DirectX
    RP2152: 11/9/2012 4:52:14 AM - System Checkpoint
    RP2153: 11/10/2012 12:41:18 AM - Software Distribution Service 3.0
    RP2154: 11/11/2012 1:00:27 AM - Software Distribution Service 3.0
    RP2155: 11/12/2012 2:41:57 AM - System Checkpoint
    RP2156: 11/13/2012 1:31:23 AM - Software Distribution Service 3.0
    RP2157: 11/13/2012 11:04:13 PM - Installed DirectX
    RP2158: 11/14/2012 1:59:20 AM - Software Distribution Service 3.0
    RP2159: 11/15/2012 3:25:04 AM - System Checkpoint
    RP2160: 11/16/2012 4:05:42 AM - System Checkpoint
    RP2161: 11/17/2012 12:44:03 AM - Software Distribution Service 3.0
    RP2162: 11/18/2012 1:01:30 AM - Software Distribution Service 3.0
    RP2163: 11/19/2012 6:23:01 AM - System Checkpoint
    RP2164: 11/20/2012 7:04:21 AM - System Checkpoint
    RP2165: 11/21/2012 1:32:43 AM - Software Distribution Service 3.0
    RP2166: 11/21/2012 4:42:36 PM - Installed DirectX
    RP2167: 11/22/2012 5:43:56 PM - System Checkpoint
    RP2168: 11/23/2012 7:32:07 PM - System Checkpoint
    RP2169: 11/23/2012 8:56:28 PM - Installed DirectX
    RP2170: 11/23/2012 9:30:10 PM - Software Distribution Service 3.0
    RP2171: 11/24/2012 10:48:41 PM - System Checkpoint
    RP2172: 11/25/2012 1:00:39 AM - Software Distribution Service 3.0
    RP2173: 11/26/2012 2:42:49 AM - System Checkpoint
    RP2174: 11/27/2012 4:21:17 AM - System Checkpoint
    RP2175: 11/28/2012 2:10:26 AM - Software Distribution Service 3.0
    RP2176: 11/29/2012 4:43:01 AM - System Checkpoint
    RP2177: 11/30/2012 1:57:23 AM - Installed DirectX
    RP2178: 12/1/2012 2:10:19 AM - Software Distribution Service 3.0
    RP2179: 12/2/2012 1:00:26 AM - Software Distribution Service 3.0
    RP2180: 12/3/2012 1:03:52 AM - System Checkpoint
    RP2181: 12/4/2012 4:06:18 AM - System Checkpoint
    RP2182: 12/5/2012 2:26:38 AM - Software Distribution Service 3.0
    RP2183: 12/6/2012 4:25:14 AM - System Checkpoint
    RP2184: 12/6/2012 9:19:22 AM - Installed SES Driver
    RP2185: 12/7/2012 10:07:12 AM - System Checkpoint
    RP2186: 12/7/2012 6:52:33 PM - Software Distribution Service 3.0
    RP2187: 12/8/2012 8:58:23 PM - System Checkpoint
    RP2188: 12/9/2012 1:01:32 AM - Software Distribution Service 3.0
    RP2189: 12/10/2012 1:06:22 AM - System Checkpoint
    RP2190: 12/11/2012 4:52:33 AM - System Checkpoint
    RP2191: 12/11/2012 8:18:14 PM - Software Distribution Service 3.0
    RP2192: 12/12/2012 9:21:43 PM - Software Distribution Service 3.0
    RP2193: 12/13/2012 9:40:43 PM - System Checkpoint
    RP2194: 12/15/2012 2:06:05 AM - Software Distribution Service 3.0
    RP2195: 12/16/2012 1:00:45 AM - Software Distribution Service 3.0
    RP2196: 12/16/2012 10:48:29 AM - Removed Bonjour
    RP2197: 12/16/2012 9:07:36 PM - Windows Defender Checkpoint
    RP2198: 12/18/2012 3:25:46 AM - Windows Defender Checkpoint
    RP2199: 12/19/2012 1:35:40 AM - Software Distribution Service 3.0
    RP2200: 12/20/2012 3:17:33 AM - System Checkpoint
    RP2201: 12/21/2012 4:19:39 AM - System Checkpoint
    RP2202: 12/21/2012 6:44:36 PM - Software Distribution Service 3.0
    RP2203: 12/22/2012 9:21:47 PM - System Checkpoint
    RP2204: 12/23/2012 1:00:31 AM - Software Distribution Service 3.0
    RP2205: 12/24/2012 3:12:16 AM - System Checkpoint
    RP2206: 12/25/2012 3:36:31 AM - System Checkpoint
    RP2207: 12/26/2012 2:11:39 AM - Software Distribution Service 3.0
    RP2208: 12/27/2012 3:15:17 AM - System Checkpoint
    RP2209: 12/28/2012 8:11:11 AM - System Checkpoint
    RP2210: 12/28/2012 8:52:35 AM - Software Distribution Service 3.0
    RP2211: 12/30/2012 11:39:04 PM - Software Distribution Service 3.0
    RP2212: 12/31/2012 11:13:23 PM - Installed DirectX
    RP2213: 1/2/2013 1:32:49 AM - Software Distribution Service 3.0
    RP2214: 1/2/2013 9:25:34 PM - Installed Java 7 Update 10
    RP2215: 1/4/2013 4:29:24 AM - System Checkpoint
    RP2216: 1/5/2013 1:32:47 AM - Software Distribution Service 3.0
    RP2217: 1/6/2013 4:31:20 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    7-Zip 9.20
    AC3Filter (remove only)
    Ace of Spades
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Illustrator CS
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alien Swarm
    AMD Catalyst Install Manager
    Amnesia - The Dark Descent
    Ancient Weapon Sounds
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ARMA 2: Free
    ASUS Android USB Drivers
    ASUS Sync
    ASUS WebStorage
    AutoHotkey 1.0.48.05
    Bandisoft MPEG-1 Decoder
    Big Fish Games: Game Manager
    Blacklight: Retribution
    Blades of Time
    BLAZBLUE -CALAMITY TRIGGER-
    Blender (remove only)
    Blender NIF Scripts (remove only)
    Blue Satin Skin
    BolehVPN
    Borderlands 2
    BOSS
    BrawlBusters(EN)CBT
    BufferChm
    BulletStorm
    Call of Duty Modern Warfare 2
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.3 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty(R) - World at War(TM) 1.6 Patch
    Call of Duty(R) - World at War(TM) 1.7 Patch
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Call of Duty: Black Ops
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cheat Engine 5.5
    Collab
    CollabNet Automatic Update 1.2
    Comic Sound Pack
    COMODO Unite
    Copy
    Counter-Strike: Source
    Cracked Steam
    Creatures of Darkness
    Critical Update for Windows Media Player 11 (KB959772)
    CRUCIS FATAL FAKE
    CustomerResearchQFolder
    Dark Souls Prepare to Die Edition
    Deep Space Voices
    Destination Component
    Deus Ex Human Revolution
    DeviceDiscovery
    DeviceManagementQFolder
    DEVIL MAY CRY 4
    DirectVobSub (remove only)
    Dishonored version 5.1
    DivX Plus DirectShow Filters
    DivX Setup
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    DocProc
    DocProcQFolder
    Dragon Nest SEA
    eSupportQFolder
    Evolve
    F4200
    F4200_Help
    Fantasy Sound Pack
    Fantasy Voice Pack
    Farm Animal Sounds
    FastStone Photo Resizer 2.8
    FATAL ZERO ACTION
    Female Voice Pack
    Fighter Factory Classic
    Fighter Factory Ultimate
    FL Studio 6
    Furry Voices for Second Life
    Galactic Voices
    GamersFirst LIVE!
    Garena
    Garena Messenger and Heroes of Newerth
    Garena Plus
    Garry's Mod
    GetFLV Pro 9.0.3.9
    GG E-Sports Platform
    Gigabyte Raid Configurer
    Google Chrome
    Google Earth Plug-in
    Google Talk (remove only)
    Google Update Helper
    GPBaseService
    GPL MPEG-1/2 DirectShow Decoder Filter
    Guitar Pro 5.2
    Half-Life
    Half-Life 2: Episode Two
    Hallmark Card Studio 2011 Deluxe
    Hawken
    Hi-Rez Studios Authenticate and Update Service
    High Definition Audio Driver Package - KB888111
    Highlight Viewer (Windows Live Toolbar)
    Hong Kong Mahjong 1024
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953761)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 10.0
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 3.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Imagicon
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_02
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 13
    Java(TM) 6 Update 31
    Junk Mail filter update
    Katawa Shoujo
    Killing Floor
    League of Legends
    LeapFTP 3.0
    LG SP USB Driver
    LG United Mobile Driver
    LG USB WML Modem Driver
    Livestream Procaster
    Logitech Harmony Remote Software
    LogMeIn Hamachi
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.5.79
    Male Voice Pack
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    McAfee VirusScan Enterprise
    McPixel version 1.0.4
    Messenger Plus! Live
    Messenger_Plus_Live Toolbar
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 1.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft LifeCam
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual Basic PowerPacks 10.0
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft WinUsb 2.0
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 4.0
    Minecraft Launcher version 1.0
    MobileMe Control Panel
    MorphVOX Junior
    MorphVOX Pro
    MotioninJoy Gamepad tool 0.7.1001
    MotoHelper 2.0.53 Driver 5.2.0
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 5.2.0
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSN
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB933579)
    MySQL Server 5.5
    MySQL Workbench 5.2 CE
    Nero 8 Micro v8.1.1.4
    Nexon Game Manager
    Nexus Mod Manager
    No-IP DUC
    Notepad++
    NVIDIA PhysX
    OCR Software by I.R.I.S. 10.0
    OGA Notifier 2.0.0048.0
    Orcs Must Die!
    Origin
    osu!
    Overgrowth (remove only)
    Paint.NET v3.5.10
    Pando Media Booster
    particleIllusion 3.0.2
    PC Connectivity Solution
    Pcsx2 0.9.6
    Personality Voices
    PFConfig 1.0.296
    PIXresizer 2.0.4
    PMB
    PMB Updater
    PremiumSoft Navicat 8.0 Lite for MySQL
    Proxifier version 2.9
    PSSWCORE
    PunkBuster Services
    PyFFI 2.1.6
    Python 2.6 comtypes-0.6.2
    Python 2.6 psyco-1.6
    Python 2.6 PyFFI-2.1.6
    Python 2.6 pywin32-214
    Python 2.6.5
    Quake Live Mozilla Plugin
    QuickTime
    Ragnarok Battle Offline
    Ragnarok Online
    Ragnarok Renewal
    Ragnarok Sakray
    RBO Extra Scenario Vol.1
    RBO Extra Scenario Vol.2
    RBO Extra Scenario Vol.3
    Real Alternative 1.9.0 Lite
    Realtek High Definition Audio Driver
    Safari
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    SAMSUNG SYMBIAN USB Download Driver
    SAMSUNG USB Driver for Mobile Phones
    SamsungConnectivityCableDriver
    Scan
    Sci-Fi 2 Sound Pack
    Sci-Fi Sound Pack
    Sci-Fi Voice Pack
    Scribblenauts Unlimited
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SendSpace Wizard
    Serious Sam HD The First Encounter
    SES Driver
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 5.10
    Smart Menus (Windows Live Toolbar)
    SmartWebPrintingOC
    Software Update for Web Folders
    SolutionCenter
    SonicStage 4.3
    Source Filmmaker
    Spadille 1.5.1
    Spooky Sounds
    SQL Server System CLR Types
    StarCraft II
    Status
    Steam
    SuddenAttackSEA
    Super Hide IP
    SweetIM for Messenger 3.7
    System Requirements Lab CYRI
    tConfig version 0.24
    Team Fortress 2
    Terraria Game Launcher GUI version 1.2.2
    The Elder Scrolls V: Skyrim
    Toolbox
    TortoiseSVN 1.7.3.22386 (32 bit)
    Translator Fun Voice Pack
    TrayApp
    Tribes: Ascend
    TuneUp Utilities 2008
    TwinkiRO
    Ubisoft Game Launcher
    Unity Web Player
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    VideoToolkit01
    VobSub v2.23 (Remove Only)
    WampServer 2.0
    Warkeys 1.19.0.0b
    WebReg
    WeGame Client 2.2.2
    Windows 7 USB/DVD Download Tool
    Windows Defender
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Vista Screen Saver 1.0
    Windows XP Service Pack 3
    WinRAR 4.00 beta 5 (32-bit)
    World of Warcraft
    wxPython 2.8.11.0 (ansi) for Python 2.6
    X-Blades
    Xbox 360 Controller for Windows
    XML Paper Specification Shared Components Pack 1.0
    XPS Essentials Pack
    XPS Essentials Pack 1.0
    Yahoo! Messenger
    YouTube Downloader Toolbar v4.6
    YTD Video Downloader 3.9.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/6/2013 6:13:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: JRAID
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  4. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I ran RougeKiller and did as you've instructed. 2 logs were produced on my desktop.

    RKreport[1]
    RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : ccw [Admin rights]
    Mode : Scan -- Date : 01/07/2013 10:45:10

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer (202.188.0.133,202.188.1.5) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> FOUND
    [RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\ccw\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Documents and Settings\ccw\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1mpa.one.microsoft.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS +++++
    --- User ---
    [MBR] cf092896939862569bcc2bf677a01cde
    [BSP] 6223a9b6015f18844e38247e6e4429c0 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307194930 | Size: 155237 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD2500KS-00MJB0 +++++
    --- User ---
    [MBR] 6583e43b7da33ac1e4223abfc611129c
    [BSP] 1af48602e9c463a5d0034625e055c597 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 118471 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 +++++
    --- User ---
    [MBR] efc58b6db949c659226cdb7f9bae23c7
    [BSP] b549aff8e3dfad2becf74d86ab3714c9 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: ST3320620AS +++++
    --- User ---
    [MBR] cc6a24fe425e2e80029477da93e81236
    [BSP] e39a6ccae9f0865713d3bc5cb63cb75b : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307194930 | Size: 155245 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01072013_02d1045.txt >>
    RKreport[1]_S_01072013_02d1045.txt


    RKreport[2]
    RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : ccw [Admin rights]
    Mode : Remove -- Date : 01/07/2013 10:45:21

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B} : NameServer (202.188.0.133,202.188.1.5) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [RUN][SUSP PATH] [ON_D:ccw]HKCU[...]\Run : explorer (D:\Users\ccw\AppData\Local\Temp\BFKG by MPH.exe) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\ccw\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Documents and Settings\ccw\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1mpa.one.microsoft.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3320620AS +++++
    --- User ---
    [MBR] cf092896939862569bcc2bf677a01cde
    [BSP] 6223a9b6015f18844e38247e6e4429c0 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307194930 | Size: 155237 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD2500KS-00MJB0 +++++
    --- User ---
    [MBR] 6583e43b7da33ac1e4223abfc611129c
    [BSP] 1af48602e9c463a5d0034625e055c597 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 118471 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD5000AACS-00G8B1 +++++
    --- User ---
    [MBR] efc58b6db949c659226cdb7f9bae23c7
    [BSP] b549aff8e3dfad2becf74d86ab3714c9 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: ST3320620AS +++++
    --- User ---
    [MBR] cc6a24fe425e2e80029477da93e81236
    [BSP] e39a6ccae9f0865713d3bc5cb63cb75b : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149997 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307194930 | Size: 155245 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01072013_02d1045.txt >>
    RKreport[1]_S_01072013_02d1045.txt ; RKreport[2]_D_01072013_02d1045.txt


    This is the log for aswMBR.exe. I'm not sure whether the scan has been completed or not, because my screen saver kicked in while it was scanning.

    aswMBR
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-07 10:46:48
    -----------------------------
    10:46:48.750 OS Version: Windows 5.1.2600 Service Pack 3
    10:46:48.750 Number of processors: 2 586 0xF0B
    10:46:48.750 ComputerName: COMPANY-6EF3B74 UserName: ccw
    10:46:51.046 Initialize success
    10:56:42.109 AVAST engine defs: 13010601
    10:57:08.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1a
    10:57:08.890 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
    10:57:08.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-22
    10:57:08.921 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238474MB BusType: 3
    10:57:08.937 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-2d
    10:57:08.953 Disk 2 Vendor: WDC_WD5000AACS-00G8B1 05.04C05 Size: 476940MB BusType: 3
    10:57:08.968 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T0L0-3a
    10:57:08.984 Disk 3 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
    10:57:09.031 Disk 0 MBR read successfully
    10:57:09.046 Disk 0 MBR scan
    10:57:09.109 Disk 0 Windows VISTA default MBR code
    10:57:09.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
    10:57:09.171 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
    10:57:09.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993
    10:57:09.265 Disk 0 scanning sectors +625121280
    10:57:09.359 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:57:30.093 Service scanning
    10:58:01.000 Modules scanning
    10:58:07.750 Disk 0 trace - called modules:
    10:58:07.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    10:58:07.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b216ab8]
    10:58:07.843 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8b21ef18]
    10:58:07.875 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-1a[0x8b22fd98]
    10:58:08.593 AVAST engine scan C:\WINDOWS
    10:58:16.171 AVAST engine scan C:\WINDOWS\system32
    11:02:30.593 AVAST engine scan C:\WINDOWS\system32\drivers
    11:02:52.703 AVAST engine scan C:\Documents and Settings\ccw
    11:09:43.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ccw\Desktop\MBR.dat"
    11:09:43.875 The log file has been saved successfully to "C:\Documents and Settings\ccw\Desktop\aswMBR.txt"
     
  5. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Double post, sorry about that.
     
  7. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I've ran combofix.exe and a blue console window pops up with the following messages:
    Stage 1... complete
    Stage 2... complete
    Stage..... This continues until stage 20+

    Then BSOD. Is this supposed to happen?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Yes, be patient.
     
  9. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I'm using McAfee Virusscan Enterprise for my Anti-Virus. I couldn't find it in the list that you provided, but I have stopped all McAfee processes in services.msc, does this mean the antivirus is turned off?
     
  10. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I have ran ComboFix twice more since the last post, both times it would complete all 50 stages and proceed to delete files, then BSOD. I restarted my computer using the reset button both times. After booting up my computer, I went and checked my C drive for the ComboFix.txt, but it is no where to be found. Instead, I found a ComboFix Folder that directs me to "My Computer".
     
  11. Broni

    Broni Malware Annihilator Posts: 47,019   +255

     
     
  12. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I ran rKill.exe then My_Name.exe immediately afterwards. The same thing happened. When all the stages are completed, BSOD. ComboFix.txt is still nowhere to be found. The only change is that the ComboFix Folder I mentioned earlier has been renamed to My_Name.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  14. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    When my computer starts up after the auto-reboot from mbar.exe, a file folder (C:\Documents) automatically pops up with HRUPPROG.txt and HRUPPROG.DIE.NOW, just like I mentioned before. Should I leave these files alone? Or should I delete them?

    Also, here are the logs. System-log.txt is split into 3 post because it was over the 50000 character limit.

    mbar-log-xxxxx.txt
    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org

    Database version: v2013.01.10.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    ccw :: COMPANY-6EF3B74 [administrator]

    1/10/2013 3:31:55 PM
    mbar-log-2013-01-10 (15-31-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31328
    Time elapsed: 25 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  15. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    system-log.txt
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
    CPU speed: 2.666000 GHz
    Memory total: 2145824768, free: 1057042432
    ------------ Kernel report ------------
    01/10/2013 13:54:43
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    jraid.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\cmdatp.sys
    \SystemRoot\system32\drivers\ScreamingBAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\tap0901.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\evolve.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdXP3.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\VX1000.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\atiok3x2.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\secdrv.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\system32\drivers\mfebopk.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff8b190ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
    Lower Device Object: 0xffffffff8b194d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8b191ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
    Lower Device Object: 0xffffffff8b229940
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8b222ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
    Lower Device Object: 0xffffffff8b1a0d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8b192ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
    Lower Device Object: 0xffffffff8b22c940
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Downloaded database version: v2013.01.10.02
    Downloaded database version: v2013.01.04.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8b192ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b247198, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b192ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b22e2f0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b22c940, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1bded60, 0xffffffff8b192ab8, 0xffffffff89b0f040
    Lower DeviceData: 0xffffffffe1934948, 0xffffffff8b22c940, 0xffffffff89aeb040
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3B1567E5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317926350
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8b222ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b237e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b222ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b23d9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b1a0d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe3886888, 0xffffffff8b222ab8, 0xffffffff8a278310
    Lower DeviceData: 0xffffffffe293cf58, 0xffffffff8b1a0d98, 0xffffffff89b68b20
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4065AFFC
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 245762307
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 245762370 Numsec = 242629695
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250058268160 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8b191ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b221e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b191ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b23f9e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b229940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe100c138, 0xffffffff8b191ab8, 0xffffffff89b44888
    Lower DeviceData: 0xffffffffe106a110, 0xffffffff8b229940, 0xffffffff8a195388
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B427AB34
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xffffffff8b190ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b221bf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b190ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b1989e8, DeviceName: \Device\000000a1\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b194d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe2661e08, 0xffffffff8b190ab8, 0xffffffff899a3ab8
    Lower DeviceData: 0xffffffffe1b41730, 0xffffffff8b194d98, 0xffffffff89c03040
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3CFC7842
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317942415
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Infected: C:\Documents and Settings\ccw\Desktop\CANNOT USE - PUNKBUSTER DETECTED\New Folder (2)\euro\sounds.dll --> [Malware.Packer.Gen]
    Infected: C:\Documents and Settings\ccw\Desktop\CoD6 Lvl70\COD6 Multyplayer Lvl 70 Cheat by Fenriir.exe --> [HackTool.GamesCheat.Gen]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
    CPU speed: 2.666000 GHz
    Memory total: 2145824768, free: 1022885888
    ------------ Kernel report ------------
    01/10/2013 14:36:01
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    imofugc.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\cmdatp.sys
    \SystemRoot\system32\drivers\ScreamingBAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\tap0901.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\evolve.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdXP3.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\VX1000.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\atiok3x2.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\secdrv.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\system32\drivers\mfebopk.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
     
  16. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff8b234ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
    Lower Device Object: 0xffffffff8b19bd98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8b21dab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
    Lower Device Object: 0xffffffff8b238d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8b208ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
    Lower Device Object: 0xffffffff8b19fd98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8b19aab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
    Lower Device Object: 0xffffffff8b223d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8b19aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b267e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b19aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b296500, DeviceName: \Device\0000009d\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b223d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1bbb9e0, 0xffffffff8b19aab8, 0xffffffff89b9f570
    Lower DeviceData: 0xffffffffe1bbb9c8, 0xffffffff8b223d98, 0xffffffff89b13f18
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3B1567E5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317926350
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8b208ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2a2440, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b208ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b2476c0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b19fd98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1b59f00, 0xffffffff8b208ab8, 0xffffffff89b04890
    Lower DeviceData: 0xffffffffe1b77a30, 0xffffffff8b19fd98, 0xffffffff89b08a70
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4065AFFC
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 245762307
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 245762370 Numsec = 242629695
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250058268160 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8b21dab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b228b40, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b21dab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b23c9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b238d98, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1bbb830, 0xffffffff8b21dab8, 0xffffffff89b9dab8
    Lower DeviceData: 0xffffffffe1d6aaf8, 0xffffffff8b238d98, 0xffffffff89bb7d78
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B427AB34
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b23eb88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b2229e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b19bd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1db2740, 0xffffffff8b234ab8, 0xffffffff89b05360
    Lower DeviceData: 0xffffffffe1bbd828, 0xffffffff8b19bd98, 0xffffffff89af7c00
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3CFC7842
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317942415
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Infected: C:\Documents and Settings\ccw\Desktop\CANNOT USE - PUNKBUSTER DETECTED\New Folder (2)\euro\sounds.dll --> [Malware.Packer.Gen]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_31
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED
    CPU speed: 2.666000 GHz
    Memory total: 2145824768, free: 1039249408
    ------------ Kernel report ------------
    01/10/2013 15:06:22
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    imofugc.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\cmdatp.sys
    \SystemRoot\system32\drivers\ScreamingBAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\tap0901.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\evolve.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdXP3.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\VX1000.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\atiok3x2.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\secdrv.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\system32\drivers\mfebopk.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
     
  17. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff8b206ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3a\
    Lower Device Object: 0xffffffff8b222d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8b199ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-2d\
    Lower Device Object: 0xffffffff8b20c940
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8b234ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-22\
    Lower Device Object: 0xffffffff8b238d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8b221ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-1a\
    Lower Device Object: 0xffffffff8b239d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8b221ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b2472c8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b221ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b2475a0, DeviceName: \Device\0000009e\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b239d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-1a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1c69300, 0xffffffff8b221ab8, 0xffffffff89b62298
    Lower DeviceData: 0xffffffffe1a1f2e8, 0xffffffff8b239d98, 0xffffffff89eebf18
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3B1567E5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317926350
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b228908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b234ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b19e9e8, DeviceName: \Device\0000009f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b238d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-22\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe19b7220, 0xffffffff8b234ab8, 0xffffffff89abc480
    Lower DeviceData: 0xffffffffe31f1878, 0xffffffff8b238d98, 0xffffffff89ab5a60
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4065AFFC
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 245762307
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 245762370 Numsec = 242629695
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250058268160 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8b199ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b23e508, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b199ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b23c9e8, DeviceName: \Device\000000a0\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b20c940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-2d\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1d3c040, 0xffffffff8b199ab8, 0xffffffff89b634a0
    Lower DeviceData: 0xffffffffe1166208, 0xffffffff8b20c940, 0xffffffff89afa9e0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B427AB34
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xffffffff8b206ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8b220e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8b206ab8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8b20a9e8, DeviceName: \Device\000000a1\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8b222d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3a\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe1c80140, 0xffffffff8b206ab8, 0xffffffff89b0c040
    Lower DeviceData: 0xffffffffe1c46148, 0xffffffff8b222d98, 0xffffffff89a03f18
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3CFC7842
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 307194867
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930 Numsec = 317942415
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320071851520 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ezsidmv.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\omginstlog.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dtu100.dll.manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\initdebug.nfo" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ioloBootDefrag.cfg" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\swdir.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================
     
  18. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  19. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Log it split into two posts.

    tdsskiller report

    09:20:09.0437 4704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    09:20:10.0515 4704 ============================================================
    09:20:10.0515 4704 Current date / time: 2013/01/14 09:20:10.0515
    09:20:10.0515 4704 SystemInfo:
    09:20:10.0515 4704
    09:20:10.0515 4704 OS Version: 5.1.2600 ServicePack: 3.0
    09:20:10.0515 4704 Product type: Workstation
    09:20:10.0515 4704 ComputerName: COMPANY-6EF3B74
    09:20:10.0515 4704 UserName: ccw
    09:20:10.0515 4704 Windows directory: C:\WINDOWS
    09:20:10.0515 4704 System windows directory: C:\WINDOWS
    09:20:10.0515 4704 Processor architecture: Intel x86
    09:20:10.0515 4704 Number of processors: 2
    09:20:10.0515 4704 Page size: 0x1000
    09:20:10.0515 4704 Boot type: Normal boot
    09:20:10.0515 4704 ============================================================
    09:20:11.0593 4704 Drive \Device\Harddisk3\DR3 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:20:11.0609 4704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:20:11.0625 4704 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:20:11.0640 4704 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:20:11.0640 4704 ============================================================
    09:20:11.0640 4704 \Device\Harddisk3\DR3:
    09:20:11.0640 4704 MBR partitions:
    09:20:11.0640 4704 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
    09:20:11.0640 4704 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x124F6C32, BlocksNum 0x12F36A8F
    09:20:11.0640 4704 \Device\Harddisk0\DR0:
    09:20:11.0656 4704 MBR partitions:
    09:20:11.0656 4704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
    09:20:11.0671 4704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x12F32B8F
    09:20:11.0671 4704 \Device\Harddisk1\DR1:
    09:20:11.0671 4704 MBR partitions:
    09:20:11.0671 4704 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
    09:20:11.0671 4704 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xEA60942, BlocksNum 0xE763C3F
    09:20:11.0671 4704 \Device\Harddisk2\DR2:
    09:20:11.0671 4704 MBR partitions:
    09:20:11.0671 4704 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    09:20:11.0671 4704 ============================================================
    09:20:11.0703 4704 C: <-> \Device\Harddisk0\DR0\Partition1
    09:20:11.0718 4704 D: <-> \Device\Harddisk0\DR0\Partition2
    09:20:11.0718 4704 G: <-> \Device\Harddisk1\DR1\Partition1
    09:20:11.0750 4704 H: <-> \Device\Harddisk1\DR1\Partition2
    09:20:11.0765 4704 I: <-> \Device\Harddisk3\DR3\Partition1
    09:20:11.0796 4704 J: <-> \Device\Harddisk3\DR3\Partition2
    09:20:11.0828 4704 L: <-> \Device\Harddisk2\DR2\Partition1
    09:20:11.0828 4704 ============================================================
    09:20:11.0828 4704 Initialize success
    09:20:11.0828 4704 ============================================================
    09:20:20.0375 4488 ============================================================
    09:20:20.0375 4488 Scan started
    09:20:20.0375 4488 Mode: Manual;
    09:20:20.0375 4488 ============================================================
    09:20:21.0171 4488 ================ Scan system memory ========================
    09:20:21.0171 4488 System memory - ok
    09:20:21.0171 4488 ================ Scan services =============================
    09:20:21.0281 4488 1394hub - ok
    09:20:21.0281 4488 Abiosdsk - ok
    09:20:21.0281 4488 abp480n5 - ok
    09:20:21.0328 4488 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:20:21.0328 4488 ACPI - ok
    09:20:21.0359 4488 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:20:21.0359 4488 ACPIEC - ok
    09:20:21.0359 4488 Ad-Watch Connect Filter - ok
    09:20:21.0421 4488 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    09:20:21.0421 4488 AdobeFlashPlayerUpdateSvc - ok
    09:20:21.0421 4488 adpu160m - ok
    09:20:21.0468 4488 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    09:20:21.0468 4488 aec - ok
    09:20:21.0500 4488 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    09:20:21.0500 4488 AFD - ok
    09:20:21.0500 4488 Aha154x - ok
    09:20:21.0500 4488 aic78u2 - ok
    09:20:21.0515 4488 aic78xx - ok
    09:20:21.0671 4488 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
    09:20:21.0671 4488 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    09:20:21.0687 4488 Akamai ( HiddenFile.Multi.Generic ) - warning
    09:20:21.0687 4488 Akamai - detected HiddenFile.Multi.Generic (1)
    09:20:21.0703 4488 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    09:20:21.0703 4488 Alerter - ok
    09:20:21.0718 4488 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    09:20:21.0718 4488 ALG - ok
    09:20:21.0734 4488 AliIde - ok
    09:20:21.0734 4488 amsint - ok
    09:20:21.0750 4488 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\WINDOWS\system32\DRIVERS\lgandbus.sys
    09:20:21.0750 4488 Andbus - ok
    09:20:21.0765 4488 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\WINDOWS\system32\DRIVERS\lganddiag.sys
    09:20:21.0765 4488 AndDiag - ok
    09:20:21.0796 4488 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\WINDOWS\system32\DRIVERS\lgandgps.sys
    09:20:21.0796 4488 AndGps - ok
    09:20:21.0812 4488 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
    09:20:21.0812 4488 ANDModem - ok
    09:20:21.0859 4488 apf001 - ok
    09:20:21.0906 4488 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    09:20:21.0906 4488 Apple Mobile Device - ok
    09:20:21.0937 4488 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    09:20:21.0937 4488 AppMgmt - ok
    09:20:21.0953 4488 AresChatServer - ok
    09:20:21.0953 4488 asc - ok
    09:20:21.0953 4488 asc3350p - ok
    09:20:21.0968 4488 asc3550 - ok
    09:20:22.0046 4488 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    09:20:22.0078 4488 aspnet_state - ok
    09:20:22.0093 4488 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:20:22.0093 4488 AsyncMac - ok
    09:20:22.0125 4488 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:20:22.0125 4488 atapi - ok
    09:20:22.0125 4488 Atdisk - ok
    09:20:22.0171 4488 [ 6A5614F785DEEA2C17DA494B5198355C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    09:20:22.0265 4488 Ati HotKey Poller - ok
    09:20:22.0296 4488 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
    09:20:22.0375 4488 ATI Smart - ok
    09:20:22.0515 4488 [ 5CB8B6775285F2F908C3F810EAB78500 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    09:20:22.0656 4488 ati2mtag - ok
    09:20:22.0703 4488 [ FED003FD00011946B0E4F8FB7A8B4307 ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
    09:20:22.0703 4488 ATIAVAIW - ok
    09:20:22.0718 4488 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
    09:20:22.0718 4488 AtiHDAudioService - ok
    09:20:22.0734 4488 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
    09:20:22.0734 4488 AtiHdmiService - ok
    09:20:22.0765 4488 [ 0E4BB35C5305099AC82053AC992E3E0E ] ATITool C:\WINDOWS\system32\DRIVERS\ATITool.sys
    09:20:22.0765 4488 ATITool - ok
    09:20:22.0781 4488 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
    09:20:22.0781 4488 atksgt - ok
    09:20:22.0812 4488 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:20:22.0812 4488 Atmarpc - ok
    09:20:22.0828 4488 [ A8ABF9CA3B8781A69CA5025BCDA42706 ] ATP C:\WINDOWS\system32\DRIVERS\cmdatp.sys
    09:20:22.0828 4488 ATP - ok
    09:20:22.0843 4488 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    09:20:22.0843 4488 AudioSrv - ok
    09:20:22.0859 4488 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:20:22.0859 4488 audstub - ok
    09:20:22.0890 4488 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    09:20:22.0890 4488 Beep - ok
    09:20:22.0921 4488 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    09:20:22.0921 4488 BITS - ok
    09:20:22.0953 4488 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    09:20:22.0953 4488 Browser - ok
    09:20:22.0984 4488 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys
    09:20:22.0984 4488 BTCFilterService - ok
    09:20:23.0078 4488 catchme - ok
    09:20:23.0109 4488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:20:23.0109 4488 cbidf2k - ok
    09:20:23.0125 4488 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    09:20:23.0125 4488 CCDECODE - ok
    09:20:23.0125 4488 cd20xrnt - ok
    09:20:23.0140 4488 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:20:23.0140 4488 Cdaudio - ok
    09:20:23.0156 4488 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    09:20:23.0156 4488 Cdfs - ok
    09:20:23.0187 4488 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:20:23.0187 4488 Cdrom - ok
    09:20:23.0187 4488 Changer - ok
    09:20:23.0218 4488 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    09:20:23.0218 4488 CiSvc - ok
    09:20:23.0218 4488 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    09:20:23.0218 4488 ClipSrv - ok
    09:20:23.0250 4488 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:20:23.0265 4488 clr_optimization_v2.0.50727_32 - ok
    09:20:23.0281 4488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:20:23.0296 4488 clr_optimization_v4.0.30319_32 - ok
    09:20:23.0296 4488 CmdIde - ok
    09:20:23.0296 4488 COMSysApp - ok
    09:20:23.0312 4488 Cpqarray - ok
    09:20:23.0328 4488 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    09:20:23.0328 4488 CryptSvc - ok
    09:20:23.0328 4488 dac2w2k - ok
    09:20:23.0343 4488 dac960nt - ok
    09:20:23.0375 4488 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    09:20:23.0375 4488 DcomLaunch - ok
    09:20:23.0406 4488 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
    09:20:23.0406 4488 dg_ssudbus - ok
    09:20:23.0437 4488 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    09:20:23.0437 4488 Dhcp - ok
    09:20:23.0468 4488 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    09:20:23.0468 4488 Disk - ok
    09:20:23.0484 4488 dmadmin - ok
    09:20:23.0515 4488 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    09:20:23.0531 4488 dmboot - ok
    09:20:23.0531 4488 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    09:20:23.0531 4488 dmio - ok
    09:20:23.0546 4488 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    09:20:23.0546 4488 dmload - ok
    09:20:23.0546 4488 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    09:20:23.0546 4488 dmserver - ok
    09:20:23.0562 4488 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    09:20:23.0562 4488 DMusic - ok
    09:20:23.0593 4488 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    09:20:23.0593 4488 Dnscache - ok
    09:20:23.0609 4488 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    09:20:23.0625 4488 Dot3svc - ok
    09:20:23.0625 4488 dpti2o - ok
    09:20:23.0640 4488 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    09:20:23.0640 4488 drmkaud - ok
    09:20:23.0640 4488 EagleNT - ok
    09:20:23.0640 4488 EagleXNt - ok
    09:20:23.0656 4488 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    09:20:23.0656 4488 EapHost - ok
    09:20:23.0671 4488 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    09:20:23.0671 4488 ERSvc - ok
    09:20:23.0703 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    09:20:23.0703 4488 Eventlog - ok
    09:20:23.0734 4488 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    09:20:23.0734 4488 EventSystem - ok
    09:20:23.0765 4488 [ 7FA352252FE7F5BD7D235A66AA1F69FE ] EvolveVirtualAdapter C:\WINDOWS\system32\DRIVERS\evolve.sys
    09:20:23.0765 4488 EvolveVirtualAdapter - ok
    09:20:23.0859 4488 [ 1A7747491C95B1B52A573BA1BA5EAFC0 ] EvoSvc L:\Program Files\Echobit\Evolve\EvoSvc.exe
    09:20:23.0890 4488 EvoSvc - ok
    09:20:23.0937 4488 [ 2D5ED81E5A8A2B77768BA724E3F8E538 ] EzVpnSvc L:\Program Files\Comodo Unite\EzVpnSvc.exe
    09:20:23.0937 4488 EzVpnSvc - ok
    09:20:23.0968 4488 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    09:20:23.0968 4488 Fastfat - ok
    09:20:24.0000 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    09:20:24.0000 4488 FastUserSwitchingCompatibility - ok
    09:20:24.0015 4488 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    09:20:24.0015 4488 Fdc - ok
    09:20:24.0031 4488 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    09:20:24.0031 4488 Fips - ok
    09:20:24.0031 4488 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    09:20:24.0031 4488 Flpydisk - ok
    09:20:24.0062 4488 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    09:20:24.0062 4488 FltMgr - ok
    09:20:24.0109 4488 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    09:20:24.0109 4488 FontCache3.0.0.0 - ok
    09:20:24.0125 4488 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    09:20:24.0125 4488 fssfltr - ok
    09:20:24.0203 4488 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    09:20:24.0218 4488 fsssvc - ok
    09:20:24.0250 4488 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
    09:20:24.0250 4488 FsUsbExDisk - ok
    09:20:24.0265 4488 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
    09:20:24.0265 4488 FsUsbExService - ok
    09:20:24.0281 4488 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:20:24.0281 4488 Fs_Rec - ok
    09:20:24.0281 4488 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:20:24.0281 4488 Ftdisk - ok
    09:20:24.0296 4488 GarenaPEngine - ok
    09:20:24.0312 4488 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
    09:20:24.0437 4488 gdrv - ok
    09:20:24.0453 4488 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    09:20:24.0453 4488 GEARAspiWDM - ok
    09:20:24.0484 4488 GGSAFERDriver - ok
    09:20:24.0500 4488 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:20:24.0500 4488 Gpc - ok
    09:20:24.0578 4488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    09:20:24.0578 4488 gupdate - ok
    09:20:24.0593 4488 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    09:20:24.0593 4488 gupdatem - ok
    09:20:24.0609 4488 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
    09:20:24.0609 4488 hamachi - ok
    09:20:24.0656 4488 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    09:20:24.0671 4488 Hamachi2Svc - ok
    09:20:24.0718 4488 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    09:20:24.0718 4488 HDAudBus - ok
    09:20:24.0765 4488 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    09:20:24.0765 4488 helpsvc - ok
    09:20:24.0781 4488 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    09:20:24.0781 4488 HidServ - ok
    09:20:24.0796 4488 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:20:24.0796 4488 hidusb - ok
    09:20:24.0828 4488 [ 34E95DE386032FD7F14C228DD8E1CDBF ] HiPatchService L:\Program Files\Hi-Rez Studios\HiPatchService.exe
    09:20:24.0828 4488 HiPatchService - ok
    09:20:24.0859 4488 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    09:20:24.0859 4488 hkmsvc - ok
    09:20:24.0859 4488 hpn - ok
    09:20:24.0937 4488 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    09:20:24.0937 4488 hpqcxs08 - ok
    09:20:24.0984 4488 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    09:20:24.0984 4488 hpqddsvc - ok
    09:20:25.0000 4488 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    09:20:25.0000 4488 HPZid412 - ok
    09:20:25.0031 4488 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    09:20:25.0031 4488 HPZipr12 - ok
    09:20:25.0031 4488 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    09:20:25.0046 4488 HPZius12 - ok
    09:20:25.0062 4488 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    09:20:25.0062 4488 HTTP - ok
    09:20:25.0078 4488 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    09:20:25.0093 4488 HTTPFilter - ok
    09:20:25.0093 4488 i2omgmt - ok
    09:20:25.0093 4488 i2omp - ok
    09:20:25.0125 4488 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:20:25.0125 4488 i8042prt - ok
    09:20:25.0187 4488 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    09:20:25.0250 4488 IDriverT - ok
    09:20:25.0296 4488 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    09:20:25.0328 4488 idsvc - ok
    09:20:25.0343 4488 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:20:25.0343 4488 Imapi - ok
    09:20:25.0375 4488 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    09:20:25.0375 4488 ImapiService - ok
    09:20:25.0375 4488 ini910u - ok
    09:20:25.0500 4488 [ E37589414437A60797E94C0F57C546DB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    09:20:25.0593 4488 IntcAzAudAddService - ok
    09:20:25.0609 4488 IntelIde - ok
    09:20:25.0625 4488 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:20:25.0625 4488 intelppm - ok
    09:20:25.0640 4488 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    09:20:25.0640 4488 Ip6Fw - ok
    09:20:25.0656 4488 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:20:25.0656 4488 IpFilterDriver - ok
    09:20:25.0671 4488 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:20:25.0671 4488 IpInIp - ok
    09:20:25.0687 4488 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:20:25.0687 4488 IpNat - ok
    09:20:25.0750 4488 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    09:20:25.0796 4488 iPod Service - ok
    09:20:25.0812 4488 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:20:25.0812 4488 IPSec - ok
    09:20:25.0843 4488 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:20:25.0843 4488 IRENUM - ok
    09:20:25.0859 4488 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:20:25.0859 4488 isapnp - ok
    09:20:25.0968 4488 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    09:20:26.0031 4488 JavaQuickStarterService - ok
    09:20:26.0046 4488 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
    09:20:26.0046 4488 JGOGO - ok
    09:20:26.0062 4488 [ F90A4E8657319A652E04C5362926CFEA ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
    09:20:26.0078 4488 JRAID - ok
    09:20:26.0093 4488 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:20:26.0093 4488 Kbdclass - ok
    09:20:26.0093 4488 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    09:20:26.0093 4488 kbdhid - ok
    09:20:26.0109 4488 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    09:20:26.0109 4488 kmixer - ok
    09:20:26.0125 4488 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    09:20:26.0125 4488 KSecDD - ok
    09:20:26.0140 4488 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    09:20:26.0156 4488 lanmanserver - ok
    09:20:26.0171 4488 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    09:20:26.0171 4488 lanmanworkstation - ok
    09:20:26.0171 4488 lbrtfdc - ok
    09:20:26.0203 4488 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    09:20:26.0203 4488 lirsgt - ok
    09:20:26.0234 4488 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    09:20:26.0234 4488 LmHosts - ok
    09:20:26.0250 4488 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
    09:20:26.0250 4488 mbamchameleon - ok
    09:20:26.0296 4488 [ 1BC1A6B644D4CC1964CD851E92B604F4 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    09:20:26.0296 4488 McAfeeFramework - ok
    09:20:26.0328 4488 [ F922B609524CF1ED66A1A109F3CE014F ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    09:20:26.0328 4488 mcdbus - ok
    09:20:26.0375 4488 [ 12BEF73E0281AC793865BE1A331C67FC ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    09:20:26.0375 4488 McShield - ok
    09:20:26.0390 4488 [ DD61B815E2CBA6CCA6B7ED607F466652 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    09:20:26.0468 4488 McTaskManager - ok
    09:20:26.0484 4488 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    09:20:26.0484 4488 Messenger - ok
    09:20:26.0515 4488 [ 1F334EB2A13816DF45671EBB98896DA7 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
    09:20:26.0515 4488 mfeapfk - ok
    09:20:26.0531 4488 [ 8A1DEDBBDAD33587F6FAD780CE4B34B5 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
    09:20:26.0531 4488 mfeavfk - ok
    09:20:26.0562 4488 [ D800E31A019A6979698EEF0507BAA746 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
    09:20:26.0562 4488 mfebopk - ok
    09:20:26.0562 4488 [ 0AE14FAB8E25C258C6EBF3827C649273 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
    09:20:26.0562 4488 mfehidk - ok
    09:20:26.0578 4488 [ E72AFC5056F6804C616E7DC32A38945F ] mferkdk C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
    09:20:26.0593 4488 mferkdk - ok
    09:20:26.0593 4488 [ A47F0F63E92730DE15D41624AB998C5C ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
    09:20:26.0593 4488 mfetdik - ok
    09:20:26.0609 4488 [ 277B8B3536C1179FE432EF2DDE294A97 ] Mkd2kfNt C:\WINDOWS\system32\drivers\Mkd2kfNt.sys
    09:20:26.0625 4488 Mkd2kfNt - ok
    09:20:26.0640 4488 [ 0716EFDA4769995C67A3450FCD36E47E ] Mkd2Nadr C:\WINDOWS\system32\drivers\Mkd2Nadr.sys
    09:20:26.0640 4488 Mkd2Nadr - ok
    09:20:26.0656 4488 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    09:20:26.0671 4488 mnmdd - ok
    09:20:26.0687 4488 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    09:20:26.0687 4488 mnmsrvc - ok
    09:20:26.0718 4488 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    09:20:26.0718 4488 Modem - ok
    09:20:26.0734 4488 [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
    09:20:26.0734 4488 motccgp - ok
    09:20:26.0750 4488 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    09:20:26.0750 4488 motccgpfl - ok
    09:20:26.0765 4488 [ A77205D70D14D153342D357DE5A4E770 ] MotioninJoyXFilter C:\WINDOWS\system32\DRIVERS\MijXfilt.sys
    09:20:26.0765 4488 MotioninJoyXFilter - ok
    09:20:26.0781 4488 [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
    09:20:26.0828 4488 motmodem - ok
    09:20:26.0890 4488 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    09:20:26.0937 4488 MotoHelper - ok
    09:20:26.0953 4488 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys
    09:20:26.0953 4488 MotoSwitchService - ok
    09:20:26.0984 4488 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
    09:20:26.0984 4488 Motousbnet - ok
    09:20:27.0000 4488 [ F18898D418F43E74A93EDC57E1F28BC9 ] motusbdevice C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
    09:20:27.0000 4488 motusbdevice - ok
    09:20:27.0015 4488 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:20:27.0015 4488 Mouclass - ok
    09:20:27.0031 4488 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:20:27.0031 4488 mouhid - ok
    09:20:27.0046 4488 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    09:20:27.0046 4488 MountMgr - ok
    09:20:27.0109 4488 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    09:20:27.0109 4488 MozillaMaintenance - ok
    09:20:27.0140 4488 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
    09:20:27.0140 4488 MPE - ok
    09:20:27.0140 4488 mraid35x - ok
    09:20:27.0140 4488 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:20:27.0140 4488 MRxDAV - ok
    09:20:27.0187 4488 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:20:27.0203 4488 MRxSmb - ok
    09:20:27.0265 4488 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    09:20:27.0265 4488 MSCamSvc - ok
    09:20:27.0296 4488 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    09:20:27.0296 4488 MSDTC - ok
    09:20:27.0312 4488 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    09:20:27.0312 4488 Msfs - ok
    09:20:27.0312 4488 MSIServer - ok
    09:20:27.0343 4488 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:20:27.0343 4488 MSKSSRV - ok
    09:20:27.0359 4488 [ 64E8B7C65EB4796939C0F64F8170821B ] msloop C:\WINDOWS\system32\DRIVERS\loop.sys
    09:20:27.0359 4488 msloop - ok
    09:20:27.0375 4488 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:20:27.0375 4488 MSPCLOCK - ok
    09:20:27.0375 4488 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    09:20:27.0375 4488 MSPQM - ok
    09:20:27.0390 4488 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:20:27.0390 4488 mssmbios - ok
    09:20:27.0406 4488 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    09:20:27.0406 4488 MSTEE - ok
    09:20:27.0421 4488 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    09:20:27.0421 4488 Mup - ok
    09:20:27.0453 4488 MySQL5 - ok
     
  20. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    09:20:27.0468 4488 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    09:20:27.0468 4488 NABTSFEC - ok
    09:20:27.0500 4488 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    09:20:27.0500 4488 napagent - ok
    09:20:27.0531 4488 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    09:20:27.0531 4488 NDIS - ok
    09:20:27.0546 4488 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    09:20:27.0546 4488 NdisIP - ok
    09:20:27.0578 4488 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:20:27.0578 4488 NdisTapi - ok
    09:20:27.0593 4488 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:20:27.0593 4488 Ndisuio - ok
    09:20:27.0593 4488 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:20:27.0593 4488 NdisWan - ok
    09:20:27.0609 4488 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    09:20:27.0609 4488 NDProxy - ok
    09:20:27.0640 4488 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    09:20:27.0640 4488 Net Driver HPZ12 - ok
    09:20:27.0640 4488 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:20:27.0640 4488 NetBIOS - ok
    09:20:27.0656 4488 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:20:27.0656 4488 NetBT - ok
    09:20:27.0671 4488 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    09:20:27.0687 4488 NetDDE - ok
    09:20:27.0687 4488 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    09:20:27.0687 4488 NetDDEdsdm - ok
    09:20:27.0718 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    09:20:27.0718 4488 Netlogon - ok
    09:20:27.0734 4488 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    09:20:27.0734 4488 Netman - ok
    09:20:27.0781 4488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    09:20:27.0812 4488 NetTcpPortSharing - ok
    09:20:27.0843 4488 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    09:20:27.0843 4488 Nla - ok
    09:20:27.0875 4488 [ B4E87D4F40C57D036E821BD06DB1D1B7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
    09:20:27.0906 4488 nmwcd - ok
    09:20:27.0937 4488 [ BEE0ADDF01D62725DDC2CC113D6B374C ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
    09:20:27.0937 4488 nmwcdc - ok
    09:20:27.0968 4488 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    09:20:27.0968 4488 Npfs - ok
    09:20:27.0968 4488 npggsvc - ok
    09:20:27.0968 4488 npkcrypt - ok
    09:20:27.0984 4488 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    09:20:27.0984 4488 Ntfs - ok
    09:20:27.0984 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    09:20:27.0984 4488 NtLmSsp - ok
    09:20:28.0015 4488 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    09:20:28.0015 4488 NtmsSvc - ok
    09:20:28.0031 4488 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    09:20:28.0031 4488 Null - ok
    09:20:28.0062 4488 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:20:28.0062 4488 NwlnkFlt - ok
    09:20:28.0078 4488 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:20:28.0078 4488 NwlnkFwd - ok
    09:20:28.0140 4488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    09:20:28.0140 4488 odserv - ok
    09:20:28.0171 4488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:20:28.0171 4488 ose - ok
    09:20:28.0187 4488 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    09:20:28.0187 4488 Parport - ok
    09:20:28.0187 4488 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    09:20:28.0187 4488 PartMgr - ok
    09:20:28.0218 4488 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    09:20:28.0218 4488 ParVdm - ok
    09:20:28.0218 4488 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    09:20:28.0218 4488 PCI - ok
    09:20:28.0218 4488 PCIDump - ok
    09:20:28.0234 4488 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:20:28.0234 4488 PCIIde - ok
    09:20:28.0250 4488 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:20:28.0265 4488 Pcmcia - ok
    09:20:28.0265 4488 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
    09:20:28.0265 4488 pcouffin - ok
    09:20:28.0265 4488 PDCOMP - ok
    09:20:28.0281 4488 PDFRAME - ok
    09:20:28.0281 4488 PDRELI - ok
    09:20:28.0281 4488 PDRFRAME - ok
    09:20:28.0281 4488 perc2 - ok
    09:20:28.0281 4488 perc2hib - ok
    09:20:28.0328 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    09:20:28.0328 4488 PlugPlay - ok
    09:20:28.0421 4488 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    09:20:28.0500 4488 PMBDeviceInfoProvider - ok
    09:20:28.0546 4488 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    09:20:28.0546 4488 Pml Driver HPZ12 - ok
    09:20:28.0578 4488 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
    09:20:28.0578 4488 PnkBstrA - ok
    09:20:28.0578 4488 Point32 - ok
    09:20:28.0578 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    09:20:28.0578 4488 PolicyAgent - ok
    09:20:28.0609 4488 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:20:28.0609 4488 PptpMiniport - ok
    09:20:28.0609 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    09:20:28.0609 4488 ProtectedStorage - ok
    09:20:28.0625 4488 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    09:20:28.0640 4488 PSched - ok
    09:20:28.0656 4488 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:20:28.0656 4488 Ptilink - ok
    09:20:28.0671 4488 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    09:20:28.0687 4488 PxHelp20 - ok
    09:20:28.0687 4488 ql1080 - ok
    09:20:28.0687 4488 Ql10wnt - ok
    09:20:28.0687 4488 ql12160 - ok
    09:20:28.0687 4488 ql1240 - ok
    09:20:28.0703 4488 ql1280 - ok
    09:20:28.0718 4488 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:20:28.0718 4488 RasAcd - ok
    09:20:28.0734 4488 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    09:20:28.0734 4488 RasAuto - ok
    09:20:28.0750 4488 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:20:28.0750 4488 Rasl2tp - ok
    09:20:28.0812 4488 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    09:20:28.0828 4488 RasMan - ok
    09:20:28.0828 4488 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:20:28.0828 4488 RasPppoe - ok
    09:20:28.0843 4488 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:20:28.0843 4488 Raspti - ok
    09:20:28.0859 4488 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:20:28.0859 4488 Rdbss - ok
    09:20:28.0859 4488 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:20:28.0859 4488 RDPCDD - ok
    09:20:28.0890 4488 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:20:28.0890 4488 rdpdr - ok
    09:20:28.0921 4488 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    09:20:28.0937 4488 RDPWD - ok
    09:20:28.0953 4488 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    09:20:28.0953 4488 RDSessMgr - ok
    09:20:28.0968 4488 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:20:28.0968 4488 redbook - ok
    09:20:29.0000 4488 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    09:20:29.0000 4488 RemoteAccess - ok
    09:20:29.0015 4488 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    09:20:29.0015 4488 RemoteRegistry - ok
    09:20:29.0031 4488 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    09:20:29.0031 4488 RpcLocator - ok
    09:20:29.0062 4488 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    09:20:29.0062 4488 RpcSs - ok
    09:20:29.0093 4488 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
    09:20:29.0093 4488 rspndr - ok
    09:20:29.0109 4488 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    09:20:29.0109 4488 RSVP - ok
    09:20:29.0140 4488 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    09:20:29.0140 4488 RTLE8023xp - ok
    09:20:29.0156 4488 [ D7A84EF8F953A2D704580E4E73E00011 ] s716bus C:\WINDOWS\system32\DRIVERS\s716bus.sys
    09:20:29.0156 4488 s716bus - ok
    09:20:29.0187 4488 [ C5B509CDEEB733EFAFADC2D93BC77712 ] s716mdfl C:\WINDOWS\system32\DRIVERS\s716mdfl.sys
    09:20:29.0187 4488 s716mdfl - ok
    09:20:29.0203 4488 [ DC3DEC64860878540B374DC7D15D921F ] s716mdm C:\WINDOWS\system32\DRIVERS\s716mdm.sys
    09:20:29.0203 4488 s716mdm - ok
    09:20:29.0203 4488 [ 047FD555D897333AD9F61B1D4CC7C114 ] s716mgmt C:\WINDOWS\system32\DRIVERS\s716mgmt.sys
    09:20:29.0203 4488 s716mgmt - ok
    09:20:29.0234 4488 [ 2858193E91EEF964E41B6A032E1E4418 ] s716nd5 C:\WINDOWS\system32\DRIVERS\s716nd5.sys
    09:20:29.0234 4488 s716nd5 - ok
    09:20:29.0234 4488 [ CC6C212585891614CC2059BA48D27A86 ] s716obex C:\WINDOWS\system32\DRIVERS\s716obex.sys
    09:20:29.0234 4488 s716obex - ok
    09:20:29.0250 4488 [ AAAEEBA9FA0ECB0DE6BBA59F955CDEFB ] s716unic C:\WINDOWS\system32\DRIVERS\s716unic.sys
    09:20:29.0250 4488 s716unic - ok
    09:20:29.0281 4488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    09:20:29.0281 4488 SamSs - ok
    09:20:29.0296 4488 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    09:20:29.0296 4488 SCardSvr - ok
    09:20:29.0343 4488 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    09:20:29.0343 4488 Schedule - ok
    09:20:29.0359 4488 [ A643D6DF1B7546256B11FB5D6B5D1375 ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
    09:20:29.0359 4488 SCREAMINGBDRIVER - ok
    09:20:29.0375 4488 sdbuss - ok
    09:20:29.0375 4488 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:20:29.0390 4488 Secdrv - ok
    09:20:29.0390 4488 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    09:20:29.0390 4488 seclogon - ok
    09:20:29.0406 4488 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    09:20:29.0406 4488 SENS - ok
    09:20:29.0421 4488 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:20:29.0421 4488 serenum - ok
    09:20:29.0437 4488 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    09:20:29.0437 4488 Serial - ok
    09:20:29.0468 4488 [ 277D0890E10584C216BCCFA4EF6B9B3D ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    09:20:29.0484 4488 ServiceLayer - ok
    09:20:29.0500 4488 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    09:20:29.0500 4488 Sfloppy - ok
    09:20:29.0531 4488 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    09:20:29.0546 4488 SharedAccess - ok
    09:20:29.0578 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    09:20:29.0578 4488 ShellHWDetection - ok
    09:20:29.0593 4488 Simbad - ok
    09:20:29.0750 4488 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    09:20:29.0812 4488 Skype C2C Service - ok
    09:20:29.0859 4488 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    09:20:29.0859 4488 SkypeUpdate - ok
    09:20:29.0875 4488 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    09:20:29.0875 4488 SLIP - ok
    09:20:29.0937 4488 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    09:20:29.0937 4488 SonicStage Back-End Service - ok
    09:20:29.0937 4488 Sparrow - ok
    09:20:29.0953 4488 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    09:20:29.0953 4488 splitter - ok
    09:20:29.0984 4488 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    09:20:29.0984 4488 Spooler - ok
    09:20:30.0015 4488 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    09:20:30.0015 4488 sr - ok
    09:20:30.0046 4488 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    09:20:30.0046 4488 srservice - ok
    09:20:30.0062 4488 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    09:20:30.0062 4488 Srv - ok
    09:20:30.0093 4488 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    09:20:30.0093 4488 ssadbus - ok
    09:20:30.0109 4488 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    09:20:30.0109 4488 ssadmdfl - ok
    09:20:30.0140 4488 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    09:20:30.0140 4488 ssadmdm - ok
    09:20:30.0156 4488 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    09:20:30.0156 4488 SSDPSRV - ok
    09:20:30.0187 4488 [ A322501277D7733F5266581B79B8CC79 ] SSHDRV65 C:\WINDOWS\system32\drivers\SSHDRV65.sys
    09:20:30.0187 4488 SSHDRV65 - ok
    09:20:30.0187 4488 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    09:20:30.0187 4488 SSScsiSV - ok
    09:20:30.0218 4488 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
    09:20:30.0234 4488 ssudmdm - ok
    09:20:30.0250 4488 Steam Client Service - ok
    09:20:30.0265 4488 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    09:20:30.0265 4488 stisvc - ok
    09:20:30.0296 4488 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    09:20:30.0296 4488 streamip - ok
    09:20:30.0312 4488 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:20:30.0312 4488 swenum - ok
    09:20:30.0328 4488 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    09:20:30.0328 4488 swmidi - ok
    09:20:30.0328 4488 SwPrv - ok
    09:20:30.0343 4488 symc810 - ok
    09:20:30.0343 4488 symc8xx - ok
    09:20:30.0343 4488 sym_hi - ok
    09:20:30.0343 4488 sym_u3 - ok
    09:20:30.0359 4488 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    09:20:30.0359 4488 sysaudio - ok
    09:20:30.0390 4488 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    09:20:30.0390 4488 SysmonLog - ok
    09:20:30.0421 4488 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
    09:20:30.0421 4488 tap0901 - ok
    09:20:30.0437 4488 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    09:20:30.0453 4488 TapiSrv - ok
    09:20:30.0500 4488 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:20:30.0500 4488 Tcpip - ok
    09:20:30.0562 4488 tcpip helper - ok
    09:20:30.0578 4488 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:20:30.0578 4488 TDPIPE - ok
    09:20:30.0578 4488 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    09:20:30.0578 4488 TDTCP - ok
    09:20:30.0593 4488 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:20:30.0593 4488 TermDD - ok
    09:20:30.0609 4488 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    09:20:30.0625 4488 TermService - ok
    09:20:30.0656 4488 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    09:20:30.0656 4488 Themes - ok
    09:20:30.0671 4488 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    09:20:30.0687 4488 TlntSvr - ok
    09:20:30.0687 4488 TosIde - ok
    09:20:30.0703 4488 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    09:20:30.0718 4488 TrkWks - ok
    09:20:30.0734 4488 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
    09:20:30.0734 4488 TuneUp.Defrag - ok
    09:20:30.0750 4488 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    09:20:30.0750 4488 Udfs - ok
    09:20:30.0765 4488 ultra - ok
    09:20:30.0781 4488 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    09:20:30.0781 4488 Update - ok
    09:20:30.0812 4488 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    09:20:30.0812 4488 upnphost - ok
    09:20:30.0843 4488 [ F5D2AA9D56A3A01A190D01CD961BA0E7 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    09:20:30.0843 4488 upperdev - ok
    09:20:30.0843 4488 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    09:20:30.0859 4488 UPS - ok
    09:20:30.0875 4488 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    09:20:30.0953 4488 USBAAPL - ok
    09:20:30.0968 4488 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    09:20:30.0968 4488 usbaudio - ok
    09:20:31.0000 4488 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:20:31.0000 4488 usbccgp - ok
    09:20:31.0015 4488 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:20:31.0015 4488 usbehci - ok
    09:20:31.0015 4488 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:20:31.0015 4488 usbhub - ok
    09:20:31.0046 4488 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:20:31.0046 4488 usbprint - ok
    09:20:31.0062 4488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:20:31.0062 4488 usbscan - ok
    09:20:31.0093 4488 [ EB2D3830646E393776E1EF98AC76A43D ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    09:20:31.0093 4488 UsbserFilt - ok
    09:20:31.0109 4488 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:20:31.0109 4488 USBSTOR - ok
    09:20:31.0109 4488 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:20:31.0109 4488 usbuhci - ok
    09:20:31.0140 4488 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
    09:20:31.0140 4488 UxTuneUp - ok
    09:20:31.0156 4488 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    09:20:31.0156 4488 VgaSave - ok
    09:20:31.0171 4488 ViaIde - ok
    09:20:31.0187 4488 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    09:20:31.0187 4488 VolSnap - ok
    09:20:31.0218 4488 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    09:20:31.0218 4488 VSS - ok
    09:20:31.0296 4488 [ F4FAB0B9D43A65F79FC838C94006F643 ] VX1000 C:\WINDOWS\system32\DRIVERS\VX1000.sys
    09:20:31.0343 4488 VX1000 - ok
    09:20:31.0359 4488 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    09:20:31.0359 4488 W32Time - ok
    09:20:31.0421 4488 [ 97ED5AA5FBAA105EF614B8C240B62BA1 ] wampapache c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    09:20:31.0421 4488 wampapache - ok
    09:20:31.0437 4488 wampmysqld - ok
    09:20:31.0453 4488 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:20:31.0453 4488 Wanarp - ok
    09:20:31.0468 4488 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    09:20:31.0468 4488 WDC_SAM - ok
    09:20:31.0500 4488 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    09:20:31.0500 4488 Wdf01000 - ok
    09:20:31.0500 4488 WDICA - ok
    09:20:31.0515 4488 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    09:20:31.0531 4488 wdmaud - ok
    09:20:31.0562 4488 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    09:20:31.0562 4488 WebClient - ok
    09:20:31.0609 4488 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
    09:20:31.0609 4488 WinDefend - ok
    09:20:31.0671 4488 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    09:20:31.0671 4488 winmgmt - ok
    09:20:31.0703 4488 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    09:20:31.0703 4488 WinUSB - ok
    09:20:31.0750 4488 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    09:20:31.0812 4488 wlidsvc - ok
    09:20:31.0828 4488 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    09:20:31.0843 4488 WmdmPmSN - ok
    09:20:31.0875 4488 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    09:20:31.0890 4488 Wmi - ok
    09:20:31.0906 4488 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    09:20:31.0906 4488 WmiApSrv - ok
    09:20:31.0984 4488 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    09:20:32.0000 4488 WMPNetworkSvc - ok
    09:20:32.0031 4488 [ 1AC313913F66D8DCFB78D2B6E1672952 ] wod0205 C:\WINDOWS\system32\DRIVERS\wod0205.sys
    09:20:32.0031 4488 wod0205 - ok
    09:20:32.0046 4488 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    09:20:32.0046 4488 WpdUsb - ok
    09:20:32.0109 4488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    09:20:32.0125 4488 WPFFontCache_v0400 - ok
    09:20:32.0156 4488 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    09:20:32.0156 4488 WS2IFSL - ok
    09:20:32.0171 4488 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    09:20:32.0187 4488 wscsvc - ok
    09:20:32.0187 4488 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    09:20:32.0187 4488 WSTCODEC - ok
    09:20:32.0203 4488 [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    09:20:32.0218 4488 wuauserv - ok
    09:20:32.0250 4488 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:20:32.0250 4488 WudfPf - ok
    09:20:32.0265 4488 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:20:32.0265 4488 WudfRd - ok
    09:20:32.0281 4488 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    09:20:32.0281 4488 WudfSvc - ok
    09:20:32.0312 4488 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    09:20:32.0328 4488 WZCSVC - ok
    09:20:32.0343 4488 XDva037 - ok
    09:20:32.0343 4488 XDva104 - ok
    09:20:32.0343 4488 XDva121 - ok
    09:20:32.0343 4488 XDva132 - ok
    09:20:32.0343 4488 XDva158 - ok
    09:20:32.0359 4488 XDva165 - ok
    09:20:32.0359 4488 XDva167 - ok
    09:20:32.0359 4488 XDva170 - ok
    09:20:32.0359 4488 XDva177 - ok
    09:20:32.0359 4488 XDva189 - ok
    09:20:32.0375 4488 XDva190 - ok
    09:20:32.0375 4488 XDva195 - ok
    09:20:32.0375 4488 XDva204 - ok
    09:20:32.0375 4488 XDva208 - ok
    09:20:32.0390 4488 XDva332 - ok
    09:20:32.0390 4488 XDva386 - ok
    09:20:32.0390 4488 XDva390 - ok
    09:20:32.0390 4488 XDva397 - ok
    09:20:32.0406 4488 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    09:20:32.0421 4488 xmlprov - ok
    09:20:32.0437 4488 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
    09:20:32.0437 4488 xusb21 - ok
    09:20:32.0453 4488 ================ Scan global ===============================
    09:20:32.0484 4488 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    09:20:32.0515 4488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:20:32.0531 4488 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:20:32.0562 4488 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    09:20:32.0562 4488 [Global] - ok
    09:20:32.0562 4488 ================ Scan MBR ==================================
    09:20:32.0578 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    09:20:32.0578 4488 \Device\Harddisk3\DR3 - ok
    09:20:32.0593 4488 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    09:20:32.0750 4488 \Device\Harddisk0\DR0 - ok
    09:20:32.0765 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    09:20:32.0765 4488 \Device\Harddisk1\DR1 - ok
    09:20:32.0781 4488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    09:20:32.0781 4488 \Device\Harddisk2\DR2 - ok
    09:20:32.0781 4488 ================ Scan VBR ==================================
    09:20:32.0781 4488 [ 82406F736592EB36AD663B8113CB6F94 ] \Device\Harddisk3\DR3\Partition1
    09:20:32.0781 4488 \Device\Harddisk3\DR3\Partition1 - ok
    09:20:32.0796 4488 [ EA3BAFB9F4E7FC87056070AFD0795C0D ] \Device\Harddisk3\DR3\Partition2
    09:20:32.0796 4488 \Device\Harddisk3\DR3\Partition2 - ok
    09:20:32.0812 4488 [ 662B5CAD01AA81FE09534A3A934694DA ] \Device\Harddisk0\DR0\Partition1
    09:20:32.0812 4488 \Device\Harddisk0\DR0\Partition1 - ok
    09:20:32.0828 4488 [ 69CBEA82CD02EE26991834BA631B79B2 ] \Device\Harddisk0\DR0\Partition2
    09:20:32.0828 4488 \Device\Harddisk0\DR0\Partition2 - ok
    09:20:32.0828 4488 [ 10C97AB5BA5542D2175C9E002838E888 ] \Device\Harddisk1\DR1\Partition1
    09:20:32.0828 4488 \Device\Harddisk1\DR1\Partition1 - ok
    09:20:32.0828 4488 [ 4DE91B380150BF20874F65F43823AC5F ] \Device\Harddisk1\DR1\Partition2
    09:20:32.0828 4488 \Device\Harddisk1\DR1\Partition2 - ok
    09:20:32.0828 4488 [ F572D626B09E08EC99416E482BD35AC5 ] \Device\Harddisk2\DR2\Partition1
    09:20:32.0828 4488 \Device\Harddisk2\DR2\Partition1 - ok
    09:20:32.0828 4488 ============================================================
    09:20:32.0828 4488 Scan finished
    09:20:32.0828 4488 ============================================================
    09:20:32.0843 5688 Detected object count: 1
    09:20:32.0843 5688 Actual detected object count: 1
    09:21:02.0890 5688 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    09:21:02.0890 5688 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  21. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Looks good.

    How is computer doing?

    =====================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    =====================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =====================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Everything seems fine. The folder containing HRUPPROG doesn't automatically open after rebooting anymore. (This was before running any of the tools you've provided me in the last post.) Here are the logs you wanted.

    AdwCleaner[S2].txt
    # AdwCleaner v2.105 - Logfile created 01/17/2013 at 16:58:42
    # Updated 08/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : ccw - COMPANY-6EF3B74
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\SweetIM
    File Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\searchplugins\Conduit.xml
    File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\cacaoweb
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\Conduit
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\ConduitCommon
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT2124320
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT2405280
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\CT3220468
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\cacaoweb@cacaoweb.org
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\Smartbar
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\ccw\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\ccw\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\ccw\Local Settings\Application Data\Messenger_Plus_Live
    Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Common Files\spigot
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Messenger_Plus_Live
    Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ocr@babylon.com
    Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
    Folder Deleted : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\cacaoweb
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\FunWebProducts
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Messenger_Plus_Live
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9B339F6E-DDCD-401B-8764-230ADBD01761}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B339F6E-DDCD-401B-8764-230ADBD01761}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B339F6E-DDCD-401B-8764-230ADBD01761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2124320
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Messenger_Plus_Live
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD617AE-D6B8-4D13-ABE0-DAA50C7E0BE7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E226123-0194-428A-A96A-E1C4F662493C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Messenger_Plus_Live Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B339F6E-DDCD-401B-8764-230ADBD01761}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{398F4CBF-01CE-475D-B9E4-E0A8970039EF}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger_Plus_Live Toolbar
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SweetIM
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9B339F6E-DDCD-401B-8764-230ADBD01761}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3212_4&babsrc=NT_ss&mntrId=58dc856500000000000000ff3c7d56c8 --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\prefs.js

    C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\user.js ... Deleted !

    Deleted : user_pref("CT2124320..clientLogIsEnabled", false);
    Deleted : user_pref("CT2124320..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2124320..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2124320.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2124320.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129454520457806688", true);
    Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129454520458275440", true);
    Deleted : user_pref("CT2124320.BrowserCompStateIsOpen_129785340591042927", true);
    Deleted : user_pref("CT2124320.CT2124320", "CT2124320");
    Deleted : user_pref("CT2124320.CommunitiesChangesLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2124320.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
    Deleted : user_pref("CT2124320.CurrentServerDate", "15-1-2013");
    Deleted : user_pref("CT2124320.DSInstall", false);
    Deleted : user_pref("CT2124320.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2124320.DialogsGetterLastCheckTime", "Sun Jan 13 2013 18:34:01 GMT+0800 (Malay Peninsul[...]
    Deleted : user_pref("CT2124320.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2124320.FirstServerDate", "14-7-2012");
    Deleted : user_pref("CT2124320.FirstTime", true);
    Deleted : user_pref("CT2124320.FirstTimeFF3", true);
    Deleted : user_pref("CT2124320.FirstTimeHiddenVer", true);
    Deleted : user_pref("CT2124320.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2124320.GroupingLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Peninsula Sta[...]
    Deleted : user_pref("CT2124320.GroupingLastResponse", false);
    Deleted : user_pref("CT2124320.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2124320.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2124320.HPInstall", false);
    Deleted : user_pref("CT2124320.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2124320.Initialize", true);
    Deleted : user_pref("CT2124320.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2124320.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2124320.InstallationType", "Unknown");
    Deleted : user_pref("CT2124320.InstalledDate", "Sun Jul 15 2012 04:40:24 GMT+0800 (Malay Peninsula Standard Ti[...]
    Deleted : user_pref("CT2124320.IsGrouping", true);
    Deleted : user_pref("CT2124320.IsInitSetupIni", true);
    Deleted : user_pref("CT2124320.IsMulticommunity", false);
    Deleted : user_pref("CT2124320.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2124320.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2124320.LanguagePackLastCheckTime", "Tue Jan 15 2013 06:48:51 GMT+0800 (Malay Peninsula[...]
    Deleted : user_pref("CT2124320.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2124320.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2124320.LastLogin_3.13.0.6", "Mon Jul 16 2012 12:02:38 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2124320.LastLogin_3.14.1.0", "Wed Aug 22 2012 06:19:02 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2124320.LastLogin_3.15.1.0", "Wed Nov 07 2012 02:32:41 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2124320.LastLogin_3.16.0.3", "Tue Jan 15 2013 06:48:50 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2124320.LatestVersion", "3.16.0.3");
    Deleted : user_pref("CT2124320.Locale", "en-us");
    Deleted : user_pref("CT2124320.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2124320.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2124320.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2124320.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2124320.OriginalFirstVersion", "3.13.0.6");
    Deleted : user_pref("CT2124320.SearchCaption", "Messenger Plus Live Customized Web Search");
    Deleted : user_pref("CT2124320.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2124320.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT212[...]
    Deleted : user_pref("CT2124320.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2124320.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2124320.SearchInNewTabLastCheckTime", "Tue Jan 15 2013 06:48:49 GMT+0800 (Malay Peninsu[...]
    Deleted : user_pref("CT2124320.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2124320.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2124320.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2124320.ServiceMapLastCheckTime", "Tue Jan 15 2013 06:48:49 GMT+0800 (Malay Peninsula S[...]
    Deleted : user_pref("CT2124320.SettingsLastCheckTime", "Tue Jan 15 2013 06:48:48 GMT+0800 (Malay Peninsula Sta[...]
    Deleted : user_pref("CT2124320.SettingsLastUpdate", "1358179894");
    Deleted : user_pref("CT2124320.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13");
    Deleted : user_pref("CT2124320.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2124320.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2124320");
    Deleted : user_pref("CT2124320.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2124320.UserID", "UN03092849466796055");
    Deleted : user_pref("CT2124320.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2124320.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2124320.initDone", true);
    Deleted : user_pref("CT2124320.myStuffEnabled", true);
    Deleted : user_pref("CT2124320.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2124320.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2124320.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2124320.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2124320.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2124320.revertSettingsEnabled", true);
    Deleted : user_pref("CT2124320.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2124320.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2124320.testingCtid", "");
    Deleted : user_pref("CT2124320.toolbarAppMetaDataLastCheckTime", "Tue Jan 15 2013 06:48:52 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2124320.usagesFlag", 2);
    Deleted : user_pref("CT2405280..clientLogIsEnabled", false);
    Deleted : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2405280.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129774179987157757", true);
    Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129784483889712321", true);
    Deleted : user_pref("CT2405280.BrowserCompStateIsOpen_129791224268491262", true);
    Deleted : user_pref("CT2405280.CT2405280", "CT2405280");
    Deleted : user_pref("CT2405280.CurrentServerDate", "15-1-2013");
    Deleted : user_pref("CT2405280.DSInstall", false);
    Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2405280.DialogsGetterLastCheckTime", "Sun Jan 13 2013 18:34:04 GMT+0800 (Malay Peninsul[...]
    Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Sun Jul 15 2012 04:40:09 GMT+0800 (Malay Peninsula Sta[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261706866434151", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707012811589", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707384123612", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707412150447", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707418280754", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707599928299", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707617263572", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707752362117", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707795264368", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707808925892", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707869626670", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707927596866", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261707979233386", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708034493544", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708039069553", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708204445100", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708227524777", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708292165278", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708353935180", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708439778168", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708441073195", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708501569511", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708831214041", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708861663992", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708872995288", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708956613188", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261708999019736", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709029944985", "Sun Jul 15 2012 04:40:33 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709040316547", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709118321128", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709147189875", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709273103006", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709334228118", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709396042055", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709489005996", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709505836033", "Sun Jul 15 2012 04:40:30 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709733509620", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709917159621", "Sun Jul 15 2012 04:40:20 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709924030613", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261709992975824", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710020959596", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710022683544", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710146768558", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710237979418", "Sun Jul 15 2012 04:40:17 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710281192798", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710293301155", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710367954069", "Sun Jul 15 2012 04:40:18 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710537116573", "Sun Jul 15 2012 04:40:19 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710539360442", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710710752156", "Sun Jul 15 2012 04:40:32 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710876567422", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedPollDate1783261710898547036", "Sun Jul 15 2012 04:40:31 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.FeedTTL1783261706866434151", 30);
    Deleted : user_pref("CT2405280.FeedTTL1783261707418280754", 60);
    Deleted : user_pref("CT2405280.FeedTTL1783261707617263572", 15);
    Deleted : user_pref("CT2405280.FeedTTL1783261707752362117", 1440);
    Deleted : user_pref("CT2405280.FeedTTL1783261707979233386", 5);
    Deleted : user_pref("CT2405280.FeedTTL1783261708034493544", 30);
    Deleted : user_pref("CT2405280.FeedTTL1783261708039069553", 15);
    Deleted : user_pref("CT2405280.FeedTTL1783261708439778168", 15);
    Deleted : user_pref("CT2405280.FeedTTL1783261708441073195", 15);
    Deleted : user_pref("CT2405280.FeedTTL1783261708872995288", 5);
    Deleted : user_pref("CT2405280.FeedTTL1783261709147189875", 2);
    Deleted : user_pref("CT2405280.FeedTTL1783261709334228118", 10);
    Deleted : user_pref("CT2405280.FeedTTL1783261709396042055", 15);
    Deleted : user_pref("CT2405280.FeedTTL1783261709505836033", 5);
    Deleted : user_pref("CT2405280.FeedTTL1783261709917159621", 5);
    Deleted : user_pref("CT2405280.FeedTTL1783261710281192798", 2);
    Deleted : user_pref("CT2405280.FeedTTL1783261710367954069", 10);
    Deleted : user_pref("CT2405280.FeedTTL1783261710537116573", 5);
    Deleted : user_pref("CT2405280.FeedTTL1783261710876567422", 2);
    Deleted : user_pref("CT2405280.FeedTTL1783261710898547036", 15);
    Deleted : user_pref("CT2405280.FirstServerDate", "14-7-2012");
    Deleted : user_pref("CT2405280.FirstTime", true);
    Deleted : user_pref("CT2405280.FirstTimeFF3", true);
    Deleted : user_pref("CT2405280.FirstTimeHiddenVer", true);
    Deleted : user_pref("CT2405280.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2405280.HPInstall", false);
    Deleted : user_pref("CT2405280.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2405280.Initialize", true);
    Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2405280.InstallationType", "Unknown");
    Deleted : user_pref("CT2405280.InstalledDate", "Sun Jul 15 2012 04:40:33 GMT+0800 (Malay Peninsula Standard Ti[...]
    Deleted : user_pref("CT2405280.InvalidateCache", false);
    Deleted : user_pref("CT2405280.IsGrouping", false);
    Deleted : user_pref("CT2405280.IsInitSetupIni", true);
    Deleted : user_pref("CT2405280.IsMulticommunity", false);
    Deleted : user_pref("CT2405280.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Peninsula[...]
    Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2405280.LastLogin_3.13.0.6", "Mon Jul 16 2012 12:02:37 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2405280.LastLogin_3.14.1.0", "Wed Aug 22 2012 06:19:01 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2405280.LastLogin_3.15.1.0", "Wed Nov 07 2012 02:32:40 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2405280.LastLogin_3.16.0.100", "Tue Jan 15 2013 06:48:56 GMT+0800 (Malay Peninsula Stan[...]
    Deleted : user_pref("CT2405280.LastLogin_3.16.0.3", "Mon Dec 31 2012 07:42:01 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2405280.LatestVersion", "3.16.0.3");
    Deleted : user_pref("CT2405280.Locale", "en-us");
    Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2405280.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2405280.OriginalFirstVersion", "3.13.0.6");
    Deleted : user_pref("CT2405280.RadioIsPodcast", false);
    Deleted : user_pref("CT2405280.RadioLastCheckTime", "Sun Jul 15 2012 04:40:13 GMT+0800 (Malay Peninsula Standa[...]
    Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
    Deleted : user_pref("CT2405280.RadioMediaID", "9962");
    Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT24052809962");
    Deleted : user_pref("CT2405280.RadioShrinkedFromSetup", false);
    Deleted : user_pref("CT2405280.RadioStationName", "California%20Rock");
    Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Deleted : user_pref("CT2405280.SearchCaption", "ST-Eng7 Customized Web Search");
    Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
    Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Jan 15 2013 06:48:52 GMT+0800 (Malay Peninsu[...]
    Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2405280.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2405280.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Peninsula S[...]
    Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Tue Jan 15 2013 06:48:50 GMT+0800 (Malay Peninsula Sta[...]
    Deleted : user_pref("CT2405280.SettingsLastUpdate", "1358179895");
    Deleted : user_pref("CT2405280.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13");
    Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Sun Jul 15 2012 04:39:00 GMT+0800 (Malay Penin[...]
    Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1331805997");
    Deleted : user_pref("CT2405280.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2405280");
    Deleted : user_pref("CT2405280.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2405280.UserID", "UN64606146701088816");
    Deleted : user_pref("CT2405280.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2405280.WeatherNetwork", "");
    Deleted : user_pref("CT2405280.WeatherPollDate", "Sun Jul 15 2012 04:40:09 GMT+0800 (Malay Peninsula Standard [...]
    Deleted : user_pref("CT2405280.WeatherUnit", "C");
    Deleted : user_pref("CT2405280.alertChannelId", "799768");
    Deleted : user_pref("CT2405280.backendstorage.cbcountry_001", "4D59");
    Deleted : user_pref("CT2405280.backendstorage.cbfirsttime", "53756E204A756C20313520323031322030343A34313A30322[...]
    Deleted : user_pref("CT2405280.backendstorage.ct2405280isadsdisabled", "66616C7365");
    Deleted : user_pref("CT2405280.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "653935656432646461613164[...]
    Deleted : user_pref("CT2405280.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "653935656432646461613164[...]
    Deleted : user_pref("CT2405280.backendstorage.shoppingapp.gk.exipres", "467269204A756C20323020323031322030343A[...]
    Deleted : user_pref("CT2405280.backendstorage.shoppingapp.gk.geolocation", "6D616C6179736961");
    Deleted : user_pref("CT2405280.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2405280.globalFirstTimeInfoLastCheckTime", "Sun Jul 15 2012 04:40:15 GMT+0800 (Malay Pe[...]
    Deleted : user_pref("CT2405280.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2405280.initDone", true);
    Deleted : user_pref("CT2405280.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2405280.isFirstRadioInstallation", false);
    Deleted : user_pref("CT2405280.myStuffEnabled", true);
    Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2405280.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2405280.revertSettingsEnabled", true);
    Deleted : user_pref("CT2405280.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2405280.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2405280.testingCtid", "");
    Deleted : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Jan 15 2013 06:48:55 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Sun Jul 15 2012 04:40:26 GMT+0800 (Malay Pen[...]
    Deleted : user_pref("CT2405280.usagesFlag", 2);
    Deleted : user_pref("CT3220468.129813684259252248.APP_WIN_FEATURES", "resizable=0,saveresizedsize=0,titlebar=0[...]
    Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348776377,\"uuid\":690548700038530,\"seq_id\":1,\"ss[...]
    Deleted : user_pref("CT3220468.BT_Usage", "{\"uuid\":690548700038530,\"seq_id\":3}");
    Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3220468.FirstTime", "true");
    Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
    Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
    Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
    Deleted : user_pref("CT3220468.UserID", "UN48888037723146956");
    Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.autoDisableScopes", -1);
    Deleted : user_pref("CT3220468.cbcountry_001", "MY");
    Deleted : user_pref("CT3220468.cbfirsttime", "Fri Sep 28 2012 04:06:06 GMT+0800 (Malay Peninsula Standard Time[...]
    Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
    Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3220468.enableAlerts", "always");
    Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
    Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3220468.fixUrls", true);
    Deleted : user_pref("CT3220468.installId", "fft3C.tmp.exe");
    Deleted : user_pref("CT3220468.installType", "XPE");
    Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3220468.isNewTabEnabled", true);
    Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT3220468.openThankYouPage", "true");
    Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
    Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
    Deleted : user_pref("CT3220468.search.searchCount", "0");
    Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348776363213");
    Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348776362917");
    Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348776364541");
    Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353297136672");
    Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358073364506");
    Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348776365661");
    Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348776363032");
    Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1358038459696");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348776364510");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1358073363703");
    Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1358038460404");
    Deleted : user_pref("CT3220468.settingsINI", true);
    Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
    Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3220468.smartbar.isHidden", true);
    Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
    Deleted : user_pref("CT3220468.toolbarBornServerTime", "27-9-2012");
    Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "13-1-2013");
    Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
    Deleted : user_pref("CT3220468.url_history0001", "hxxp://www.iptorrents.com/details.php?id=694913:::clickhandl[...]
    Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2124320/CT2124320[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/MY", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2124320", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2124320",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2405280",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\ccw\\Application D[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2124320,CT2405280");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2124320,CT2405280");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2124320,CT2405280");
    Deleted : user_pref("CommunityToolbar.globalUserId", "39af4580-4f1b-4f99-9147-4f2986dc252f");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 15 2012 04:40:2[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 15 2012 04:40:42 GMT+080[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 15 2012 04:39:00 GMT+0800 (M[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "5eae986c-9ac7-43a4-8bd8-e77aa9bb869f");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111015&tt=090812_bab_3212_4");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 11);
    Deleted : user_pref("extensions.BabylonToolbar.cntry", "MY");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "95D6294DA92513FDBFBA6851BD52429A");
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
    Deleted : user_pref("extensions.BabylonToolbar.id", "58dc856500000000000000ff3c7d56c8");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15563");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111015&tt=090812[...]
    Deleted : user_pref("extensions.BabylonToolbar.lastActv", "14");
    Deleted : user_pref("extensions.BabylonToolbar.lastDP", 11);
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.623:28:58");
    Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=111015&tt=090812_[...]
    Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 83212783);
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.sg", "none");
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.623:28:58");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=090812_bab_3212_4");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.623:28:58");
    Deleted : user_pref("searchreset.backup.browser.newtab.url", "hxxp://search.babylon.com/?affID=111015&tt=09081[...]
    Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.babylon.com/?affID=111015&tt=090812_bab_3[...]

    File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9sm5ewo3.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S2].txt - [47575 octets] - [17/01/2013 16:58:42]

    ########## EOF - C:\AdwCleaner[S2].txt - [47636 octets] ##########
     
  23. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    JRT.txt
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.3 (01.15.2013:1)
    OS: Microsoft Windows XP x86
    Ran by ccw on Thu 01/17/2013 at 17:05:19.39
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2025429265-1035525444-682003330-1003\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"



    ~~~ FireFox

    Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com"
    Emptied folder: C:\Documents and Settings\ccw\Application Data\mozilla\firefox\profiles\jra73cwe.default\minidumps [5 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/17/2013 at 17:08:32.28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    OTL.txt
    OTL logfile created on: 1/17/2013 5:17:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ccw\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free
    3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.82% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 41.96 Gb Free Space | 28.65% Space Free | Partition Type: NTFS
    Drive D: | 151.60 Gb Total Space | 64.77 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
    Drive G: | 117.19 Gb Total Space | 89.48 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
    Drive H: | 115.69 Gb Total Space | 36.64 Gb Free Space | 31.67% Space Free | Partition Type: NTFS
    Drive I: | 146.48 Gb Total Space | 52.09 Gb Free Space | 35.56% Space Free | Partition Type: NTFS
    Drive J: | 151.61 Gb Total Space | 141.38 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
    Drive L: | 465.76 Gb Total Space | 96.21 Gb Free Space | 20.66% Space Free | Partition Type: NTFS

    Computer Name: COMPANY-6EF3B74 | User Name: ccw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/17 16:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
    PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- I:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2012/12/05 01:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- L:\Program Files\Hi-Rez Studios\HiPatchService.exe
    PRC - [2011/12/16 16:24:22 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2011/08/22 07:48:18 | 000,504,112 | ---- | M] (COMODO) -- L:\Program Files\Comodo Unite\crdphService.exe
    PRC - [2011/08/22 07:48:18 | 000,360,752 | ---- | M] (COMODO) -- L:\Program Files\Comodo Unite\EzVpnSvc.exe
    PRC - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/08/09 06:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/18 03:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2006/11/30 21:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/13 10:06:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
    MOD - [2013/01/13 09:31:05 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
    MOD - [2013/01/13 09:30:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/13 09:22:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
    MOD - [2013/01/13 09:21:32 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
    MOD - [2013/01/13 09:21:25 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
    MOD - [2013/01/13 09:21:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
    MOD - [2013/01/13 09:21:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
    MOD - [2013/01/13 09:21:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
    MOD - [2013/01/13 09:20:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
    MOD - [2013/01/13 09:20:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
    MOD - [2012/07/27 21:21:24 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/12/16 16:24:04 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    MOD - [2011/08/22 07:48:18 | 001,126,704 | ---- | M] () -- L:\Program Files\Comodo Unite\EngineServiceBridge.dll
    MOD - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    MOD - [2011/08/09 06:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- H:\Program Files\Ares\chatServer.exe -- (AresChatServer)
    SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/01/11 13:29:57 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/09 15:44:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/01 00:03:57 | 001,528,424 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- L:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)
    SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- I:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/12/05 01:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- L:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/11/25 01:57:44 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/11/13 03:05:24 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/22 07:48:18 | 000,360,752 | ---- | M] (COMODO) [Auto | Running] -- L:\Program Files\Comodo Unite\EzVpnSvc.exe -- (EzVpnSvc)
    SRV - [2011/08/11 03:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/04/11 15:02:28 | 008,142,848 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
    SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/03/11 05:46:00 | 003,601,608 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
    SRV - [2009/07/15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/07/19 04:28:53 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2008/05/29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2008/04/17 19:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
    SRV - [2008/01/18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)
    SRV - [2007/05/18 03:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2007/02/05 23:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2007/02/05 23:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
    SRV - [2006/11/30 21:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2006/11/30 21:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2006/11/18 02:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva390.sys -- (XDva390)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva386.sys -- (XDva386)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva332.sys -- (XDva332)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva208.sys -- (XDva208)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva204.sys -- (XDva204)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva195.sys -- (XDva195)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva189.sys -- (XDva189)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva177.sys -- (XDva177)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva170.sys -- (XDva170)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva167.sys -- (XDva167)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva165.sys -- (XDva165)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva158.sys -- (XDva158)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva121.sys -- (XDva121)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva104.sys -- (XDva104)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva037.sys -- (XDva037)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\x86\tcpiphlp.sys -- (tcpip helper)
    DRV - File not found [Kernel | System | Stopped] -- System32\drivers\sdbuss.sys -- (sdbuss)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\point32.sys -- (Point32)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Program Files\Breadou RO\npkcrypt.sys -- (npkcrypt)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ccw\LOCALS~1\Temp\MZH5CF.tmp -- (GarenaPEngine)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ccw\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- I:\Program Files\Softnyx\WolfTeam\apf001.sys -- (apf001)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2013/01/10 13:54:42 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2012/07/28 12:05:12 | 006,646,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/05/14 14:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2012/05/12 12:31:00 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2012/03/22 19:42:04 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evolve.sys -- (EvolveVirtualAdapter)
    DRV - [2012/02/24 17:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2012/02/24 17:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/04/26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2011/04/23 20:30:16 | 000,028,936 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wod0205.sys -- (wod0205)
    DRV - [2011/04/14 11:01:46 | 000,017,816 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmdatp.sys -- (ATP)
    DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
    DRV - [2010/12/07 14:12:24 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
    DRV - [2010/12/07 14:12:24 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
    DRV - [2010/12/07 14:12:22 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
    DRV - [2010/12/07 14:12:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
    DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
    DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/07/15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/04/03 14:26:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
    DRV - [2008/10/18 11:03:50 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
    DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
    DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
    DRV - [2008/09/30 00:35:08 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2008/09/30 00:35:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2008/08/07 19:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2008/05/15 09:24:32 | 000,171,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/04/14 02:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
    DRV - [2007/09/05 14:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/04/11 03:46:54 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
    DRV - [2007/04/04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic)
    DRV - [2007/04/04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
    DRV - [2007/04/04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5)
    DRV - [2007/04/04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
    DRV - [2007/04/04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt)
    DRV - [2007/04/04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
    DRV - [2007/04/04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus)
    DRV - [2007/02/16 10:27:10 | 000,044,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
    DRV - [2006/11/30 21:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2006/11/30 21:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2006/11/30 21:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2006/11/30 21:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2006/11/30 21:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2006/11/30 21:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
    DRV - [2006/11/10 21:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2006/02/07 19:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
    DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/iat/us_my.aspx
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 D6 5D CD DD A4 CA 01 [binary data]
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\${searchCLSID}: "URL" = http://malaysia.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
    IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: support%40super-hide-ip.com:1.0
    FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.13.40.15
    FF - prefs.js..extensions.enabledAddons: %7B9b339f6e-ddcd-401b-8764-230adbd01761%7D:3.16.0.3
    FF - prefs.js..extensions.enabledAddons: %7B414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3%7D:3.16.0.100
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_394\npaosmgr.dll File not found
    FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll File not found
    FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: L:\Program Files\Comodo Unite\npEasyVpnLVN.dll (COMODO)
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: L:\Program Files\Comodo Unite\NpRdpView.dll ( )
    FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: L:\Program Files\Comodo Unite\NpVncView.dll ( )
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll File not found
    FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\ccw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 13:29:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/02 21:26:20 | 000,000,000 | ---D | M]

    [2008/07/02 21:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Extensions
    [2013/01/17 16:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions
    [2010/06/24 21:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/06/05 10:59:43 | 000,000,000 | ---D | M] (NeffyPlugin Launcher) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
    [2008/05/27 20:36:07 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
    [2010/10/06 19:05:11 | 000,000,000 | ---D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\bejeweledblitz3cheat@thecybershadow.net
    [2008/09/27 00:55:01 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\betteryoutube@ginatrapani.org
    [2008/09/07 14:49:10 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\bkmrksync@nokia.com
    [2011/05/29 21:33:58 | 000,004,546 | ---- | M] () (No name found) -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\extensions\support@super-hide-ip.com.xpi
    [2009/05/12 21:12:31 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Profiles\jra73cwe.default\searchplugins\live-search.xml
    [2013/01/17 16:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/30 23:28:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CCW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JRA73CWE.DEFAULT\EXTENSIONS\{9B339F6E-DDCD-401B-8764-230ADBD01761}
    [2013/01/11 13:29:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    [2012/08/30 07:36:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/26 01:13:41 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\ccw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Comodo Rdp View Plugin for FireFox (Enabled) = L:\Program Files\Comodo Unite\NpRdpView.dll
    CHR - plugin: Comodo Vnc View Plugin for FireFox (Enabled) = L:\Program Files\Comodo Unite\NpVncView.dll
    CHR - plugin: ComodoLVN (Enabled) = L:\Program Files\Comodo Unite\npEasyVpnLVN.dll
    CHR - Extension: Entanglement = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: XJZ Survey Remover = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cghbpbbbdbdcljgdhfpfhkpknlaefjhl\3.5.0.1_0\
    CHR - Extension: Monster Dash = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
    CHR - Extension: Realm of the Mad God = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
    CHR - Extension: Realm of the Mad God = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
    CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
    CHR - Extension: Avalanche!! = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoikneojmkaopdhhdpdfmdlcnpmlhnhk\1.43_0\
    CHR - Extension: OrangeFPS on Roozz = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifnckhopllcmleegegheacblhehfifei\0.1.0.5_0\
    CHR - Extension: Snow = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdcgdhlccojbnonmhcioigcdodakjcmh\1.0.0.8_0\
    CHR - Extension: Poppit = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Flight = C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncceffnkmmhggjnfdbkgmihjdmgccfmo\2.0.1_0\
     
  25. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    O1 HOSTS File: ([2013/01/10 19:56:12 | 000,001,084 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O1 - Hosts: 202.76.225.179patch.playro2.com#RO2 Patch Server
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {7CC66639-C337-40C3-A661-34CF9F39D25E} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
    O2 - BHO: (LeapFTP Internet Explorer Hook) - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - L:\Program Files\LeapFTP 3.0\lftpie.dll (LeapWare)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] I:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.my/com/EGamesPlugin.cab (EGamesPlugin Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85B2590-24A1-47A6-B732-B3CD274B508B}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D054C94A-2078-4A92-9266-69AE82969164}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D054C94A-2078-4A92-9266-69AE82969164}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\urqOIAQk: DllName - (urqOIAQk.dll) - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ccw\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/12 01:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/17 17:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/01/17 17:04:57 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/17 16:57:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
    [2013/01/17 16:57:53 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\ccw\Desktop\JRT.exe
    [2013/01/10 23:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Desktop\New Folder
    [2013/01/10 19:09:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/01/09 13:19:01 | 000,000,000 | --SD | C] -- C:\ccw
    [2013/01/07 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application Data\FlashgetSetup
    [2013/01/07 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application Data\BITS
    [2013/01/07 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Desktop\LMK desktop
    [2013/01/07 12:34:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/01/07 12:32:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/01/07 12:32:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/01/07 12:32:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/01/07 12:32:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/01/07 12:32:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/07 12:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/01/06 17:56:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/01/06 17:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/06 15:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinDir
    [2013/01/06 15:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Application DataMicrosoft
    [2013/01/03 14:09:57 | 000,000,000 | ---D | C] -- C:\gravity
    [2013/01/02 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ccw\Local Settings\Application Data\Sun
    [2012/12/27 15:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RELOADED
    [2011/01/30 20:46:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ccw\detoured.dll
    [2008/01/07 22:27:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ccw\Application Data\pcouffin.sys
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/17 17:14:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1035525444-682003330-1003UA.job
    [2013/01/17 17:11:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/17 17:04:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/01/17 17:03:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/17 17:01:13 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/17 17:01:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2013/01/17 17:00:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/17 16:58:07 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\ccw\Desktop\JRT.exe
    [2013/01/17 16:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ccw\Desktop\OTL.exe
    [2013/01/17 16:57:58 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
    [2013/01/17 16:31:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/16 23:16:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
    [2013/01/16 18:14:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1035525444-682003330-1003Core.job
    [2013/01/16 14:52:04 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\index.xml
    [2013/01/16 14:52:04 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/01/13 23:18:03 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\ccw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/13 23:18:03 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\ccw\Desktop\Google Chrome.lnk
    [2013/01/13 09:20:14 | 000,505,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/13 09:20:14 | 000,089,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/12 23:16:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
    [2013/01/12 23:16:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
    [2013/01/12 16:17:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/01/11 17:26:47 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
    [2013/01/10 13:54:42 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2013/01/07 19:16:34 | 000,000,025 | ---- | M] () -- C:\WINDOWS\emcore.INI
    [2013/01/07 12:34:13 | 000,000,471 | RHS- | M] () -- C:\boot.ini
    [2013/01/05 11:37:36 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/23 01:48:56 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/23 01:03:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/17 16:57:45 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\ccw\Desktop\adwcleaner.exe
    [2013/01/10 13:54:42 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2013/01/07 19:16:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emcore.INI
    [2013/01/07 12:34:13 | 000,000,355 | ---- | C] () -- C:\Boot.bak
    [2013/01/07 12:34:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/01/07 12:32:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/01/07 12:32:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/01/07 12:32:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/01/07 12:32:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/01/07 12:32:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/09/28 08:27:54 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2012/09/18 16:20:42 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/09/18 16:20:42 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/09/18 16:20:42 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2012/07/13 21:16:04 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe
    [2012/05/11 20:13:21 | 000,157,570 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
    [2012/05/11 20:13:21 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
    [2012/05/03 14:44:25 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\ccw\usb001
    [2012/04/16 16:42:09 | 000,157,529 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
    [2012/04/16 16:42:09 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
    [2012/02/15 18:38:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
    [2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
    [2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
    [2011/10/08 22:06:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2011/09/05 15:19:56 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
    [2011/05/30 16:19:14 | 004,416,228 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-1035525444-682003330-1003-0.dat
    [2011/05/30 16:19:03 | 000,380,406 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/05/26 19:51:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
    [2011/05/26 01:04:50 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\room_v3.dat
    [2011/03/28 21:52:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\RSBot_Accounts.ini
    [2011/03/23 02:35:34 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\room.dat
    [2011/01/30 20:46:26 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\ccw\typex_io.dll
    [2011/01/30 20:45:39 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\ccw\typex_bindings.bin
    [2011/01/30 14:07:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2011/01/30 14:07:06 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2011/01/07 16:54:05 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\Current.prx
    [2010/11/05 14:32:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\steam_md4.dat
    [2010/08/28 13:56:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\steam_md2.dat
    [2010/04/01 12:11:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\$_hpcst$.hpc
    [2009/11/20 00:37:04 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\ccw\jagex_runescape_preferences2.dat
    [2009/11/20 00:34:46 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\ccw\jagex_runescape_preferences.dat
    [2008/09/29 08:33:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ccw\WoW-2.3.0-enUS-patch.exe.part
    [2008/08/16 23:17:07 | 006,402,670 | ---- | C] () -- C:\Documents and Settings\ccw\Desktop.zip
    [2008/04/28 18:34:27 | 339,263,757 | ---- | C] () -- C:\Documents and Settings\ccw\ntuser.dt2
    [2008/04/28 18:34:26 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\ccw\ntuser.dt
    [2008/01/07 22:27:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\inst.exe
    [2008/01/07 22:27:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\pcouffin.cat
    [2008/01/07 22:27:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\pcouffin.inf
    [2007/12/19 12:19:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\fusioncache.dat
    [2007/12/19 12:18:10 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\ccw\Application Data\PnkBstrK.sys
    [2007/12/15 10:51:28 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\ccw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2007/12/12 20:37:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/23 11:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/05 18:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
    [2012/03/03 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASUS WebStorage
    [2011/09/01 09:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
    [2009/01/06 16:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base
    [2011/04/13 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2012/02/28 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
    [2012/03/22 19:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Echobit
    [2012/11/27 01:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2012/08/12 01:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
    [2012/08/12 01:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
    [2012/07/02 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
    [2012/08/01 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
    [2010/03/25 16:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
    [2008/09/07 14:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/09/16 17:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/02/13 11:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2011/05/25 15:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
    [2011/01/04 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2011/01/04 17:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2012/11/07 16:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
    [2008/09/07 14:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/05/12 16:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pI3_lic_file
    [2013/01/06 14:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2012/12/27 15:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
    [2012/07/11 22:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2012/10/31 22:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
    [2011/05/29 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperHideIP
    [2012/09/10 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/12/24 22:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2011/12/15 17:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
    [2012/09/09 22:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
    [2012/01/15 01:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS
    [2011/01/29 12:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/01/26 20:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XBlades
    [2012/07/25 22:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
    [2011/03/26 10:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2013/01/07 16:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\.minecraft
    [2011/08/08 14:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\.spoutcraft
    [2005/04/08 10:16:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ccw\Application Data\58DC8565
    [2011/05/29 18:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Ahnlab
    [2012/03/03 11:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS
    [2012/03/03 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS WebStorage
    [2012/03/24 11:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
    [2012/10/12 00:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Awesomium
    [2013/01/07 19:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\BITS
    [2011/05/25 14:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\CollabNet
    [2012/09/15 21:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\DarknessII
    [2012/03/06 18:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Downloaded Installations
    [2011/03/18 21:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\DragonicaSCB
    [2012/03/03 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\eCareme
    [2012/10/18 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FATAL ZERO ACTION
    [2013/01/07 19:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FlashgetSetup
    [2009/05/24 09:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\FOG Downloader
    [2012/08/12 01:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Garena
    [2012/08/12 01:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\GarenaPlus
    [2012/11/30 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\gd.sos.McPixel
    [2011/04/02 12:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\GetRightToGo
    [2011/04/02 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\HandBrake
    [2012/08/01 16:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\id Software
    [2010/03/28 14:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\ccw\Application Data\ijjigame
    [2009/05/02 03:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ItchSignIso
    [2008/12/23 19:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Kingston
    [2008/11/25 21:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\LimeWire
    [2012/09/20 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MotioninJoy
    [2007/12/15 00:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MSNInstaller
    [2011/05/25 16:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\MySQL
    [2008/09/14 00:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Nokia
    [2012/03/13 17:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Notepad++
    [2012/11/07 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Origin
    [2012/03/03 10:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Outlook
    [2008/09/07 14:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\PC Suite
    [2008/01/07 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Pegasys Inc
    [2007/12/14 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Publish Providers
    [2011/05/11 17:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\PunkBuster
    [2008/11/05 13:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Red Alert 3
    [2012/03/12 23:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\RenPy
    [2010/04/01 12:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Samsung
    [2011/01/26 17:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\saves
    [2012/10/31 22:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Screaming Bee
    [2011/07/03 22:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SendSpace Wizard
    [2007/12/14 13:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony
    [2012/11/23 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony Online Entertainment
    [2007/12/14 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Sony Setup
    [2012/08/09 14:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Spadille
    [2008/10/01 17:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Spore
    [2011/05/25 15:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Subversion
    [2011/05/29 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SuperHideIP
    [2012/03/04 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\SystemRequirementsLab
    [2008/08/21 16:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\TeamViewer
    [2011/01/27 00:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Teleca
    [2011/01/26 18:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Thinstall
    [2010/09/07 14:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Toon Boom Animation
    [2007/12/24 22:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\TuneUp Software
    [2011/12/15 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Tunngle
    [2010/04/19 19:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Unity
    [2013/01/11 12:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\uTorrent
    [2010/11/06 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
    [2012/04/07 13:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Vso
    [2011/03/16 17:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\WeGame
    [2008/07/27 12:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Windows Live Writer
    [2012/03/22 19:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\Wippien
    [2011/08/21 02:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ccw\Application Data\YouTube Downloader

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A5A90A3
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5638B93
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97BA9A8
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5AD7675
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.